Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/102970?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/102970?format=api", "purl": "pkg:rpm/redhat/servicemesh-grafana@6.4.3-11?arch=el8", "type": "rpm", "namespace": "redhat", "name": "servicemesh-grafana", "version": "6.4.3-11", "qualifiers": { "arch": "el8" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50558?format=api", "vulnerability_id": "VCID-3cbb-ghjz-fyhn", "summary": "Cross-Site Scripting in serialize-javascript\nVersions of `serialize-javascript` prior to 2.1.1 are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize serialized regular expressions. This vulnerability does not affect Node.js applications.\n\n\n## Recommendation\n\nUpgrade to version 2.1.1 or later.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16769.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16769.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16769", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61197", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.6111", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61116", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61099", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.611", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61092", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61041", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.6109", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.6115", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61111", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61138", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.60945", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61021", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.6105", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61016", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61064", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.6108", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61101", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61087", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00406", "scoring_system": "epss", "scoring_elements": "0.61068", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16769" }, { "reference_url": "https://github.com/advisories/GHSA-h9rv-jmmf-4pgx", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h9rv-jmmf-4pgx" }, { "reference_url": "https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-h9rv-jmmf-4pgx", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-h9rv-jmmf-4pgx" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16769", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16769" }, { "reference_url": "https://www.npmjs.com/advisories/1426", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/1426" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848092", "reference_id": "1848092", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848092" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2796", "reference_id": "RHSA-2020:2796", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2796" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4298", "reference_id": "RHSA-2020:4298", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4298" } ], "fixed_packages": [], "aliases": [ "CVE-2019-16769", "GHSA-h9rv-jmmf-4pgx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3cbb-ghjz-fyhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48669?format=api", "vulnerability_id": "VCID-9s34-1nd8-f7ee", "summary": "XML Entity Expansion and Improper Input Validation in Kubernetes API server\nImproper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility.\n\n### Specific Go Packages Affected\nk8s.io/kubernetes/pkg/apiserver", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3239", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3239" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3811", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3811" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3905", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3905" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11253.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11253.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11253", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.83793", "scoring_system": "epss", "scoring_elements": "0.99297", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.83793", "scoring_system": "epss", "scoring_elements": "0.99306", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.83793", "scoring_system": "epss", "scoring_elements": "0.99285", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.83793", "scoring_system": "epss", "scoring_elements": "0.99286", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.83793", "scoring_system": "epss", "scoring_elements": "0.99288", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.83793", "scoring_system": "epss", "scoring_elements": "0.99291", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.83793", "scoring_system": "epss", "scoring_elements": "0.99292", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.83793", "scoring_system": "epss", "scoring_elements": "0.99293", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.83793", "scoring_system": "epss", "scoring_elements": "0.99294", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.83793", "scoring_system": "epss", "scoring_elements": "0.99295", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.83793", "scoring_system": "epss", "scoring_elements": "0.99296", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.83793", "scoring_system": "epss", "scoring_elements": "0.99298", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.83793", "scoring_system": "epss", "scoring_elements": "0.99305", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.83793", "scoring_system": "epss", "scoring_elements": "0.99303", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.83793", "scoring_system": "epss", "scoring_elements": "0.99302", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.83793", "scoring_system": "epss", "scoring_elements": "0.993", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11253" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11253", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11253" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gist.github.com/bgeesaman/0e0349e94cd22c48bf14d8a9b7d6b8f2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gist.github.com/bgeesaman/0e0349e94cd22c48bf14d8a9b7d6b8f2" }, { "reference_url": "https://github.com/kubernetes/kubernetes/issues/83253", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/kubernetes/kubernetes/issues/83253" }, { "reference_url": "https://github.com/kubernetes/kubernetes/pull/83261", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/kubernetes/kubernetes/pull/83261" }, { "reference_url": "https://groups.google.com/forum/#%21topic/kubernetes-security-announce/jk8polzSUxs", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#%21topic/kubernetes-security-announce/jk8polzSUxs" }, { "reference_url": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/jk8polzSUxs", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/jk8polzSUxs" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11253", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11253" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2022-0703", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pkg.go.dev/vuln/GO-2022-0703" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20191031-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20191031-0006" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20191031-0006/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20191031-0006/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1757701", "reference_id": "1757701", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1757701" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3132", "reference_id": "RHSA-2019:3132", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3132" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2795", "reference_id": "RHSA-2020:2795", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2795" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2796", "reference_id": "RHSA-2020:2796", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2796" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2799", "reference_id": "RHSA-2020:2799", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2861", "reference_id": "RHSA-2020:2861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2863", "reference_id": "RHSA-2020:2863", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2863" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2870", "reference_id": "RHSA-2020:2870", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2870" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:2183", "reference_id": "RHSA-2022:2183", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:2183" } ], "fixed_packages": [], "aliases": [ "CVE-2019-11253", "GHSA-pmqp-h87c-mr78" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9s34-1nd8-f7ee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57677?format=api", "vulnerability_id": "VCID-drfs-tub9-zqgg", "summary": "Grafana XSS via the OpenTSDB datasource\nGrafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13430.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13430.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13430", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60975", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60729", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60802", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60831", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60795", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60844", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.6086", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60881", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60868", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.6085", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60892", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60896", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.6088", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60869", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60874", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60824", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60873", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60931", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60918", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13430" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-7m2x-qhrq-rp8h", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7m2x-qhrq-rp8h" }, { "reference_url": "https://github.com/grafana/grafana", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/grafana/grafana" }, { "reference_url": "https://github.com/grafana/grafana/pull/24539", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/grafana/grafana/pull/24539" }, { "reference_url": "https://github.com/grafana/grafana/releases/tag/v7.0.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/grafana/grafana/releases/tag/v7.0.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13430", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13430" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200528-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200528-0003" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848108", "reference_id": "1848108", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2796", "reference_id": "RHSA-2020:2796", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2796" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2861", "reference_id": "RHSA-2020:2861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4682", "reference_id": "RHSA-2020:4682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4682" } ], "fixed_packages": [], "aliases": [ "CVE-2020-13430", "GHSA-7m2x-qhrq-rp8h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-drfs-tub9-zqgg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81388?format=api", "vulnerability_id": "VCID-ed2w-eexq-kuam", "summary": "grafana: XSS annotation popup vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12052.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12052.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12052", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.7233", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72336", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72355", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72331", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.7237", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72383", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72406", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.7239", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72377", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72419", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72428", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72416", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72458", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72467", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72463", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72455", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72485", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.7251", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72472", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72499", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72555", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12052" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848089", "reference_id": "1848089", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848089" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2796", "reference_id": "RHSA-2020:2796", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2796" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2861", "reference_id": "RHSA-2020:2861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4298", "reference_id": "RHSA-2020:4298", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4298" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4682", "reference_id": "RHSA-2020:4682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4682" } ], "fixed_packages": [], "aliases": [ "CVE-2020-12052" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ed2w-eexq-kuam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58078?format=api", "vulnerability_id": "VCID-fph7-rrjp-uqa1", "summary": "Grafana XSS in header column rename\nGrafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00017.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12245.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12245.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12245", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03189", "scoring_system": "epss", "scoring_elements": "0.8698", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03189", "scoring_system": "epss", "scoring_elements": "0.86986", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03189", "scoring_system": "epss", "scoring_elements": "0.86991", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03189", "scoring_system": "epss", "scoring_elements": "0.86978", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03189", "scoring_system": "epss", "scoring_elements": "0.8697", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03189", "scoring_system": "epss", "scoring_elements": "0.86938", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03189", "scoring_system": "epss", "scoring_elements": "0.87118", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.03189", "scoring_system": "epss", "scoring_elements": "0.87086", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.03189", "scoring_system": "epss", "scoring_elements": "0.87071", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.03189", "scoring_system": "epss", "scoring_elements": "0.87076", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.03189", "scoring_system": "epss", "scoring_elements": "0.87059", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.03189", "scoring_system": "epss", "scoring_elements": "0.87043", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.03189", "scoring_system": "epss", "scoring_elements": "0.87022", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.03189", "scoring_system": "epss", "scoring_elements": "0.87021", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.03189", "scoring_system": "epss", "scoring_elements": "0.87015", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03189", "scoring_system": "epss", "scoring_elements": "0.86997", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.03189", "scoring_system": "epss", "scoring_elements": "0.86999", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03189", "scoring_system": "epss", "scoring_elements": "0.86995", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03189", "scoring_system": "epss", "scoring_elements": "0.86928", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03189", "scoring_system": "epss", "scoring_elements": "0.8695", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03189", "scoring_system": "epss", "scoring_elements": "0.86957", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12245" }, { "reference_url": "https://community.grafana.com/t/release-notes-v6-7-x/27119", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://community.grafana.com/t/release-notes-v6-7-x/27119" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/grafana/grafana", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/grafana/grafana" }, { "reference_url": "https://github.com/grafana/grafana/blob/master/CHANGELOG.md#673-2020-04-23", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/grafana/grafana/blob/master/CHANGELOG.md#673-2020-04-23" }, { "reference_url": "https://github.com/grafana/grafana/commit/0284747c88eb9435899006d26ffaf65f89dec88e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/grafana/grafana/commit/0284747c88eb9435899006d26ffaf65f89dec88e" }, { "reference_url": "https://github.com/grafana/grafana/pull/23816", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/grafana/grafana/pull/23816" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12245", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12245" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200511-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200511-0001" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848643", "reference_id": "1848643", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848643" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2796", "reference_id": "RHSA-2020:2796", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2796" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2861", "reference_id": "RHSA-2020:2861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4298", "reference_id": "RHSA-2020:4298", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4298" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4682", "reference_id": "RHSA-2020:4682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4682" } ], "fixed_packages": [], "aliases": [ "CVE-2020-12245", "GHSA-ccmg-w4xm-p28v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fph7-rrjp-uqa1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/33824?format=api", "vulnerability_id": "VCID-gg1m-2vwq-euet", "summary": "Regular Expression Denial of Service in websocket-extensions (NPM package)\n### Impact\n\nThe ReDoS flaw allows an attacker to exhaust the server's capacity to process\nincoming requests by sending a WebSocket handshake request containing a header\nof the following form:\n\n Sec-WebSocket-Extensions: a; b=\"\\c\\c\\c\\c\\c\\c\\c\\c\\c\\c ...\n\nThat is, a header containing an unclosed string parameter value whose content is\na repeating two-byte sequence of a backslash and some other character. The\nparser takes exponential time to reject this header as invalid, and this will\nblock the processing of any other work on the same thread. Thus if you are\nrunning a single-threaded server, such a request can render your service\ncompletely unavailable.\n\n### Patches\n\nUsers should upgrade to version 0.1.4.\n\n### Workarounds\n\nThere are no known work-arounds other than disabling any public-facing\nWebSocket functionality you are operating.\n\n### References\n\n- https://blog.jcoglan.com/2020/06/02/redos-vulnerability-in-websocket-extensions/", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7662.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7662.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7662", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53734", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53643", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53692", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53675", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53658", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53696", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.537", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53683", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53646", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53623", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53575", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53622", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53673", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53636", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53661", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53573", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53596", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53624", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53593", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53645", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7662" }, { "reference_url": "https://blog.jcoglan.com/2020/06/02/redos-vulnerability-in-websocket-extensions", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://blog.jcoglan.com/2020/06/02/redos-vulnerability-in-websocket-extensions" }, { "reference_url": "https://github.com/faye/websocket-extensions-node", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/faye/websocket-extensions-node" }, { "reference_url": "https://github.com/faye/websocket-extensions-node/commit/29496f6838bfadfe5a2f85dff33ed0ba33873237", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/faye/websocket-extensions-node/commit/29496f6838bfadfe5a2f85dff33ed0ba33873237" }, { "reference_url": "https://github.com/faye/websocket-extensions-node/security/advisories/GHSA-g78m-2chm-r7qv", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/faye/websocket-extensions-node/security/advisories/GHSA-g78m-2chm-r7qv" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7662", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7662" }, { "reference_url": "https://snyk.io/vuln/SNYK-JS-WEBSOCKETEXTENSIONS-570623", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-JS-WEBSOCKETEXTENSIONS-570623" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845982", "reference_id": "1845982", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845982" }, { "reference_url": "https://github.com/advisories/GHSA-g78m-2chm-r7qv", "reference_id": "GHSA-g78m-2chm-r7qv", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g78m-2chm-r7qv" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2796", "reference_id": "RHSA-2020:2796", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2796" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2861", "reference_id": "RHSA-2020:2861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4298", "reference_id": "RHSA-2020:4298", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4298" } ], "fixed_packages": [], "aliases": [ "CVE-2020-7662", "GHSA-g78m-2chm-r7qv" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gg1m-2vwq-euet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53077?format=api", "vulnerability_id": "VCID-j6nn-jkc5-k3f6", "summary": "Server Side Request Forgery in Grafana\nThe avatar feature in Grafana (github.com/grafana/grafana/pkg/api/avatar) 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue that allows remote code execution. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00017.html" }, { "reference_url": "http://packetstormsecurity.com/files/158320/Grafana-7.0.1-Denial-Of-Service.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/158320/Grafana-7.0.1-Denial-Of-Service.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13379.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13379.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13379", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.92845", "scoring_system": "epss", "scoring_elements": "0.99764", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.92845", "scoring_system": "epss", "scoring_elements": "0.9977", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.92845", "scoring_system": "epss", "scoring_elements": "0.99769", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.92845", "scoring_system": "epss", "scoring_elements": "0.99768", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.92845", "scoring_system": "epss", "scoring_elements": "0.99767", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.92845", "scoring_system": "epss", "scoring_elements": "0.99766", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.92845", "scoring_system": "epss", "scoring_elements": "0.99765", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.93094", "scoring_system": "epss", "scoring_elements": "0.99794", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13379" }, { "reference_url": "https://community.grafana.com/t/grafana-7-0-2-and-6-7-4-security-update/31408", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://community.grafana.com/t/grafana-7-0-2-and-6-7-4-security-update/31408" }, { "reference_url": "https://community.grafana.com/t/release-notes-v6-7-x/27119", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://community.grafana.com/t/release-notes-v6-7-x/27119" }, { "reference_url": "https://community.grafana.com/t/release-notes-v7-0-x/29381", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://community.grafana.com/t/release-notes-v7-0-x/29381" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/grafana/grafana/commit/ba953be95f0302c2ea80d23f1e5f2c1847365192", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/grafana/grafana/commit/ba953be95f0302c2ea80d23f1e5f2c1847365192" }, { "reference_url": "https://grafana.com/blog/2020/06/03/grafana-6.7.4-and-7.0.2-released-with-important-security-fix", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://grafana.com/blog/2020/06/03/grafana-6.7.4-and-7.0.2-released-with-important-security-fix" }, { "reference_url": "https://lists.apache.org/thread.html/r0928ee574281f8b6156e0a6d0291bfc27100a9dd3f9b0177ece24ae4@%3Cdev.ambari.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r0928ee574281f8b6156e0a6d0291bfc27100a9dd3f9b0177ece24ae4@%3Cdev.ambari.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r093b405a49fd31efa0d949ac1a887101af1ca95652a66094194ed933@%3Cdev.ambari.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r093b405a49fd31efa0d949ac1a887101af1ca95652a66094194ed933@%3Cdev.ambari.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r40f0a97b6765de6b8938bc212ee9dfb5101e9efa48bcbbdec02b2a60@%3Cissues.ambari.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r40f0a97b6765de6b8938bc212ee9dfb5101e9efa48bcbbdec02b2a60@%3Cissues.ambari.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6670a6c29044bcb77d4e5d165b5bd13fffe37b84caa5d6471b13b3a2@%3Cdev.ambari.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6670a6c29044bcb77d4e5d165b5bd13fffe37b84caa5d6471b13b3a2@%3Cdev.ambari.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6bb57124a21bb638f552d81650c66684e70fc1ff9f40b6a8840171cd@%3Cissues.ambari.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6bb57124a21bb638f552d81650c66684e70fc1ff9f40b6a8840171cd@%3Cissues.ambari.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r984c3b42a500f5a6a89fbee436b9432fada5dc27ebab04910aafe4da@%3Cissues.ambari.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r984c3b42a500f5a6a89fbee436b9432fada5dc27ebab04910aafe4da@%3Cissues.ambari.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rad99b06d7360a5cf6e394afb313f8901dcd4cb777aee9c9197b3b23d@%3Cdev.ambari.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rad99b06d7360a5cf6e394afb313f8901dcd4cb777aee9c9197b3b23d@%3Cdev.ambari.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rba0247a27be78bd14046724098462d058a9969400a82344b3007cf90@%3Cdev.ambari.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rba0247a27be78bd14046724098462d058a9969400a82344b3007cf90@%3Cdev.ambari.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd0fd283e3844b9c54cd5ecc92d966f96d3f4318815bbf3ac41f9c820@%3Ccommits.ambari.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rd0fd283e3844b9c54cd5ecc92d966f96d3f4318815bbf3ac41f9c820@%3Ccommits.ambari.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re75f59639f3bc1d14c7ab362bc4485ade84f3c6a3c1a03200c20fe13@%3Cissues.ambari.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/re75f59639f3bc1d14c7ab362bc4485ade84f3c6a3c1a03200c20fe13@%3Cissues.ambari.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re7c4b251b52f49ba6ef752b829bca9565faaf93d03206b1db6644d31@%3Cdev.ambari.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/re7c4b251b52f49ba6ef752b829bca9565faaf93d03206b1db6644d31@%3Cdev.ambari.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rff71126fa7d9f572baafb9be44078ad409c85d2c0f3e26664f1ef5a2@%3Cdev.ambari.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rff71126fa7d9f572baafb9be44078ad409c85d2c0f3e26664f1ef5a2@%3Cdev.ambari.apache.org%3E" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EEKSZ6GE4EDOFZ23NGYWOCMD6O4JF5SO", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EEKSZ6GE4EDOFZ23NGYWOCMD6O4JF5SO" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O2KSCCGKNEENZN3DW7TSPFBBUZH3YZXZ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O2KSCCGKNEENZN3DW7TSPFBBUZH3YZXZ" }, { "reference_url": "https://mostwanted002.cf/post/grafanados", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mostwanted002.cf/post/grafanados" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13379", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13379" }, { "reference_url": "https://rhynorater.github.io/CVE-2020-13379-Write-Up", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rhynorater.github.io/CVE-2020-13379-Write-Up" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200608-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200608-0006" }, { "reference_url": "https://www.exploit-db.com/exploits/48638", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/48638" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/06/03/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2020/06/03/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/06/09/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2020/06/09/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843640", "reference_id": "1843640", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843640" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/48638.sh", "reference_id": "CVE-2020-13379", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/48638.sh" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2641", "reference_id": "RHSA-2020:2641", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2641" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2676", "reference_id": "RHSA-2020:2676", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2676" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2792", "reference_id": "RHSA-2020:2792", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2792" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2796", "reference_id": "RHSA-2020:2796", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2796" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2861", "reference_id": "RHSA-2020:2861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5599", "reference_id": "RHSA-2020:5599", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5599" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0083", "reference_id": "RHSA-2021:0083", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0083" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1518", "reference_id": "RHSA-2021:1518", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1518" } ], "fixed_packages": [], "aliases": [ "CVE-2020-13379", "GHSA-wc9w-wvq2-ffm9" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "7.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j6nn-jkc5-k3f6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/33383?format=api", "vulnerability_id": "VCID-k6ny-gfg9-8ugd", "summary": "Insecure serialization leading to RCE in serialize-javascript\nserialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function \"deleteFunctions\" within \"index.js\". \n\nAn object such as `{\"foo\": /1\"/, \"bar\": \"a\\\"@__R-<UID>-0__@\"}` was serialized as `{\"foo\": /1\"/, \"bar\": \"a\\/1\"/}`, which allows an attacker to escape the `bar` key. This requires the attacker to control the values of both `foo` and `bar` and guess the value of `<UID>`. The UID has a keyspace of approximately 4 billion making it a realistic network attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7660.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7660.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7660", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02901", "scoring_system": "epss", "scoring_elements": "0.86499", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.02901", "scoring_system": "epss", "scoring_elements": "0.86397", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.02901", "scoring_system": "epss", "scoring_elements": "0.86394", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02901", "scoring_system": "epss", "scoring_elements": "0.86414", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.02901", "scoring_system": "epss", "scoring_elements": "0.86434", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.02901", "scoring_system": "epss", "scoring_elements": "0.86453", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.02901", "scoring_system": "epss", "scoring_elements": "0.86449", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.02901", "scoring_system": "epss", "scoring_elements": "0.86463", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.02901", "scoring_system": "epss", "scoring_elements": "0.8629", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02901", "scoring_system": "epss", "scoring_elements": "0.86299", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02901", "scoring_system": "epss", "scoring_elements": "0.86317", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02901", "scoring_system": "epss", "scoring_elements": "0.86318", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02901", "scoring_system": "epss", "scoring_elements": "0.86336", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02901", "scoring_system": "epss", "scoring_elements": "0.86346", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02901", "scoring_system": "epss", "scoring_elements": "0.8636", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02901", "scoring_system": "epss", "scoring_elements": "0.86358", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02901", "scoring_system": "epss", "scoring_elements": "0.86353", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02901", "scoring_system": "epss", "scoring_elements": "0.86369", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02901", "scoring_system": "epss", "scoring_elements": "0.86374", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02901", "scoring_system": "epss", "scoring_elements": "0.86367", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02901", "scoring_system": "epss", "scoring_elements": "0.86388", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7660" }, { "reference_url": "https://github.com/yahoo/serialize-javascript", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/yahoo/serialize-javascript" }, { "reference_url": "https://github.com/yahoo/serialize-javascript/commit/f21a6fb3ace2353413761e79717b2d210ba6ccbd", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/yahoo/serialize-javascript/commit/f21a6fb3ace2353413761e79717b2d210ba6ccbd" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7660", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7660" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1844228", "reference_id": "1844228", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1844228" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2796", "reference_id": "RHSA-2020:2796", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2796" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2861", "reference_id": "RHSA-2020:2861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2861" } ], "fixed_packages": [], "aliases": [ "CVE-2020-7660", "GHSA-hxcc-f52p-wc94" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k6ny-gfg9-8ugd" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/servicemesh-grafana@6.4.3-11%3Farch=el8" }