{"url":"http://public2.vulnerablecode.io/api/packages/1035127?format=json","purl":"pkg:deb/debian/varnish@1.0.2-2","type":"deb","namespace":"debian","name":"varnish","version":"1.0.2-2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"7.7.3-2","latest_non_vulnerable_version":"7.7.3-2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72912?format=json","vulnerability_id":"VCID-4fbk-5fwk-efbd","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8807.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8807.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8807","reference_id":"","reference_type":"","scores":[{"value":"0.01307","scoring_system":"epss","scoring_elements":"0.79914","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01307","scoring_system":"epss","scoring_elements":"0.79776","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01307","scoring_system":"epss","scoring_elements":"0.79803","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01307","scoring_system":"epss","scoring_elements":"0.79805","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01307","scoring_system":"epss","scoring_elements":"0.79808","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01307","scoring_system":"epss","scoring_elements":"0.79837","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01307","scoring_system":"epss","scoring_elements":"0.79844","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01307","scoring_system":"epss","scoring_elements":"0.7986","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01307","scoring_system":"epss","scoring_elements":"0.79875","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01307","scoring_system":"epss","scoring_elements":"0.79897","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01307","scoring_system":"epss","scoring_elements":"0.79799","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01307","scoring_system":"epss","scoring_elements":"0.79783","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01748","scoring_system":"epss","scoring_elements":"0.82472","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01748","scoring_system":"epss","scoring_elements":"0.825","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01748","scoring_system":"epss","scoring_elements":"0.82527","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01748","scoring_system":"epss","scoring_elements":"0.82534","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01748","scoring_system":"epss","scoring_elements":"0.82486","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01748","scoring_system":"epss","scoring_elements":"0.82503","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8807"},{"reference_url":"https://bugs.debian.org/881808","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.debian.org/881808"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8807"},{"reference_url":"https://github.com/varnishcache/varnish-cache/commit/176f8a075a963ffbfa56f1c460c15f6a1a6af5a7","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/varnishcache/varnish-cache/commit/176f8a075a963ffbfa56f1c460c15f6a1a6af5a7"},{"reference_url":"https://github.com/varnishcache/varnish-cache/pull/2429","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/varnishcache/varnish-cache/pull/2429"},{"reference_url":"https://www.debian.org/security/2017/dsa-4034","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-4034"},{"reference_url":"http://varnish-cache.org/security/VSV00002.html","reference_id":"","reference_type":"","scores":[],"url":"http://varnish-cache.org/security/VSV00002.html"},{"reference_url":"http://www.securityfocus.com/bid/101886","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/101886"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1513523","reference_id":"1513523","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1513523"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881808","reference_id":"881808","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881808"},{"reference_url":"https://security.archlinux.org/ASA-201711-29","reference_id":"ASA-201711-29","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-29"},{"reference_url":"https://security.archlinux.org/AVG-502","reference_id":"AVG-502","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-502"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-cache:varnish:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:varnish-cache:varnish:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-cache:varnish:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-8807","reference_id":"CVE-2017-8807","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:P"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-8807"},{"reference_url":"https://usn.ubuntu.com/USN-4824-1/","reference_id":"USN-USN-4824-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4824-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037133?format=json","purl":"pkg:deb/debian/varnish@5.0.0-7%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4fbk-5fwk-efbd"},{"vulnerability":"VCID-hery-ps62-9kf5"},{"vulnerability":"VCID-hpb7-1n1t-n3em"},{"vulnerability":"VCID-j1qj-kj7k-v7fx"},{"vulnerability":"VCID-mbcb-cn8g-zfgw"},{"vulnerability":"VCID-pww8-5fsd-1kcz"},{"vulnerability":"VCID-r7t1-a958-d7dg"},{"vulnerability":"VCID-rn5t-3pup-kbbv"},{"vulnerability":"VCID-tnwn-h2wc-q7c4"},{"vulnerability":"VCID-wm39-aehq-cyfb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@5.0.0-7%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1037788?format=json","purl":"pkg:deb/debian/varnish@6.1.1-1%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hery-ps62-9kf5"},{"vulnerability":"VCID-hpb7-1n1t-n3em"},{"vulnerability":"VCID-j1qj-kj7k-v7fx"},{"vulnerability":"VCID-mbcb-cn8g-zfgw"},{"vulnerability":"VCID-pww8-5fsd-1kcz"},{"vulnerability":"VCID-r7t1-a958-d7dg"},{"vulnerability":"VCID-rn5t-3pup-kbbv"},{"vulnerability":"VCID-wm39-aehq-cyfb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@6.1.1-1%252Bdeb10u3"}],"aliases":["CVE-2017-8807"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4fbk-5fwk-efbd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56481?format=json","vulnerability_id":"VCID-fgjt-z1kd-nbct","summary":"Improper input validation in Varnish allows remote attackers to\n    conduct HTTP smuggling attacks, and possibly trigger a buffer overflow.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-05/msg00064.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2016-05/msg00064.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8852.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8852.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8852","reference_id":"","reference_type":"","scores":[{"value":"0.0109","scoring_system":"epss","scoring_elements":"0.78077","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0109","scoring_system":"epss","scoring_elements":"0.7806","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0109","scoring_system":"epss","scoring_elements":"0.77884","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0109","scoring_system":"epss","scoring_elements":"0.7789","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0109","scoring_system":"epss","scoring_elements":"0.77919","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0109","scoring_system":"epss","scoring_elements":"0.77901","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0109","scoring_system":"epss","scoring_elements":"0.77928","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0109","scoring_system":"epss","scoring_elements":"0.77933","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0109","scoring_system":"epss","scoring_elements":"0.77959","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0109","scoring_system":"epss","scoring_elements":"0.77943","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0109","scoring_system":"epss","scoring_elements":"0.77978","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0109","scoring_system":"epss","scoring_elements":"0.77977","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0109","scoring_system":"epss","scoring_elements":"0.7797","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0109","scoring_system":"epss","scoring_elements":"0.78003","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0109","scoring_system":"epss","scoring_elements":"0.78011","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0109","scoring_system":"epss","scoring_elements":"0.78024","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0109","scoring_system":"epss","scoring_elements":"0.78033","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8852"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8852","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8852"},{"reference_url":"https://github.com/varnish/Varnish-Cache/commit/29870c8fe95e4e8a672f6f28c5fbe692bea09e9c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/varnish/Varnish-Cache/commit/29870c8fe95e4e8a672f6f28c5fbe692bea09e9c"},{"reference_url":"https://github.com/varnish/Varnish-Cache/commit/85e8468bec9416bd7e16b0d80cb820ecd2b330c3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/varnish/Varnish-Cache/commit/85e8468bec9416bd7e16b0d80cb820ecd2b330c3"},{"reference_url":"https://www.varnish-cache.org/lists/pipermail/varnish-announce/2015-March/000701.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.varnish-cache.org/lists/pipermail/varnish-announce/2015-March/000701.html"},{"reference_url":"http://www.debian.org/security/2016/dsa-3553","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3553"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/04/16/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2016/04/16/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/04/18/7","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2016/04/18/7"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1328361","reference_id":"1328361","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1328361"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783510","reference_id":"783510","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783510"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.0:beta1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.0:beta1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.0:beta1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.0:beta2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.0:beta2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.0:beta2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8852","reference_id":"CVE-2015-8852","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8852"},{"reference_url":"https://security.gentoo.org/glsa/201607-10","reference_id":"GLSA-201607-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-10"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035130?format=json","purl":"pkg:deb/debian/varnish@3.0.2-2%2Bdeb7u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4fbk-5fwk-efbd"},{"vulnerability":"VCID-fgjt-z1kd-nbct"},{"vulnerability":"VCID-hery-ps62-9kf5"},{"vulnerability":"VCID-hpb7-1n1t-n3em"},{"vulnerability":"VCID-j1qj-kj7k-v7fx"},{"vulnerability":"VCID-mbcb-cn8g-zfgw"},{"vulnerability":"VCID-ntj2-zryg-tubp"},{"vulnerability":"VCID-pww8-5fsd-1kcz"},{"vulnerability":"VCID-r7t1-a958-d7dg"},{"vulnerability":"VCID-rn5t-3pup-kbbv"},{"vulnerability":"VCID-tnwn-h2wc-q7c4"},{"vulnerability":"VCID-wm39-aehq-cyfb"},{"vulnerability":"VCID-z4zn-dpfs-j7cq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@3.0.2-2%252Bdeb7u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1036645?format=json","purl":"pkg:deb/debian/varnish@4.0.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4fbk-5fwk-efbd"},{"vulnerability":"VCID-hery-ps62-9kf5"},{"vulnerability":"VCID-hpb7-1n1t-n3em"},{"vulnerability":"VCID-j1qj-kj7k-v7fx"},{"vulnerability":"VCID-mbcb-cn8g-zfgw"},{"vulnerability":"VCID-pww8-5fsd-1kcz"},{"vulnerability":"VCID-r7t1-a958-d7dg"},{"vulnerability":"VCID-rn5t-3pup-kbbv"},{"vulnerability":"VCID-tnwn-h2wc-q7c4"},{"vulnerability":"VCID-wm39-aehq-cyfb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@4.0.2-1"}],"aliases":["CVE-2015-8852"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fgjt-z1kd-nbct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82138?format=json","vulnerability_id":"VCID-hery-ps62-9kf5","summary":"varnish: denial of service handling certain crafted HTTP/1 requests","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00069.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00069.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00089.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00089.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15892.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15892.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15892","reference_id":"","reference_type":"","scores":[{"value":"0.05554","scoring_system":"epss","scoring_elements":"0.90232","published_at":"2026-04-01T12:55:00Z"},{"value":"0.05554","scoring_system":"epss","scoring_elements":"0.90338","published_at":"2026-05-09T12:55:00Z"},{"value":"0.05554","scoring_system":"epss","scoring_elements":"0.90312","published_at":"2026-05-05T12:55:00Z"},{"value":"0.05554","scoring_system":"epss","scoring_elements":"0.90328","published_at":"2026-05-07T12:55:00Z"},{"value":"0.05554","scoring_system":"epss","scoring_elements":"0.90234","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05554","scoring_system":"epss","scoring_elements":"0.90247","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05554","scoring_system":"epss","scoring_elements":"0.90252","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05554","scoring_system":"epss","scoring_elements":"0.90267","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05554","scoring_system":"epss","scoring_elements":"0.90274","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05554","scoring_system":"epss","scoring_elements":"0.90283","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05554","scoring_system":"epss","scoring_elements":"0.90282","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05554","scoring_system":"epss","scoring_elements":"0.90276","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05554","scoring_system":"epss","scoring_elements":"0.90292","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05554","scoring_system":"epss","scoring_elements":"0.90289","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05554","scoring_system":"epss","scoring_elements":"0.90304","published_at":"2026-04-24T12:55:00Z"},{"value":"0.05554","scoring_system":"epss","scoring_elements":"0.90303","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05554","scoring_system":"epss","scoring_elements":"0.90299","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15892"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15892","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15892"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3OEOCYRU43TWEU2C65F3D6GK64MSWNNK/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3OEOCYRU43TWEU2C65F3D6GK64MSWNNK/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DBAQF6UDRSTURGINIMSMLJR4PTDYWA7C/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DBAQF6UDRSTURGINIMSMLJR4PTDYWA7C/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLSF54TDJWJLINIFEW5V5BKDNY5EQRR3/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLSF54TDJWJLINIFEW5V5BKDNY5EQRR3/"},{"reference_url":"https://seclists.org/bugtraq/2019/Sep/5","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Sep/5"},{"reference_url":"https://varnish-cache.org/security/VSV00003.html","reference_id":"","reference_type":"","scores":[],"url":"https://varnish-cache.org/security/VSV00003.html"},{"reference_url":"https://www.debian.org/security/2019/dsa-4514","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4514"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1756079","reference_id":"1756079","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1756079"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939333","reference_id":"939333","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939333"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-15892","reference_id":"CVE-2019-15892","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:C"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-15892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4756","reference_id":"RHSA-2020:4756","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4756"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037788?format=json","purl":"pkg:deb/debian/varnish@6.1.1-1%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hery-ps62-9kf5"},{"vulnerability":"VCID-hpb7-1n1t-n3em"},{"vulnerability":"VCID-j1qj-kj7k-v7fx"},{"vulnerability":"VCID-mbcb-cn8g-zfgw"},{"vulnerability":"VCID-pww8-5fsd-1kcz"},{"vulnerability":"VCID-r7t1-a958-d7dg"},{"vulnerability":"VCID-rn5t-3pup-kbbv"},{"vulnerability":"VCID-wm39-aehq-cyfb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@6.1.1-1%252Bdeb10u3"},{"url":"http://public2.vulnerablecode.io/api/packages/995168?format=json","purl":"pkg:deb/debian/varnish@6.5.1-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-cmeu-b3fh-hkaf"},{"vulnerability":"VCID-djsh-vmzh-sbe7"},{"vulnerability":"VCID-j1qj-kj7k-v7fx"},{"vulnerability":"VCID-pww8-5fsd-1kcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@6.5.1-1%252Bdeb11u3"}],"aliases":["CVE-2019-15892"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hery-ps62-9kf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78884?format=json","vulnerability_id":"VCID-hpb7-1n1t-n3em","summary":"varnish: Request Forgery Vulnerability","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45060.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45060.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45060","reference_id":"","reference_type":"","scores":[{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76339","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76369","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76349","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76381","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76395","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.7642","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76398","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76393","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76433","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76439","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76424","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76458","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76465","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76478","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00989","scoring_system":"epss","scoring_elements":"0.76948","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00989","scoring_system":"epss","scoring_elements":"0.76978","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00989","scoring_system":"epss","scoring_elements":"0.76995","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45060"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45060","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45060"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023751","reference_id":"1023751","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023751"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2141844","reference_id":"2141844","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2141844"},{"reference_url":"https://www.debian.org/security/2023/dsa-5334","reference_id":"dsa-5334","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:28:14Z/"}],"url":"https://www.debian.org/security/2023/dsa-5334"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6ZMOZVBLZXHEV5VRW4I4SOWLQEK5OF5/","reference_id":"G6ZMOZVBLZXHEV5VRW4I4SOWLQEK5OF5","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:28:14Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6ZMOZVBLZXHEV5VRW4I4SOWLQEK5OF5/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4KVVCIQVINQQ2D7ORNARSYALMJUMP3I/","reference_id":"M4KVVCIQVINQQ2D7ORNARSYALMJUMP3I","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:28:14Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4KVVCIQVINQQ2D7ORNARSYALMJUMP3I/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8643","reference_id":"RHSA-2022:8643","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8643"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8644","reference_id":"RHSA-2022:8644","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8645","reference_id":"RHSA-2022:8645","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8645"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8646","reference_id":"RHSA-2022:8646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8647","reference_id":"RHSA-2022:8647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8649","reference_id":"RHSA-2022:8649","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8649"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8650","reference_id":"RHSA-2022:8650","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8650"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0673","reference_id":"RHSA-2023:0673","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0673"},{"reference_url":"https://usn.ubuntu.com/7372-1/","reference_id":"USN-7372-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7372-1/"},{"reference_url":"https://docs.varnish-software.com/security/VSV00011","reference_id":"VSV00011","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:28:14Z/"}],"url":"https://docs.varnish-software.com/security/VSV00011"},{"reference_url":"https://varnish-cache.org/security/VSV00011.html","reference_id":"VSV00011.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:28:14Z/"}],"url":"https://varnish-cache.org/security/VSV00011.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGF6LFTHXCSYMYUX5HLMVXQH3WHCSFLU/","reference_id":"XGF6LFTHXCSYMYUX5HLMVXQH3WHCSFLU","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T14:28:14Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGF6LFTHXCSYMYUX5HLMVXQH3WHCSFLU/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/995168?format=json","purl":"pkg:deb/debian/varnish@6.5.1-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-cmeu-b3fh-hkaf"},{"vulnerability":"VCID-djsh-vmzh-sbe7"},{"vulnerability":"VCID-j1qj-kj7k-v7fx"},{"vulnerability":"VCID-pww8-5fsd-1kcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@6.5.1-1%252Bdeb11u3"}],"aliases":["CVE-2022-45060","VSV00011"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hpb7-1n1t-n3em"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69679?format=json","vulnerability_id":"VCID-j1qj-kj7k-v7fx","summary":"varnish: request smuggling attacks","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47905.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47905.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47905","reference_id":"","reference_type":"","scores":[{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.5241","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52456","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52418","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52361","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52412","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52438","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52402","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52455","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52449","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52501","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52485","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52468","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52508","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52514","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52499","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52446","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52457","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47905"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47905"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2364235","reference_id":"2364235","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2364235"},{"reference_url":"https://security.archlinux.org/ASA-202505-13","reference_id":"ASA-202505-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202505-13"},{"reference_url":"https://security.archlinux.org/AVG-2879","reference_id":"AVG-2879","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2879"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8294","reference_id":"RHSA-2025:8294","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8294"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8310","reference_id":"RHSA-2025:8310","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8310"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8336","reference_id":"RHSA-2025:8336","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8336"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8337","reference_id":"RHSA-2025:8337","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8337"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8339","reference_id":"RHSA-2025:8339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8340","reference_id":"RHSA-2025:8340","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8340"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8349","reference_id":"RHSA-2025:8349","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8349"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8350","reference_id":"RHSA-2025:8350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8351","reference_id":"RHSA-2025:8351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8351"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8550","reference_id":"RHSA-2025:8550","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8550"},{"reference_url":"https://varnish-cache.org/security/VSV00016.html","reference_id":"VSV00016.html","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-14T14:15:16Z/"}],"url":"https://varnish-cache.org/security/VSV00016.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/995169?format=json","purl":"pkg:deb/debian/varnish@7.1.1-2%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-cmeu-b3fh-hkaf"},{"vulnerability":"VCID-djsh-vmzh-sbe7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@7.1.1-2%252Bdeb12u1"}],"aliases":["CVE-2025-47905","VSV00016"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j1qj-kj7k-v7fx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79737?format=json","vulnerability_id":"VCID-mbcb-cn8g-zfgw","summary":"varnish: HTTP/1 request smuggling vulnerability","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23959.json","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23959.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23959","reference_id":"","reference_type":"","scores":[{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57151","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57174","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57152","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57203","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57205","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57217","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57198","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57178","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57202","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57182","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57115","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57135","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57066","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57111","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23959"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23959","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23959"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004433","reference_id":"1004433","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004433"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2045031","reference_id":"2045031","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2045031"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0418","reference_id":"RHSA-2022:0418","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0418"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0420","reference_id":"RHSA-2022:0420","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0420"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0421","reference_id":"RHSA-2022:0421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0422","reference_id":"RHSA-2022:0422","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0422"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4745","reference_id":"RHSA-2022:4745","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4745"},{"reference_url":"https://usn.ubuntu.com/5474-1/","reference_id":"USN-5474-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5474-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037788?format=json","purl":"pkg:deb/debian/varnish@6.1.1-1%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hery-ps62-9kf5"},{"vulnerability":"VCID-hpb7-1n1t-n3em"},{"vulnerability":"VCID-j1qj-kj7k-v7fx"},{"vulnerability":"VCID-mbcb-cn8g-zfgw"},{"vulnerability":"VCID-pww8-5fsd-1kcz"},{"vulnerability":"VCID-r7t1-a958-d7dg"},{"vulnerability":"VCID-rn5t-3pup-kbbv"},{"vulnerability":"VCID-wm39-aehq-cyfb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@6.1.1-1%252Bdeb10u3"},{"url":"http://public2.vulnerablecode.io/api/packages/995168?format=json","purl":"pkg:deb/debian/varnish@6.5.1-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-cmeu-b3fh-hkaf"},{"vulnerability":"VCID-djsh-vmzh-sbe7"},{"vulnerability":"VCID-j1qj-kj7k-v7fx"},{"vulnerability":"VCID-pww8-5fsd-1kcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@6.5.1-1%252Bdeb11u3"}],"aliases":["CVE-2022-23959"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mbcb-cn8g-zfgw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91950?format=json","vulnerability_id":"VCID-nrzf-yt7d-x7dh","summary":"The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim's location on a trusted network and improper input validation of directives.  NOTE: the vendor disputes this report, saying that it is \"fundamentally misguided and pointless.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2936","reference_id":"","reference_type":"","scores":[{"value":"0.6839","scoring_system":"epss","scoring_elements":"0.98594","published_at":"2026-04-01T12:55:00Z"},{"value":"0.6839","scoring_system":"epss","scoring_elements":"0.98596","published_at":"2026-04-02T12:55:00Z"},{"value":"0.6839","scoring_system":"epss","scoring_elements":"0.98599","published_at":"2026-04-04T12:55:00Z"},{"value":"0.6839","scoring_system":"epss","scoring_elements":"0.98601","published_at":"2026-04-07T12:55:00Z"},{"value":"0.6839","scoring_system":"epss","scoring_elements":"0.98603","published_at":"2026-04-08T12:55:00Z"},{"value":"0.6839","scoring_system":"epss","scoring_elements":"0.98605","published_at":"2026-04-09T12:55:00Z"},{"value":"0.6839","scoring_system":"epss","scoring_elements":"0.98607","published_at":"2026-04-12T12:55:00Z"},{"value":"0.6839","scoring_system":"epss","scoring_elements":"0.98608","published_at":"2026-04-13T12:55:00Z"},{"value":"0.6839","scoring_system":"epss","scoring_elements":"0.98613","published_at":"2026-04-21T12:55:00Z"},{"value":"0.6839","scoring_system":"epss","scoring_elements":"0.98614","published_at":"2026-04-18T12:55:00Z"},{"value":"0.6839","scoring_system":"epss","scoring_elements":"0.98617","published_at":"2026-04-24T12:55:00Z"},{"value":"0.6839","scoring_system":"epss","scoring_elements":"0.98618","published_at":"2026-04-26T12:55:00Z"},{"value":"0.6839","scoring_system":"epss","scoring_elements":"0.9862","published_at":"2026-04-29T12:55:00Z"},{"value":"0.6839","scoring_system":"epss","scoring_elements":"0.98624","published_at":"2026-05-05T12:55:00Z"},{"value":"0.6839","scoring_system":"epss","scoring_elements":"0.98625","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2936"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2936","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2936"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/35581.rb","reference_id":"CVE-2009-2936;OSVDB-67670","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/35581.rb"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035129?format=json","purl":"pkg:deb/debian/varnish@2.1.3-8%2Bdeb6u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4fbk-5fwk-efbd"},{"vulnerability":"VCID-fgjt-z1kd-nbct"},{"vulnerability":"VCID-hery-ps62-9kf5"},{"vulnerability":"VCID-hpb7-1n1t-n3em"},{"vulnerability":"VCID-j1qj-kj7k-v7fx"},{"vulnerability":"VCID-mbcb-cn8g-zfgw"},{"vulnerability":"VCID-ntj2-zryg-tubp"},{"vulnerability":"VCID-pww8-5fsd-1kcz"},{"vulnerability":"VCID-r7t1-a958-d7dg"},{"vulnerability":"VCID-rn5t-3pup-kbbv"},{"vulnerability":"VCID-tnwn-h2wc-q7c4"},{"vulnerability":"VCID-wm39-aehq-cyfb"},{"vulnerability":"VCID-z4zn-dpfs-j7cq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@2.1.3-8%252Bdeb6u2"}],"aliases":["CVE-2009-2936"],"risk_score":1.2,"exploitability":"2.0","weighted_severity":"0.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nrzf-yt7d-x7dh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92508?format=json","vulnerability_id":"VCID-ntj2-zryg-tubp","summary":"Varnish HTTP cache before 3.0.4: ACL bug","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4090","reference_id":"","reference_type":"","scores":[{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47406","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47414","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47362","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47278","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47342","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47361","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57598","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57578","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57556","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57446","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.5758","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.5756","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57584","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57529","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57551","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57526","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57579","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57583","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4090"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4090","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4090"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036645?format=json","purl":"pkg:deb/debian/varnish@4.0.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4fbk-5fwk-efbd"},{"vulnerability":"VCID-hery-ps62-9kf5"},{"vulnerability":"VCID-hpb7-1n1t-n3em"},{"vulnerability":"VCID-j1qj-kj7k-v7fx"},{"vulnerability":"VCID-mbcb-cn8g-zfgw"},{"vulnerability":"VCID-pww8-5fsd-1kcz"},{"vulnerability":"VCID-r7t1-a958-d7dg"},{"vulnerability":"VCID-rn5t-3pup-kbbv"},{"vulnerability":"VCID-tnwn-h2wc-q7c4"},{"vulnerability":"VCID-wm39-aehq-cyfb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@4.0.2-1"}],"aliases":["CVE-2013-4090"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ntj2-zryg-tubp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70772?format=json","vulnerability_id":"VCID-pww8-5fsd-1kcz","summary":"varnish: Client-Side Desynchronization in Varnish Cache","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30346.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30346.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30346","reference_id":"","reference_type":"","scores":[{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.38043","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37989","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.38025","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37964","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.38009","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37927","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37714","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37692","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.38067","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37947","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37998","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.38008","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.6066","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60597","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60556","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60603","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30346"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30346","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30346"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2354008","reference_id":"2354008","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2354008"},{"reference_url":"https://varnish-cache.org/security/VSV00015.html","reference_id":"VSV00015.html","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:00:05Z/"}],"url":"https://varnish-cache.org/security/VSV00015.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/995169?format=json","purl":"pkg:deb/debian/varnish@7.1.1-2%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-cmeu-b3fh-hkaf"},{"vulnerability":"VCID-djsh-vmzh-sbe7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@7.1.1-2%252Bdeb12u1"}],"aliases":["CVE-2025-30346","VSV00015"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pww8-5fsd-1kcz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80179?format=json","vulnerability_id":"VCID-r7t1-a958-d7dg","summary":"varnish: HTTP/2 request smuggling attack via a large Content-Length header for a POST request","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36740.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36740.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36740","reference_id":"","reference_type":"","scores":[{"value":"0.00708","scoring_system":"epss","scoring_elements":"0.72142","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00708","scoring_system":"epss","scoring_elements":"0.72316","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00708","scoring_system":"epss","scoring_elements":"0.7226","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00708","scoring_system":"epss","scoring_elements":"0.72289","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00708","scoring_system":"epss","scoring_elements":"0.72147","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00708","scoring_system":"epss","scoring_elements":"0.72167","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00708","scoring_system":"epss","scoring_elements":"0.72145","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00708","scoring_system":"epss","scoring_elements":"0.72182","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00708","scoring_system":"epss","scoring_elements":"0.72194","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00708","scoring_system":"epss","scoring_elements":"0.72216","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00708","scoring_system":"epss","scoring_elements":"0.722","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00708","scoring_system":"epss","scoring_elements":"0.72186","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00708","scoring_system":"epss","scoring_elements":"0.72228","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00708","scoring_system":"epss","scoring_elements":"0.72238","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00708","scoring_system":"epss","scoring_elements":"0.72224","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00708","scoring_system":"epss","scoring_elements":"0.72268","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00708","scoring_system":"epss","scoring_elements":"0.72275","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00708","scoring_system":"epss","scoring_elements":"0.7227","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23959","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23959"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1982409","reference_id":"1982409","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1982409"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991040","reference_id":"991040","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991040"},{"reference_url":"https://security.archlinux.org/ASA-202107-28","reference_id":"ASA-202107-28","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-28"},{"reference_url":"https://security.archlinux.org/AVG-2154","reference_id":"AVG-2154","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2988","reference_id":"RHSA-2021:2988","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2988"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2993","reference_id":"RHSA-2021:2993","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2993"},{"reference_url":"https://usn.ubuntu.com/5474-1/","reference_id":"USN-5474-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5474-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037788?format=json","purl":"pkg:deb/debian/varnish@6.1.1-1%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hery-ps62-9kf5"},{"vulnerability":"VCID-hpb7-1n1t-n3em"},{"vulnerability":"VCID-j1qj-kj7k-v7fx"},{"vulnerability":"VCID-mbcb-cn8g-zfgw"},{"vulnerability":"VCID-pww8-5fsd-1kcz"},{"vulnerability":"VCID-r7t1-a958-d7dg"},{"vulnerability":"VCID-rn5t-3pup-kbbv"},{"vulnerability":"VCID-wm39-aehq-cyfb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@6.1.1-1%252Bdeb10u3"},{"url":"http://public2.vulnerablecode.io/api/packages/995168?format=json","purl":"pkg:deb/debian/varnish@6.5.1-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-cmeu-b3fh-hkaf"},{"vulnerability":"VCID-djsh-vmzh-sbe7"},{"vulnerability":"VCID-j1qj-kj7k-v7fx"},{"vulnerability":"VCID-pww8-5fsd-1kcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@6.5.1-1%252Bdeb11u3"}],"aliases":["CVE-2021-36740"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r7t1-a958-d7dg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81907?format=json","vulnerability_id":"VCID-rn5t-3pup-kbbv","summary":"varnish: not clearing pointer between two client requests leads to information disclosure","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00026.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00026.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00031.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00031.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20637.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20637.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20637","reference_id":"","reference_type":"","scores":[{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.64878","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.65094","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.65004","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.65052","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.64927","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.64955","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.64918","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.64968","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.64982","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.65","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.6499","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.64962","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.64999","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.6501","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.64994","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.65014","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.65026","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.65023","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20637"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20637","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20637"},{"reference_url":"http://varnish-cache.org/security/VSV00004.html#vsv00004","reference_id":"","reference_type":"","scores":[],"url":"http://varnish-cache.org/security/VSV00004.html#vsv00004"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1772362","reference_id":"1772362","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1772362"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956305","reference_id":"956305","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956305"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-cache:varnish_cache:*:*:*:*:-:*:*:*","reference_id":"cpe:2.3:a:varnish-cache:varnish_cache:*:*:*:*:-:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-cache:varnish_cache:*:*:*:*:-:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-20637","reference_id":"CVE-2019-20637","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-20637"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4756","reference_id":"RHSA-2020:4756","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4756"},{"reference_url":"https://usn.ubuntu.com/5474-1/","reference_id":"USN-5474-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5474-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/995168?format=json","purl":"pkg:deb/debian/varnish@6.5.1-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-cmeu-b3fh-hkaf"},{"vulnerability":"VCID-djsh-vmzh-sbe7"},{"vulnerability":"VCID-j1qj-kj7k-v7fx"},{"vulnerability":"VCID-pww8-5fsd-1kcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@6.5.1-1%252Bdeb11u3"}],"aliases":["CVE-2019-20637"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rn5t-3pup-kbbv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63882?format=json","vulnerability_id":"VCID-tnwn-h2wc-q7c4","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12425.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12425.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12425","reference_id":"","reference_type":"","scores":[{"value":"0.01046","scoring_system":"epss","scoring_elements":"0.77435","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01046","scoring_system":"epss","scoring_elements":"0.77441","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01046","scoring_system":"epss","scoring_elements":"0.77467","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01046","scoring_system":"epss","scoring_elements":"0.77447","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01046","scoring_system":"epss","scoring_elements":"0.77476","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01046","scoring_system":"epss","scoring_elements":"0.77486","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01046","scoring_system":"epss","scoring_elements":"0.77512","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01046","scoring_system":"epss","scoring_elements":"0.77492","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01046","scoring_system":"epss","scoring_elements":"0.77489","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01046","scoring_system":"epss","scoring_elements":"0.77528","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01046","scoring_system":"epss","scoring_elements":"0.77525","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01046","scoring_system":"epss","scoring_elements":"0.77517","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01046","scoring_system":"epss","scoring_elements":"0.77552","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01046","scoring_system":"epss","scoring_elements":"0.77559","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01046","scoring_system":"epss","scoring_elements":"0.77573","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01046","scoring_system":"epss","scoring_elements":"0.7758","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01046","scoring_system":"epss","scoring_elements":"0.77609","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01046","scoring_system":"epss","scoring_elements":"0.77632","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12425"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12425","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12425"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1477222","reference_id":"1477222","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1477222"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870467","reference_id":"870467","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870467"},{"reference_url":"https://security.archlinux.org/ASA-201708-4","reference_id":"ASA-201708-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-4"},{"reference_url":"https://security.archlinux.org/AVG-374","reference_id":"AVG-374","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-374"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036646?format=json","purl":"pkg:deb/debian/varnish@4.0.2-1%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4fbk-5fwk-efbd"},{"vulnerability":"VCID-hery-ps62-9kf5"},{"vulnerability":"VCID-hpb7-1n1t-n3em"},{"vulnerability":"VCID-j1qj-kj7k-v7fx"},{"vulnerability":"VCID-mbcb-cn8g-zfgw"},{"vulnerability":"VCID-pww8-5fsd-1kcz"},{"vulnerability":"VCID-r7t1-a958-d7dg"},{"vulnerability":"VCID-rn5t-3pup-kbbv"},{"vulnerability":"VCID-tnwn-h2wc-q7c4"},{"vulnerability":"VCID-wm39-aehq-cyfb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@4.0.2-1%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1037133?format=json","purl":"pkg:deb/debian/varnish@5.0.0-7%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4fbk-5fwk-efbd"},{"vulnerability":"VCID-hery-ps62-9kf5"},{"vulnerability":"VCID-hpb7-1n1t-n3em"},{"vulnerability":"VCID-j1qj-kj7k-v7fx"},{"vulnerability":"VCID-mbcb-cn8g-zfgw"},{"vulnerability":"VCID-pww8-5fsd-1kcz"},{"vulnerability":"VCID-r7t1-a958-d7dg"},{"vulnerability":"VCID-rn5t-3pup-kbbv"},{"vulnerability":"VCID-tnwn-h2wc-q7c4"},{"vulnerability":"VCID-wm39-aehq-cyfb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@5.0.0-7%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1037788?format=json","purl":"pkg:deb/debian/varnish@6.1.1-1%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hery-ps62-9kf5"},{"vulnerability":"VCID-hpb7-1n1t-n3em"},{"vulnerability":"VCID-j1qj-kj7k-v7fx"},{"vulnerability":"VCID-mbcb-cn8g-zfgw"},{"vulnerability":"VCID-pww8-5fsd-1kcz"},{"vulnerability":"VCID-r7t1-a958-d7dg"},{"vulnerability":"VCID-rn5t-3pup-kbbv"},{"vulnerability":"VCID-wm39-aehq-cyfb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@6.1.1-1%252Bdeb10u3"}],"aliases":["CVE-2017-12425"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tnwn-h2wc-q7c4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81614?format=json","vulnerability_id":"VCID-wm39-aehq-cyfb","summary":"varnish: remote clients may cause Varnish to assert and restart which could result in DoS","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00026.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00026.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00031.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00031.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11653.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11653.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11653","reference_id":"","reference_type":"","scores":[{"value":"0.0126","scoring_system":"epss","scoring_elements":"0.79358","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0126","scoring_system":"epss","scoring_elements":"0.79545","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0126","scoring_system":"epss","scoring_elements":"0.79507","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0126","scoring_system":"epss","scoring_elements":"0.79528","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0126","scoring_system":"epss","scoring_elements":"0.79364","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0126","scoring_system":"epss","scoring_elements":"0.79387","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0126","scoring_system":"epss","scoring_elements":"0.79373","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0126","scoring_system":"epss","scoring_elements":"0.794","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0126","scoring_system":"epss","scoring_elements":"0.79409","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0126","scoring_system":"epss","scoring_elements":"0.79433","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0126","scoring_system":"epss","scoring_elements":"0.79416","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0126","scoring_system":"epss","scoring_elements":"0.79405","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0126","scoring_system":"epss","scoring_elements":"0.79436","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0126","scoring_system":"epss","scoring_elements":"0.79435","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0126","scoring_system":"epss","scoring_elements":"0.79438","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0126","scoring_system":"epss","scoring_elements":"0.79472","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0126","scoring_system":"epss","scoring_elements":"0.79477","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0126","scoring_system":"epss","scoring_elements":"0.79493","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11653"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00036.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00036.html"},{"reference_url":"https://varnish-cache.org/security/VSV00005.html#vsv00005","reference_id":"","reference_type":"","scores":[],"url":"https://varnish-cache.org/security/VSV00005.html#vsv00005"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1813867","reference_id":"1813867","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1813867"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956307","reference_id":"956307","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956307"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-cache:varnish_cache:*:*:*:*:-:*:*:*","reference_id":"cpe:2.3:a:varnish-cache:varnish_cache:*:*:*:*:-:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-cache:varnish_cache:*:*:*:*:-:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11653","reference_id":"CVE-2020-11653","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11653"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4756","reference_id":"RHSA-2020:4756","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4756"},{"reference_url":"https://usn.ubuntu.com/5474-1/","reference_id":"USN-5474-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5474-1/"},{"reference_url":"https://usn.ubuntu.com/5474-2/","reference_id":"USN-5474-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5474-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/995168?format=json","purl":"pkg:deb/debian/varnish@6.5.1-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-cmeu-b3fh-hkaf"},{"vulnerability":"VCID-djsh-vmzh-sbe7"},{"vulnerability":"VCID-j1qj-kj7k-v7fx"},{"vulnerability":"VCID-pww8-5fsd-1kcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@6.5.1-1%252Bdeb11u3"}],"aliases":["CVE-2020-11653"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wm39-aehq-cyfb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34476?format=json","vulnerability_id":"VCID-z4zn-dpfs-j7cq","summary":"Multiple vulnerabilities have been found in Varnish, the worst of\n    which could allow a remote attacker to create a Denial of Service\n    condition.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4484","reference_id":"","reference_type":"","scores":[{"value":"0.01554","scoring_system":"epss","scoring_elements":"0.81368","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01554","scoring_system":"epss","scoring_elements":"0.81377","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01554","scoring_system":"epss","scoring_elements":"0.814","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01554","scoring_system":"epss","scoring_elements":"0.81399","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01554","scoring_system":"epss","scoring_elements":"0.81427","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01554","scoring_system":"epss","scoring_elements":"0.81432","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01554","scoring_system":"epss","scoring_elements":"0.81454","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01554","scoring_system":"epss","scoring_elements":"0.81441","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01554","scoring_system":"epss","scoring_elements":"0.81435","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01554","scoring_system":"epss","scoring_elements":"0.81471","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01554","scoring_system":"epss","scoring_elements":"0.81473","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01554","scoring_system":"epss","scoring_elements":"0.81474","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01554","scoring_system":"epss","scoring_elements":"0.81495","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01554","scoring_system":"epss","scoring_elements":"0.81503","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01554","scoring_system":"epss","scoring_elements":"0.81508","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01554","scoring_system":"epss","scoring_elements":"0.81525","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01554","scoring_system":"epss","scoring_elements":"0.81544","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01554","scoring_system":"epss","scoring_elements":"0.81566","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4484"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4484","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4484"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728989","reference_id":"728989","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728989"},{"reference_url":"https://security.gentoo.org/glsa/201412-30","reference_id":"GLSA-201412-30","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-30"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035130?format=json","purl":"pkg:deb/debian/varnish@3.0.2-2%2Bdeb7u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4fbk-5fwk-efbd"},{"vulnerability":"VCID-fgjt-z1kd-nbct"},{"vulnerability":"VCID-hery-ps62-9kf5"},{"vulnerability":"VCID-hpb7-1n1t-n3em"},{"vulnerability":"VCID-j1qj-kj7k-v7fx"},{"vulnerability":"VCID-mbcb-cn8g-zfgw"},{"vulnerability":"VCID-ntj2-zryg-tubp"},{"vulnerability":"VCID-pww8-5fsd-1kcz"},{"vulnerability":"VCID-r7t1-a958-d7dg"},{"vulnerability":"VCID-rn5t-3pup-kbbv"},{"vulnerability":"VCID-tnwn-h2wc-q7c4"},{"vulnerability":"VCID-wm39-aehq-cyfb"},{"vulnerability":"VCID-z4zn-dpfs-j7cq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@3.0.2-2%252Bdeb7u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1036645?format=json","purl":"pkg:deb/debian/varnish@4.0.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4fbk-5fwk-efbd"},{"vulnerability":"VCID-hery-ps62-9kf5"},{"vulnerability":"VCID-hpb7-1n1t-n3em"},{"vulnerability":"VCID-j1qj-kj7k-v7fx"},{"vulnerability":"VCID-mbcb-cn8g-zfgw"},{"vulnerability":"VCID-pww8-5fsd-1kcz"},{"vulnerability":"VCID-r7t1-a958-d7dg"},{"vulnerability":"VCID-rn5t-3pup-kbbv"},{"vulnerability":"VCID-tnwn-h2wc-q7c4"},{"vulnerability":"VCID-wm39-aehq-cyfb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@4.0.2-1"}],"aliases":["CVE-2013-4484"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z4zn-dpfs-j7cq"}],"fixing_vulnerabilities":[],"risk_score":"4.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@1.0.2-2"}