Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1035964?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1035964?format=api", "purl": "pkg:deb/debian/tar@1.20-1%2Blenny1", "type": "deb", "namespace": "debian", "name": "tar", "version": "1.20-1+lenny1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.34+dfsg-1+deb11u1", "latest_non_vulnerable_version": "1.34+dfsg-1+deb11u1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59331?format=api", "vulnerability_id": "VCID-bjve-yt21-5uhe", "summary": "A vulnerability in Tar could lead to a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20193.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20193.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20193", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21172", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21146", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21048", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21066", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21325", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21379", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21133", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21213", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21275", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21285", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21244", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.2119", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21183", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21193", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.2117", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21044", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21047", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21017", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.20915", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.20982", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.2107", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20193" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20193", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20193" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1917565", "reference_id": "1917565", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1917565" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980525", "reference_id": "980525", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980525" }, { "reference_url": "https://security.archlinux.org/ASA-202102-41", "reference_id": "ASA-202102-41", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202102-41" }, { "reference_url": "https://security.archlinux.org/AVG-1462", "reference_id": "AVG-1462", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1462" }, { "reference_url": "https://security.gentoo.org/glsa/202105-29", "reference_id": "GLSA-202105-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-29" }, { "reference_url": "https://usn.ubuntu.com/5329-1/", "reference_id": "USN-5329-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5329-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049805?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1%252Bdeb11u1" } ], "aliases": [ "CVE-2021-20193" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bjve-yt21-5uhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77912?format=api", "vulnerability_id": "VCID-hq66-w1de-eqe9", "summary": "tar: Incorrectly handled extension attributes in PAX archives can lead to a crash", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39804.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39804.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39804", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.1048", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10657", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10493", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10436", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10384", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10521", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10588", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10567", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10609", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10549", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10413", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10487", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10555", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10584", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10551", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10528", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10395", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10381", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10509", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10494", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39804" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254067", "reference_id": "2254067", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254067" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058079", "reference_id": "bugreport.cgi?bug=1058079", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-04T11:15:54Z/" } ], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058079" }, { "reference_url": "https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339f05cd269013fa133d2f148d73f6f7d4247e4", "reference_id": "?id=a339f05cd269013fa133d2f148d73f6f7d4247e4", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-04T11:15:54Z/" } ], "url": "https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339f05cd269013fa133d2f148d73f6f7d4247e4" }, { "reference_url": "https://usn.ubuntu.com/6543-1/", "reference_id": "USN-6543-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6543-1/" }, { "reference_url": "https://git.savannah.gnu.org/cgit/tar.git/tree/src/xheader.c?h=release_1_34#n1723", "reference_id": "xheader.c?h=release_1_34#n1723", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-04T11:15:54Z/" } ], "url": "https://git.savannah.gnu.org/cgit/tar.git/tree/src/xheader.c?h=release_1_34#n1723" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049805?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1%252Bdeb11u1" } ], "aliases": [ "CVE-2023-39804" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hq66-w1de-eqe9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36935?format=api", "vulnerability_id": "VCID-pkfu-tkaw-m7ba", "summary": "A vulnerability has been discovered in GNU Tar which may lead to an out of bounds read.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48303.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48303.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-48303", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13669", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13533", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13542", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13515", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13407", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.1331", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13469", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13553", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13545", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13575", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14958", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14839", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14928", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14979", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14942", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14904", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14845", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14741", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14748", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.15035", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-48303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48303" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://savannah.gnu.org/patch/?10307", "reference_id": "?10307", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T20:34:11Z/" } ], "url": "https://savannah.gnu.org/patch/?10307" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149722", "reference_id": "2149722", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149722" }, { "reference_url": "https://savannah.gnu.org/bugs/?62387", "reference_id": "?62387", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T20:34:11Z/" } ], "url": "https://savannah.gnu.org/bugs/?62387" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRY7VEL4AIG3GLIEVCTOXRZNSVYDYYUD/", "reference_id": "CRY7VEL4AIG3GLIEVCTOXRZNSVYDYYUD", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T20:34:11Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRY7VEL4AIG3GLIEVCTOXRZNSVYDYYUD/" }, { "reference_url": "https://security.gentoo.org/glsa/202402-12", "reference_id": "GLSA-202402-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202402-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0842", "reference_id": "RHSA-2023:0842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0959", "reference_id": "RHSA-2023:0959", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0959" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5610", "reference_id": "RHSA-2023:5610", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5610" }, { "reference_url": "https://usn.ubuntu.com/5900-1/", "reference_id": "USN-5900-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5900-1/" }, { "reference_url": "https://usn.ubuntu.com/5900-2/", "reference_id": "USN-5900-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5900-2/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5VQYCO52Z7GAVCLRYUITN7KXHLRZQS4/", "reference_id": "X5VQYCO52Z7GAVCLRYUITN7KXHLRZQS4", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T20:34:11Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5VQYCO52Z7GAVCLRYUITN7KXHLRZQS4/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049805?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1%252Bdeb11u1" } ], "aliases": [ "CVE-2022-48303" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pkfu-tkaw-m7ba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82906?format=api", "vulnerability_id": "VCID-rpve-2nqs-mucp", "summary": "tar: null-pointer dereference in pax_decode_header in sparse.c", "references": [ { "reference_url": "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:59:20Z/" } ], "url": "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:59:20Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9923.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9923.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9923", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.60824", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.6056", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.60635", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.60709", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.60689", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.60732", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.60738", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.60722", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.6071", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.60714", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.6067", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.60718", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.60775", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.60736", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.60763", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.67213", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.67264", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.67278", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.67298", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.67237", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9923" }, { "reference_url": "http://savannah.gnu.org/bugs/?55369", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:59:20Z/" } ], "url": "http://savannah.gnu.org/bugs/?55369" }, { "reference_url": "https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:59:20Z/" } ], "url": "https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9923", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9923" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:59:20Z/" } ], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:59:20Z/" } ], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1691764", "reference_id": "1691764", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1691764" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925286", "reference_id": "925286", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925286" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:tar:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:tar:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:tar:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9923", "reference_id": "CVE-2019-9923", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9923" }, { "reference_url": "https://usn.ubuntu.com/4692-1/", "reference_id": "USN-4692-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4692-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049805?format=api", "purl": "pkg:deb/debian/tar@1.34%2Bdfsg-1%2Bdeb11u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.34%252Bdfsg-1%252Bdeb11u1" } ], "aliases": [ "CVE-2019-9923" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rpve-2nqs-mucp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34397?format=api", "vulnerability_id": "VCID-svwr-123p-skeq", "summary": "A vulnerability in Tar could led to a Denial of Service condition.", "references": [ { "reference_url": "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454" }, { "reference_url": "http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20482.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20482.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20482", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05338", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05787", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05678", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05766", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05778", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05782", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.0538", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.0541", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05416", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05451", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05473", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05444", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.0543", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05424", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05379", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05382", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05546", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05581", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05617", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05625", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20482" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20482", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20482" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00025.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00025.html" }, { "reference_url": "https://news.ycombinator.com/item?id=18745431", "reference_id": "", "reference_type": "", "scores": [], "url": "https://news.ycombinator.com/item?id=18745431" }, { "reference_url": "https://twitter.com/thatcks/status/1076166645708668928", "reference_id": "", "reference_type": "", "scores": [], "url": "https://twitter.com/thatcks/status/1076166645708668928" }, { "reference_url": "https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug", "reference_id": "", "reference_type": "", "scores": [], "url": "https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug" }, { "reference_url": "http://www.securityfocus.com/bid/106354", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106354" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1662346", "reference_id": "1662346", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1662346" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917377", "reference_id": "917377", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917377" }, { "reference_url": "https://security.archlinux.org/ASA-201901-1", "reference_id": "ASA-201901-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201901-1" }, { "reference_url": "https://security.archlinux.org/AVG-841", "reference_id": "AVG-841", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-841" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:tar:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:tar:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:tar:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20482", "reference_id": "CVE-2018-20482", "reference_type": "", "scores": [ { "value": "1.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20482" }, { "reference_url": "https://security.gentoo.org/glsa/201903-05", "reference_id": "GLSA-201903-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201903-05" }, { "reference_url": "https://usn.ubuntu.com/4692-1/", "reference_id": "USN-4692-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4692-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049804?format=api", "purl": "pkg:deb/debian/tar@1.30%2Bdfsg-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bjve-yt21-5uhe" }, { "vulnerability": "VCID-hq66-w1de-eqe9" }, { "vulnerability": "VCID-pkfu-tkaw-m7ba" }, { "vulnerability": "VCID-rpve-2nqs-mucp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.30%252Bdfsg-6" } ], "aliases": [ "CVE-2018-20482" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-svwr-123p-skeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46540?format=api", "vulnerability_id": "VCID-vzdf-6u9d-bfax", "summary": "A path traversal attack in Tar may lead to the remote execution of\n arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6321.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6321.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6321", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11143", "scoring_system": "epss", "scoring_elements": "0.93556", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.11143", "scoring_system": "epss", "scoring_elements": "0.93448", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.11143", "scoring_system": "epss", "scoring_elements": "0.93456", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.11143", "scoring_system": "epss", "scoring_elements": "0.93457", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.11143", "scoring_system": "epss", "scoring_elements": "0.93465", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.11143", "scoring_system": "epss", "scoring_elements": "0.93468", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.11143", "scoring_system": "epss", "scoring_elements": "0.93474", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.11143", "scoring_system": "epss", "scoring_elements": "0.93473", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.11143", "scoring_system": "epss", "scoring_elements": "0.93493", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.11143", "scoring_system": "epss", "scoring_elements": "0.93499", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.11143", "scoring_system": "epss", "scoring_elements": "0.93506", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.11143", "scoring_system": "epss", "scoring_elements": "0.93508", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.11143", "scoring_system": "epss", "scoring_elements": "0.93505", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.11143", "scoring_system": "epss", "scoring_elements": "0.93513", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.11143", "scoring_system": "epss", "scoring_elements": "0.93526", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.11143", "scoring_system": "epss", "scoring_elements": "0.93537", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.11143", "scoring_system": "epss", "scoring_elements": "0.93543", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.11143", "scoring_system": "epss", "scoring_elements": "0.9344", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6321" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://seclists.org/fulldisclosure/2016/Oct/102", "reference_id": "102", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/" } ], "url": "http://seclists.org/fulldisclosure/2016/Oct/102" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1318562", "reference_id": "1318562", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1318562" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842339", "reference_id": "842339", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842339" }, { "reference_url": "http://www.securityfocus.com/bid/93937", "reference_id": "93937", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/" } ], "url": "http://www.securityfocus.com/bid/93937" }, { "reference_url": "http://seclists.org/fulldisclosure/2016/Oct/96", "reference_id": "96", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/" } ], "url": "http://seclists.org/fulldisclosure/2016/Oct/96" }, { "reference_url": "https://security.archlinux.org/ASA-201611-11", "reference_id": "ASA-201611-11", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-11" }, { "reference_url": "https://security.archlinux.org/AVG-64", "reference_id": "AVG-64", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-64" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3702", "reference_id": "dsa-3702", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/" } ], "url": "http://www.debian.org/security/2016/dsa-3702" }, { "reference_url": "https://security.gentoo.org/glsa/201611-19", "reference_id": "GLSA-201611-19", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/" } ], "url": "https://security.gentoo.org/glsa/201611-19" }, { "reference_url": "http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html", "reference_id": "GNU-tar-1.29-Extract-Pathname-Bypass.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/" } ], "url": "http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html" }, { "reference_url": "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d", "reference_id": "?id=7340f67b9860ea0531c1450e5aa261c50f67165d", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/" } ], "url": "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d" }, { "reference_url": "http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html", "reference_id": "msg00016.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/" } ], "url": "http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html" }, { "reference_url": "https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt", "reference_id": "tar-extract-pathname-bypass.proper.txt", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/" } ], "url": "https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt" }, { "reference_url": "https://usn.ubuntu.com/3132-1/", "reference_id": "USN-3132-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3132-1/" }, { "reference_url": "http://www.ubuntu.com/usn/USN-3132-1", "reference_id": "USN-3132-1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T20:54:23Z/" } ], "url": "http://www.ubuntu.com/usn/USN-3132-1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035969?format=api", "purl": "pkg:deb/debian/tar@1.27.1-2%2Bdeb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bjve-yt21-5uhe" }, { "vulnerability": "VCID-hq66-w1de-eqe9" }, { "vulnerability": "VCID-pkfu-tkaw-m7ba" }, { "vulnerability": "VCID-rpve-2nqs-mucp" }, { "vulnerability": "VCID-svwr-123p-skeq" }, { "vulnerability": "VCID-vzdf-6u9d-bfax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.27.1-2%252Bdeb8u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049803?format=api", "purl": "pkg:deb/debian/tar@1.29b-1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bjve-yt21-5uhe" }, { "vulnerability": "VCID-hq66-w1de-eqe9" }, { "vulnerability": "VCID-pkfu-tkaw-m7ba" }, { "vulnerability": "VCID-rpve-2nqs-mucp" }, { "vulnerability": "VCID-svwr-123p-skeq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.29b-1.1" } ], "aliases": [ "CVE-2016-6321" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vzdf-6u9d-bfax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34111?format=api", "vulnerability_id": "VCID-zakj-27p6-6kbf", "summary": "A buffer overflow flaw in GNU Tar could result in execution of\n arbitrary code or a Denial of Service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0624.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0624.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0624", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01474", "scoring_system": "epss", "scoring_elements": "0.80894", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01474", "scoring_system": "epss", "scoring_elements": "0.80902", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01474", "scoring_system": "epss", "scoring_elements": "0.80925", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01474", "scoring_system": "epss", "scoring_elements": "0.80923", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01474", "scoring_system": "epss", "scoring_elements": "0.80951", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01474", "scoring_system": "epss", "scoring_elements": "0.80958", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01474", "scoring_system": "epss", "scoring_elements": "0.80973", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01474", "scoring_system": "epss", "scoring_elements": "0.8096", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01474", "scoring_system": "epss", "scoring_elements": "0.80988", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01474", "scoring_system": "epss", "scoring_elements": "0.8099", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01474", "scoring_system": "epss", "scoring_elements": "0.81011", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01474", "scoring_system": "epss", "scoring_elements": "0.81021", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01474", "scoring_system": "epss", "scoring_elements": "0.81028", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01474", "scoring_system": "epss", "scoring_elements": "0.81041", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01474", "scoring_system": "epss", "scoring_elements": "0.81064", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01474", "scoring_system": "epss", "scoring_elements": "0.81085", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01474", "scoring_system": "epss", "scoring_elements": "0.81081", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.01474", "scoring_system": "epss", "scoring_elements": "0.81099", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.01474", "scoring_system": "epss", "scoring_elements": "0.8114", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0624" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0624", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0624" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=564368", "reference_id": "564368", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=564368" }, { "reference_url": "https://security.gentoo.org/glsa/201111-11", "reference_id": "GLSA-201111-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201111-11" }, { "reference_url": "https://security.gentoo.org/glsa/201311-21", "reference_id": "GLSA-201311-21", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201311-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0141", "reference_id": "RHSA-2010:0141", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0141" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0142", "reference_id": "RHSA-2010:0142", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0142" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0143", "reference_id": "RHSA-2010:0143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0143" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0144", "reference_id": "RHSA-2010:0144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0145", "reference_id": "RHSA-2010:0145", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0145" }, { "reference_url": "https://usn.ubuntu.com/2456-1/", "reference_id": "USN-2456-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2456-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035965?format=api", "purl": "pkg:deb/debian/tar@1.23-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bjve-yt21-5uhe" }, { "vulnerability": "VCID-hq66-w1de-eqe9" }, { "vulnerability": "VCID-pkfu-tkaw-m7ba" }, { "vulnerability": "VCID-rpve-2nqs-mucp" }, { "vulnerability": "VCID-svwr-123p-skeq" }, { "vulnerability": "VCID-vzdf-6u9d-bfax" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.23-3" } ], "aliases": [ "CVE-2010-0624" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zakj-27p6-6kbf" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48444?format=api", "vulnerability_id": "VCID-ft5f-trap-43fa", "summary": "GNU cpio contains a buffer overflow vulnerability, possibly resulting in a\n Denial of Service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4476.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4476.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-4476", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11809", "scoring_system": "epss", "scoring_elements": "0.93675", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.11809", "scoring_system": "epss", "scoring_elements": "0.93685", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.11809", "scoring_system": "epss", "scoring_elements": "0.93696", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.11809", "scoring_system": "epss", "scoring_elements": "0.93698", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.11809", "scoring_system": "epss", "scoring_elements": "0.93707", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.11809", "scoring_system": "epss", "scoring_elements": "0.93709", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.11809", "scoring_system": "epss", "scoring_elements": "0.93714", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.11809", "scoring_system": "epss", "scoring_elements": "0.93715", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.11809", "scoring_system": "epss", "scoring_elements": "0.93732", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.11809", "scoring_system": "epss", "scoring_elements": "0.93739", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.11809", "scoring_system": "epss", "scoring_elements": "0.93742", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.12223", "scoring_system": "epss", "scoring_elements": "0.93876", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.12223", "scoring_system": "epss", "scoring_elements": "0.93873", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.12223", "scoring_system": "epss", "scoring_elements": "0.93872", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.12223", "scoring_system": "epss", "scoring_elements": "0.93881", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.12223", "scoring_system": "epss", "scoring_elements": "0.93891", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.12223", "scoring_system": "epss", "scoring_elements": "0.93901", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.12223", "scoring_system": "epss", "scoring_elements": "0.93904", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.12223", "scoring_system": "epss", "scoring_elements": "0.93908", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.12223", "scoring_system": "epss", "scoring_elements": "0.93923", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-4476" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4476", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4476" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=280961", "reference_id": "280961", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=280961" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=441444", "reference_id": "441444", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=441444" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449222", "reference_id": "449222", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449222" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/30766.c", "reference_id": "CVE-2007-4476;OSVDB-42149", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/30766.c" }, { "reference_url": "https://www.securityfocus.com/bid/26445/info", "reference_id": "CVE-2007-4476;OSVDB-42149", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/26445/info" }, { "reference_url": "https://security.gentoo.org/glsa/200711-18", "reference_id": "GLSA-200711-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200711-18" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0141", "reference_id": "RHSA-2010:0141", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0141" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0144", "reference_id": "RHSA-2010:0144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0144" }, { "reference_url": "https://usn.ubuntu.com/650-1/", "reference_id": "USN-650-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/650-1/" }, { "reference_url": "https://usn.ubuntu.com/709-1/", "reference_id": "USN-709-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/709-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035964?format=api", "purl": "pkg:deb/debian/tar@1.20-1%2Blenny1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bjve-yt21-5uhe" }, { "vulnerability": "VCID-hq66-w1de-eqe9" }, { "vulnerability": "VCID-pkfu-tkaw-m7ba" }, { "vulnerability": "VCID-rpve-2nqs-mucp" }, { "vulnerability": "VCID-svwr-123p-skeq" }, { "vulnerability": "VCID-vzdf-6u9d-bfax" }, { "vulnerability": "VCID-zakj-27p6-6kbf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.20-1%252Blenny1" } ], "aliases": [ "CVE-2007-4476" ], "risk_score": 0.2, "exploitability": "2.0", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ft5f-trap-43fa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46643?format=api", "vulnerability_id": "VCID-k3h6-k26e-vke3", "summary": "A directory traversal vulnerability has been discovered in GNU Tar.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4131.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4131.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-4131", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11051", "scoring_system": "epss", "scoring_elements": "0.93408", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.11051", "scoring_system": "epss", "scoring_elements": "0.93416", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.11051", "scoring_system": "epss", "scoring_elements": "0.93424", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.11051", "scoring_system": "epss", "scoring_elements": "0.93432", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.11051", "scoring_system": "epss", "scoring_elements": "0.93436", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.11051", "scoring_system": "epss", "scoring_elements": "0.93441", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.11051", "scoring_system": "epss", "scoring_elements": "0.93442", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.11443", "scoring_system": "epss", "scoring_elements": "0.93593", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.11443", "scoring_system": "epss", "scoring_elements": "0.93612", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.11443", "scoring_system": "epss", "scoring_elements": "0.93619", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.11443", "scoring_system": "epss", "scoring_elements": "0.93624", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.11443", "scoring_system": "epss", "scoring_elements": "0.93628", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.11443", "scoring_system": "epss", "scoring_elements": "0.93627", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.11443", "scoring_system": "epss", "scoring_elements": "0.93625", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.11443", "scoring_system": "epss", "scoring_elements": "0.93633", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.11443", "scoring_system": "epss", "scoring_elements": "0.93645", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.11443", "scoring_system": "epss", "scoring_elements": "0.93656", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.11443", "scoring_system": "epss", "scoring_elements": "0.93662", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.11443", "scoring_system": "epss", "scoring_elements": "0.93674", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-4131" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4131", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4131" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=251921", "reference_id": "251921", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=251921" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439335", "reference_id": "439335", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439335" }, { "reference_url": "https://security.gentoo.org/glsa/200709-09", "reference_id": "GLSA-200709-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200709-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0860", "reference_id": "RHSA-2007:0860", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0860" }, { "reference_url": "https://usn.ubuntu.com/506-1/", "reference_id": "USN-506-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/506-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035964?format=api", "purl": "pkg:deb/debian/tar@1.20-1%2Blenny1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bjve-yt21-5uhe" }, { "vulnerability": "VCID-hq66-w1de-eqe9" }, { "vulnerability": "VCID-pkfu-tkaw-m7ba" }, { "vulnerability": "VCID-rpve-2nqs-mucp" }, { "vulnerability": "VCID-svwr-123p-skeq" }, { "vulnerability": "VCID-vzdf-6u9d-bfax" }, { "vulnerability": "VCID-zakj-27p6-6kbf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.20-1%252Blenny1" } ], "aliases": [ "CVE-2007-4131" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k3h6-k26e-vke3" } ], "risk_score": "3.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/tar@1.20-1%252Blenny1" }