{"url":"http://public2.vulnerablecode.io/api/packages/1037923?format=json","purl":"pkg:deb/debian/haproxy@1.8.19-1%2Bdeb10u3","type":"deb","namespace":"debian","name":"haproxy","version":"1.8.19-1+deb10u3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.2.17-1","latest_non_vulnerable_version":"3.2.17-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70418?format=json","vulnerability_id":"VCID-2zm3-vw55-k3af","summary":"haproxy: Buffer Overflow via Improper Back-Reference Replacement Length Check","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32464.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32464.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32464","reference_id":"","reference_type":"","scores":[{"value":"0.03342","scoring_system":"epss","scoring_elements":"0.87261","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03342","scoring_system":"epss","scoring_elements":"0.8732","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03342","scoring_system":"epss","scoring_elements":"0.87324","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03342","scoring_system":"epss","scoring_elements":"0.87318","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03342","scoring_system":"epss","scoring_elements":"0.87335","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03342","scoring_system":"epss","scoring_elements":"0.87341","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03342","scoring_system":"epss","scoring_elements":"0.87343","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03342","scoring_system":"epss","scoring_elements":"0.87361","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03342","scoring_system":"epss","scoring_elements":"0.87373","published_at":"2026-05-07T12:55:00Z"},{"value":"0.03342","scoring_system":"epss","scoring_elements":"0.87278","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03342","scoring_system":"epss","scoring_elements":"0.87275","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03342","scoring_system":"epss","scoring_elements":"0.87294","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03342","scoring_system":"epss","scoring_elements":"0.87302","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03342","scoring_system":"epss","scoring_elements":"0.87315","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03342","scoring_system":"epss","scoring_elements":"0.87309","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03342","scoring_system":"epss","scoring_elements":"0.87305","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04647","scoring_system":"epss","scoring_elements":"0.89373","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04647","scoring_system":"epss","scoring_elements":"0.89402","published_at":"2026-05-14T12:55:00Z"},{"value":"0.04647","scoring_system":"epss","scoring_elements":"0.89371","published_at":"2026-05-11T12:55:00Z"},{"value":"0.04647","scoring_system":"epss","scoring_elements":"0.89382","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32464"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32464","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32464"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102673","reference_id":"1102673","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102673"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2358543","reference_id":"2358543","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2358543"},{"reference_url":"https://github.com/haproxy/haproxy/commit/3e3b9eebf871510aee36c3a3336faac2f38c9559","reference_id":"3e3b9eebf871510aee36c3a3336faac2f38c9559","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T19:23:34Z/"}],"url":"https://github.com/haproxy/haproxy/commit/3e3b9eebf871510aee36c3a3336faac2f38c9559"},{"reference_url":"https://usn.ubuntu.com/7431-1/","reference_id":"USN-7431-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7431-1/"},{"reference_url":"https://usn.ubuntu.com/7431-2/","reference_id":"USN-7431-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7431-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1057024?format=json","purl":"pkg:deb/debian/haproxy@2.6.12-1%2Bdeb12u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mfq-cvmr-nbf8"},{"vulnerability":"VCID-97wa-uwp2-57gu"},{"vulnerability":"VCID-rj2h-pnmf-mufp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@2.6.12-1%252Bdeb12u3"}],"aliases":["CVE-2025-32464"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2zm3-vw55-k3af"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38409?format=json","vulnerability_id":"VCID-4zyf-tsw1-8bfv","summary":"A vulnerability in HAProxy might lead to remote execution of\n    arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19330.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19330.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19330","reference_id":"","reference_type":"","scores":[{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76385","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76389","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76418","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76399","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76432","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76445","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76471","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76449","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76443","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76483","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76488","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76474","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76509","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76515","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76528","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76544","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76562","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.7655","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76567","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76617","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19330"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1777584","reference_id":"1777584","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1777584"},{"reference_url":"https://security.gentoo.org/glsa/202004-01","reference_id":"GLSA-202004-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202004-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1287","reference_id":"RHSA-2020:1287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1725","reference_id":"RHSA-2020:1725","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1725"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1936","reference_id":"RHSA-2020:1936","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1936"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2265","reference_id":"RHSA-2020:2265","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2265"},{"reference_url":"https://usn.ubuntu.com/4212-1/","reference_id":"USN-4212-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4212-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051816?format=json","purl":"pkg:deb/debian/haproxy@2.2.9-2%2Bdeb11u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zm3-vw55-k3af"},{"vulnerability":"VCID-97wa-uwp2-57gu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@2.2.9-2%252Bdeb11u6"}],"aliases":["CVE-2019-19330"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4zyf-tsw1-8bfv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49894?format=json","vulnerability_id":"VCID-5q7p-8nxf-sfem","summary":"A buffer overflow in HAProxy might allow an attacker to execute\n    arbitrary code.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00002.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00002.html"},{"reference_url":"http://packetstormsecurity.com/files/157323/haproxy-hpack-tbl.c-Out-Of-Bounds-Write.html","reference_id":"","reference_type":"","scores":[],"url":"http://packetstormsecurity.com/files/157323/haproxy-hpack-tbl.c-Out-Of-Bounds-Write.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11100.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11100.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11100","reference_id":"","reference_type":"","scores":[{"value":"0.74791","scoring_system":"epss","scoring_elements":"0.98851","published_at":"2026-04-01T12:55:00Z"},{"value":"0.74791","scoring_system":"epss","scoring_elements":"0.98887","published_at":"2026-05-14T12:55:00Z"},{"value":"0.74791","scoring_system":"epss","scoring_elements":"0.98878","published_at":"2026-05-07T12:55:00Z"},{"value":"0.74791","scoring_system":"epss","scoring_elements":"0.98881","published_at":"2026-05-09T12:55:00Z"},{"value":"0.74791","scoring_system":"epss","scoring_elements":"0.98882","published_at":"2026-05-11T12:55:00Z"},{"value":"0.74791","scoring_system":"epss","scoring_elements":"0.98883","published_at":"2026-05-12T12:55:00Z"},{"value":"0.74791","scoring_system":"epss","scoring_elements":"0.98853","published_at":"2026-04-02T12:55:00Z"},{"value":"0.74791","scoring_system":"epss","scoring_elements":"0.98855","published_at":"2026-04-04T12:55:00Z"},{"value":"0.74791","scoring_system":"epss","scoring_elements":"0.98856","published_at":"2026-04-07T12:55:00Z"},{"value":"0.74791","scoring_system":"epss","scoring_elements":"0.98857","published_at":"2026-04-09T12:55:00Z"},{"value":"0.74791","scoring_system":"epss","scoring_elements":"0.9886","published_at":"2026-04-12T12:55:00Z"},{"value":"0.74791","scoring_system":"epss","scoring_elements":"0.98861","published_at":"2026-04-13T12:55:00Z"},{"value":"0.74791","scoring_system":"epss","scoring_elements":"0.98864","published_at":"2026-04-16T12:55:00Z"},{"value":"0.74791","scoring_system":"epss","scoring_elements":"0.98866","published_at":"2026-04-18T12:55:00Z"},{"value":"0.74791","scoring_system":"epss","scoring_elements":"0.9887","published_at":"2026-04-21T12:55:00Z"},{"value":"0.74791","scoring_system":"epss","scoring_elements":"0.98874","published_at":"2026-04-29T12:55:00Z"},{"value":"0.74791","scoring_system":"epss","scoring_elements":"0.98873","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11100"},{"reference_url":"https://bugzilla.suse.com/show_bug.cgi?id=1168023","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.suse.com/show_bug.cgi?id=1168023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11100","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11100"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=5dfc5d5cd0d2128d77253ead3acf03a421ab5b88","reference_id":"","reference_type":"","scores":[],"url":"https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=5dfc5d5cd0d2128d77253ead3acf03a421ab5b88"},{"reference_url":"https://lists.debian.org/debian-security-announce/2020/msg00052.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-security-announce/2020/msg00052.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/264C7UL3X7L7QE74ZJ557IOUFS3J4QQC/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/264C7UL3X7L7QE74ZJ557IOUFS3J4QQC/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MNW5RZLIX7LOXRLV7WMHX22CI43XSXKW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MNW5RZLIX7LOXRLV7WMHX22CI43XSXKW/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4649","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2020/dsa-4649"},{"reference_url":"https://www.haproxy.org/download/2.1/src/CHANGELOG","reference_id":"","reference_type":"","scores":[],"url":"https://www.haproxy.org/download/2.1/src/CHANGELOG"},{"reference_url":"https://www.mail-archive.com/haproxy%40formilux.org/msg36876.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.mail-archive.com/haproxy%40formilux.org/msg36876.html"},{"reference_url":"http://www.haproxy.org","reference_id":"","reference_type":"","scores":[],"url":"http://www.haproxy.org"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1819111","reference_id":"1819111","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1819111"},{"reference_url":"https://security.archlinux.org/ASA-202004-7","reference_id":"ASA-202004-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202004-7"},{"reference_url":"https://security.archlinux.org/AVG-1124","reference_id":"AVG-1124","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1124"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11100","reference_id":"CVE-2020-11100","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11100"},{"reference_url":"https://security.gentoo.org/glsa/202012-22","reference_id":"GLSA-202012-22","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202012-22"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1287","reference_id":"RHSA-2020:1287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1288","reference_id":"RHSA-2020:1288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1289","reference_id":"RHSA-2020:1289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1290","reference_id":"RHSA-2020:1290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1936","reference_id":"RHSA-2020:1936","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1936"},{"reference_url":"https://usn.ubuntu.com/4321-1/","reference_id":"USN-4321-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4321-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051816?format=json","purl":"pkg:deb/debian/haproxy@2.2.9-2%2Bdeb11u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zm3-vw55-k3af"},{"vulnerability":"VCID-97wa-uwp2-57gu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@2.2.9-2%252Bdeb11u6"}],"aliases":["CVE-2020-11100"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5q7p-8nxf-sfem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80084?format=json","vulnerability_id":"VCID-93ba-zj92-zqf1","summary":"haproxy: does not ensure that the scheme and path portions of a URI have the expected characters","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39240.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39240.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39240","reference_id":"","reference_type":"","scores":[{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20318","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20285","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20174","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20196","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20461","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.2052","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20245","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20326","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20384","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20413","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20369","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20312","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.203","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20303","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20301","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20178","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20173","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.2014","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20053","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20125","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20209","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39240"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39240","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39240"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39241","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39241"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39242","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39242"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1995104","reference_id":"1995104","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1995104"},{"reference_url":"https://security.archlinux.org/AVG-2304","reference_id":"AVG-2304","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2304"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4118","reference_id":"RHSA-2021:4118","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4118"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5208","reference_id":"RHSA-2021:5208","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5208"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051816?format=json","purl":"pkg:deb/debian/haproxy@2.2.9-2%2Bdeb11u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zm3-vw55-k3af"},{"vulnerability":"VCID-97wa-uwp2-57gu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@2.2.9-2%252Bdeb11u6"}],"aliases":["CVE-2021-39240"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-93ba-zj92-zqf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82099?format=json","vulnerability_id":"VCID-9gwz-6dnd-r7fj","summary":"haproxy: HTTP request smuggling issue with transfer-encoding header containing an obfuscated \"chunked\" value","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00016.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00016.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00019.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00019.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18277.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18277.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18277","reference_id":"","reference_type":"","scores":[{"value":"0.00967","scoring_system":"epss","scoring_elements":"0.76525","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00967","scoring_system":"epss","scoring_elements":"0.76581","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00967","scoring_system":"epss","scoring_elements":"0.76582","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00967","scoring_system":"epss","scoring_elements":"0.76609","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00967","scoring_system":"epss","scoring_elements":"0.76588","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00967","scoring_system":"epss","scoring_elements":"0.76623","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00967","scoring_system":"epss","scoring_elements":"0.76627","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00967","scoring_system":"epss","scoring_elements":"0.76615","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00967","scoring_system":"epss","scoring_elements":"0.76647","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00967","scoring_system":"epss","scoring_elements":"0.76653","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00967","scoring_system":"epss","scoring_elements":"0.76666","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00967","scoring_system":"epss","scoring_elements":"0.7653","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00967","scoring_system":"epss","scoring_elements":"0.76559","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00967","scoring_system":"epss","scoring_elements":"0.7654","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00967","scoring_system":"epss","scoring_elements":"0.76572","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02818","scoring_system":"epss","scoring_elements":"0.86302","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02818","scoring_system":"epss","scoring_elements":"0.86255","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02818","scoring_system":"epss","scoring_elements":"0.86252","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02818","scoring_system":"epss","scoring_elements":"0.86265","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02818","scoring_system":"epss","scoring_elements":"0.86215","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02818","scoring_system":"epss","scoring_elements":"0.86236","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18277"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18277","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18277"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://git.haproxy.org/?p=haproxy-2.0.git%3Ba=commit%3Bh=196a7df44d8129d1adc795da020b722614d6a581","reference_id":"","reference_type":"","scores":[],"url":"https://git.haproxy.org/?p=haproxy-2.0.git%3Ba=commit%3Bh=196a7df44d8129d1adc795da020b722614d6a581"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00045.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00045.html"},{"reference_url":"https://nathandavison.com/blog/haproxy-http-request-smuggling","reference_id":"","reference_type":"","scores":[],"url":"https://nathandavison.com/blog/haproxy-http-request-smuggling"},{"reference_url":"https://www.mail-archive.com/haproxy%40formilux.org/msg34926.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.mail-archive.com/haproxy%40formilux.org/msg34926.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1759697","reference_id":"1759697","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1759697"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18277","reference_id":"CVE-2019-18277","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18277"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1287","reference_id":"RHSA-2020:1287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1725","reference_id":"RHSA-2020:1725","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1725"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1936","reference_id":"RHSA-2020:1936","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1936"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2265","reference_id":"RHSA-2020:2265","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2265"},{"reference_url":"https://usn.ubuntu.com/4174-1/","reference_id":"USN-4174-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4174-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051816?format=json","purl":"pkg:deb/debian/haproxy@2.2.9-2%2Bdeb11u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zm3-vw55-k3af"},{"vulnerability":"VCID-97wa-uwp2-57gu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@2.2.9-2%252Bdeb11u6"}],"aliases":["CVE-2019-18277"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9gwz-6dnd-r7fj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79633?format=json","vulnerability_id":"VCID-a7s4-6k62-3qh2","summary":"haproxy: Denial of service via set-cookie2 header","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0711.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0711.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0711","reference_id":"","reference_type":"","scores":[{"value":"0.66484","scoring_system":"epss","scoring_elements":"0.98521","published_at":"2026-04-01T12:55:00Z"},{"value":"0.66484","scoring_system":"epss","scoring_elements":"0.98523","published_at":"2026-04-02T12:55:00Z"},{"value":"0.66484","scoring_system":"epss","scoring_elements":"0.98526","published_at":"2026-04-07T12:55:00Z"},{"value":"0.66484","scoring_system":"epss","scoring_elements":"0.98529","published_at":"2026-04-08T12:55:00Z"},{"value":"0.66484","scoring_system":"epss","scoring_elements":"0.98531","published_at":"2026-04-09T12:55:00Z"},{"value":"0.66484","scoring_system":"epss","scoring_elements":"0.98532","published_at":"2026-04-12T12:55:00Z"},{"value":"0.66484","scoring_system":"epss","scoring_elements":"0.98533","published_at":"2026-04-13T12:55:00Z"},{"value":"0.66484","scoring_system":"epss","scoring_elements":"0.98538","published_at":"2026-04-18T12:55:00Z"},{"value":"0.66484","scoring_system":"epss","scoring_elements":"0.98539","published_at":"2026-04-21T12:55:00Z"},{"value":"0.66484","scoring_system":"epss","scoring_elements":"0.98542","published_at":"2026-04-24T12:55:00Z"},{"value":"0.66484","scoring_system":"epss","scoring_elements":"0.98543","published_at":"2026-04-29T12:55:00Z"},{"value":"0.66484","scoring_system":"epss","scoring_elements":"0.98547","published_at":"2026-05-11T12:55:00Z"},{"value":"0.66484","scoring_system":"epss","scoring_elements":"0.98549","published_at":"2026-05-12T12:55:00Z"},{"value":"0.66484","scoring_system":"epss","scoring_elements":"0.98552","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0711"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0711","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0711"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053666","reference_id":"2053666","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053666"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1021","reference_id":"RHSA-2022:1021","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1021"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1153","reference_id":"RHSA-2022:1153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1336","reference_id":"RHSA-2022:1336","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1336"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1620","reference_id":"RHSA-2022:1620","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1620"},{"reference_url":"https://usn.ubuntu.com/5312-1/","reference_id":"USN-5312-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5312-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051816?format=json","purl":"pkg:deb/debian/haproxy@2.2.9-2%2Bdeb11u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zm3-vw55-k3af"},{"vulnerability":"VCID-97wa-uwp2-57gu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@2.2.9-2%252Bdeb11u6"}],"aliases":["CVE-2022-0711"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a7s4-6k62-3qh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80086?format=json","vulnerability_id":"VCID-atwp-g4uy-3qgg","summary":"haproxy: it can lead to a situation with an attacker-controlled HTTP Host header because a mismatch between Host and authority is mishandled","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39242.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39242.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39242","reference_id":"","reference_type":"","scores":[{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64367","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64634","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64558","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64581","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64421","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64451","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.6441","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64458","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64474","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.6449","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64478","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64449","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64484","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64495","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64487","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64508","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64521","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.6452","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64542","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64587","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39242"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39240","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39240"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39241","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39241"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39242","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39242"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1995112","reference_id":"1995112","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1995112"},{"reference_url":"https://security.archlinux.org/AVG-2304","reference_id":"AVG-2304","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2304"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4118","reference_id":"RHSA-2021:4118","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4118"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5208","reference_id":"RHSA-2021:5208","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5208"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051816?format=json","purl":"pkg:deb/debian/haproxy@2.2.9-2%2Bdeb11u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zm3-vw55-k3af"},{"vulnerability":"VCID-97wa-uwp2-57gu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@2.2.9-2%252Bdeb11u6"}],"aliases":["CVE-2021-39242"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-atwp-g4uy-3qgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78666?format=json","vulnerability_id":"VCID-bb8w-k2e1-xbht","summary":"haproxy: request smuggling attack in HTTP/1 header parsing","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25725.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25725.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25725","reference_id":"","reference_type":"","scores":[{"value":"0.17535","scoring_system":"epss","scoring_elements":"0.9515","published_at":"2026-05-14T12:55:00Z"},{"value":"0.20036","scoring_system":"epss","scoring_elements":"0.95486","published_at":"2026-04-18T12:55:00Z"},{"value":"0.20036","scoring_system":"epss","scoring_elements":"0.95523","published_at":"2026-05-12T12:55:00Z"},{"value":"0.20036","scoring_system":"epss","scoring_elements":"0.95519","published_at":"2026-05-11T12:55:00Z"},{"value":"0.20036","scoring_system":"epss","scoring_elements":"0.95513","published_at":"2026-05-09T12:55:00Z"},{"value":"0.20036","scoring_system":"epss","scoring_elements":"0.95506","published_at":"2026-05-07T12:55:00Z"},{"value":"0.20036","scoring_system":"epss","scoring_elements":"0.95502","published_at":"2026-05-05T12:55:00Z"},{"value":"0.20036","scoring_system":"epss","scoring_elements":"0.95492","published_at":"2026-04-29T12:55:00Z"},{"value":"0.20036","scoring_system":"epss","scoring_elements":"0.95491","published_at":"2026-04-24T12:55:00Z"},{"value":"0.20036","scoring_system":"epss","scoring_elements":"0.95489","published_at":"2026-04-21T12:55:00Z"},{"value":"0.29937","scoring_system":"epss","scoring_elements":"0.96623","published_at":"2026-04-02T12:55:00Z"},{"value":"0.29937","scoring_system":"epss","scoring_elements":"0.96629","published_at":"2026-04-04T12:55:00Z"},{"value":"0.29937","scoring_system":"epss","scoring_elements":"0.96632","published_at":"2026-04-07T12:55:00Z"},{"value":"0.29937","scoring_system":"epss","scoring_elements":"0.9664","published_at":"2026-04-08T12:55:00Z"},{"value":"0.29937","scoring_system":"epss","scoring_elements":"0.96642","published_at":"2026-04-09T12:55:00Z"},{"value":"0.29937","scoring_system":"epss","scoring_elements":"0.96644","published_at":"2026-04-11T12:55:00Z"},{"value":"0.29937","scoring_system":"epss","scoring_elements":"0.96645","published_at":"2026-04-12T12:55:00Z"},{"value":"0.29937","scoring_system":"epss","scoring_elements":"0.96647","published_at":"2026-04-13T12:55:00Z"},{"value":"0.29937","scoring_system":"epss","scoring_elements":"0.96654","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25725"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0056","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25725","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25725"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2169089","reference_id":"2169089","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2169089"},{"reference_url":"https://www.debian.org/security/2023/dsa-5348","reference_id":"dsa-5348","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T19:12:55Z/"}],"url":"https://www.debian.org/security/2023/dsa-5348"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPTJQHKUEU2PQ7RWFUYAFLAD4STEIKHU/","reference_id":"FPTJQHKUEU2PQ7RWFUYAFLAD4STEIKHU","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T19:12:55Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPTJQHKUEU2PQ7RWFUYAFLAD4STEIKHU/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JM5NCIBTHYDTLPY2UNC4HO2VAHHE6CJG/","reference_id":"JM5NCIBTHYDTLPY2UNC4HO2VAHHE6CJG","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T19:12:55Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JM5NCIBTHYDTLPY2UNC4HO2VAHHE6CJG/"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00012.html","reference_id":"msg00012.html","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T19:12:55Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00012.html"},{"reference_url":"https://git.haproxy.org/?p=haproxy-2.7.git%3Ba=commit%3Bh=a0e561ad7f29ed50c473f5a9da664267b60d1112","reference_id":"?p=haproxy-2.7.git%3Ba=commit%3Bh=a0e561ad7f29ed50c473f5a9da664267b60d1112","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T19:12:55Z/"}],"url":"https://git.haproxy.org/?p=haproxy-2.7.git%3Ba=commit%3Bh=a0e561ad7f29ed50c473f5a9da664267b60d1112"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1268","reference_id":"RHSA-2023:1268","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1268"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1325","reference_id":"RHSA-2023:1325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1655","reference_id":"RHSA-2023:1655","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1655"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1696","reference_id":"RHSA-2023:1696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1696"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1978","reference_id":"RHSA-2023:1978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0746","reference_id":"RHSA-2024:0746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0746"},{"reference_url":"https://usn.ubuntu.com/5869-1/","reference_id":"USN-5869-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5869-1/"},{"reference_url":"https://usn.ubuntu.com/7135-1/","reference_id":"USN-7135-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7135-1/"},{"reference_url":"https://www.haproxy.org/","reference_id":"www.haproxy.org","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T19:12:55Z/"}],"url":"https://www.haproxy.org/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051816?format=json","purl":"pkg:deb/debian/haproxy@2.2.9-2%2Bdeb11u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zm3-vw55-k3af"},{"vulnerability":"VCID-97wa-uwp2-57gu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@2.2.9-2%252Bdeb11u6"}],"aliases":["CVE-2023-25725"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bb8w-k2e1-xbht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80042?format=json","vulnerability_id":"VCID-jz63-5mba-3qbx","summary":"haproxy: request smuggling attack or response splitting via duplicate content-length header","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40346.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40346.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40346","reference_id":"","reference_type":"","scores":[{"value":"0.92378","scoring_system":"epss","scoring_elements":"0.99724","published_at":"2026-04-01T12:55:00Z"},{"value":"0.92378","scoring_system":"epss","scoring_elements":"0.99736","published_at":"2026-05-14T12:55:00Z"},{"value":"0.92378","scoring_system":"epss","scoring_elements":"0.99734","published_at":"2026-05-07T12:55:00Z"},{"value":"0.92378","scoring_system":"epss","scoring_elements":"0.99735","published_at":"2026-05-11T12:55:00Z"},{"value":"0.92378","scoring_system":"epss","scoring_elements":"0.99725","published_at":"2026-04-02T12:55:00Z"},{"value":"0.92378","scoring_system":"epss","scoring_elements":"0.99726","published_at":"2026-04-13T12:55:00Z"},{"value":"0.92378","scoring_system":"epss","scoring_elements":"0.99727","published_at":"2026-04-16T12:55:00Z"},{"value":"0.92378","scoring_system":"epss","scoring_elements":"0.99728","published_at":"2026-04-18T12:55:00Z"},{"value":"0.92378","scoring_system":"epss","scoring_elements":"0.99729","published_at":"2026-04-21T12:55:00Z"},{"value":"0.92378","scoring_system":"epss","scoring_elements":"0.99731","published_at":"2026-04-24T12:55:00Z"},{"value":"0.92378","scoring_system":"epss","scoring_elements":"0.99732","published_at":"2026-04-26T12:55:00Z"},{"value":"0.92378","scoring_system":"epss","scoring_elements":"0.99733","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40346"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40346","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40346"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2000599","reference_id":"2000599","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2000599"},{"reference_url":"https://security.archlinux.org/AVG-2343","reference_id":"AVG-2343","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4118","reference_id":"RHSA-2021:4118","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4118"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5208","reference_id":"RHSA-2021:5208","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5208"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0024","reference_id":"RHSA-2022:0024","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0024"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0114","reference_id":"RHSA-2022:0114","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0114"},{"reference_url":"https://usn.ubuntu.com/5063-1/","reference_id":"USN-5063-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5063-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051816?format=json","purl":"pkg:deb/debian/haproxy@2.2.9-2%2Bdeb11u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zm3-vw55-k3af"},{"vulnerability":"VCID-97wa-uwp2-57gu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@2.2.9-2%252Bdeb11u6"}],"aliases":["CVE-2021-40346"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jz63-5mba-3qbx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78834?format=json","vulnerability_id":"VCID-mrdn-6cwg-j3h8","summary":"haproxy: data leak via fcgi requests","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0836.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0836.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0836","reference_id":"","reference_type":"","scores":[{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00225","published_at":"2026-04-04T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00223","published_at":"2026-04-02T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.0022","published_at":"2026-04-13T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00221","published_at":"2026-04-12T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00222","published_at":"2026-04-11T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00292","published_at":"2026-05-14T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00296","published_at":"2026-05-07T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00295","published_at":"2026-05-05T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00298","published_at":"2026-05-09T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00294","published_at":"2026-05-11T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00289","published_at":"2026-05-12T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00279","published_at":"2026-04-16T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00282","published_at":"2026-04-18T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00302","published_at":"2026-04-21T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00303","published_at":"2026-04-24T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00301","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0836"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0836","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0836"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2180746","reference_id":"2180746","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2180746"},{"reference_url":"https://www.debian.org/security/2023/dsa-5388","reference_id":"dsa-5388","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T16:41:58Z/"}],"url":"https://www.debian.org/security/2023/dsa-5388"},{"reference_url":"https://git.haproxy.org/?p=haproxy.git%3Ba=commitdiff%3Bh=2e6bf0a","reference_id":"?p=haproxy.git%3Ba=commitdiff%3Bh=2e6bf0a","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T16:41:58Z/"}],"url":"https://git.haproxy.org/?p=haproxy.git%3Ba=commitdiff%3Bh=2e6bf0a"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6496","reference_id":"RHSA-2023:6496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6496"},{"reference_url":"https://usn.ubuntu.com/5994-1/","reference_id":"USN-5994-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5994-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051816?format=json","purl":"pkg:deb/debian/haproxy@2.2.9-2%2Bdeb11u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zm3-vw55-k3af"},{"vulnerability":"VCID-97wa-uwp2-57gu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@2.2.9-2%252Bdeb11u6"}],"aliases":["CVE-2023-0836"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mrdn-6cwg-j3h8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77944?format=json","vulnerability_id":"VCID-s86j-egny-77cu","summary":"haproxy: untrimmed URI fragments may lead to exposure of confidential data on static servers","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45539.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45539.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-45539","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07664","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07888","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07745","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0769","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07667","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07634","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07614","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07755","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07826","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07817","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0784","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07707","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0767","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0773","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07748","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07747","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07733","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07717","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07641","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07628","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-45539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40225","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40225"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45539"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.w3.org/Archives/Public/ietf-http-wg/2023JulSep/0070.html","reference_id":"0070.html","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:42Z/"}],"url":"https://lists.w3.org/Archives/Public/ietf-http-wg/2023JulSep/0070.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2253037","reference_id":"2253037","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2253037"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00010.html","reference_id":"msg00010.html","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:42Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00010.html"},{"reference_url":"https://www.mail-archive.com/haproxy%40formilux.org/msg43861.html","reference_id":"msg43861.html","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:42Z/"}],"url":"https://www.mail-archive.com/haproxy%40formilux.org/msg43861.html"},{"reference_url":"https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=2eab6d354322932cfec2ed54de261e4347eca9a6","reference_id":"?p=haproxy.git%3Ba=commit%3Bh=2eab6d354322932cfec2ed54de261e4347eca9a6","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:42Z/"}],"url":"https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=2eab6d354322932cfec2ed54de261e4347eca9a6"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10267","reference_id":"RHSA-2024:10267","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10267"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10271","reference_id":"RHSA-2024:10271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1089","reference_id":"RHSA-2024:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1089"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1142","reference_id":"RHSA-2024:1142","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1142"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4853","reference_id":"RHSA-2024:4853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4853"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6412","reference_id":"RHSA-2024:6412","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6412"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8849","reference_id":"RHSA-2024:8849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8849"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8874","reference_id":"RHSA-2024:8874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:9945","reference_id":"RHSA-2024:9945","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:9945"},{"reference_url":"https://usn.ubuntu.com/6530-1/","reference_id":"USN-6530-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6530-1/"},{"reference_url":"https://usn.ubuntu.com/6530-2/","reference_id":"USN-6530-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6530-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051816?format=json","purl":"pkg:deb/debian/haproxy@2.2.9-2%2Bdeb11u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zm3-vw55-k3af"},{"vulnerability":"VCID-97wa-uwp2-57gu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@2.2.9-2%252Bdeb11u6"}],"aliases":["CVE-2023-45539"],"risk_score":3.7,"exploitability":"0.5","weighted_severity":"7.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s86j-egny-77cu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80085?format=json","vulnerability_id":"VCID-sy71-5m1g-2yav","summary":"haproxy: an HTTP method name may contain a space followed by the name of a protected resource","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39241.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39241.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39241","reference_id":"","reference_type":"","scores":[{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63293","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.6354","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63461","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63487","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63353","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.6338","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63346","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63397","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63415","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63432","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63414","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63422","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63401","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63418","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63431","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63427","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63399","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63443","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63496","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39241"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39240","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39240"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39241","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39241"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39242","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39242"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1995107","reference_id":"1995107","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1995107"},{"reference_url":"https://security.archlinux.org/AVG-2304","reference_id":"AVG-2304","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2304"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4118","reference_id":"RHSA-2021:4118","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4118"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5208","reference_id":"RHSA-2021:5208","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5208"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0024","reference_id":"RHSA-2022:0024","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0024"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0114","reference_id":"RHSA-2022:0114","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0114"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051816?format=json","purl":"pkg:deb/debian/haproxy@2.2.9-2%2Bdeb11u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zm3-vw55-k3af"},{"vulnerability":"VCID-97wa-uwp2-57gu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@2.2.9-2%252Bdeb11u6"}],"aliases":["CVE-2021-39241"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sy71-5m1g-2yav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78789?format=json","vulnerability_id":"VCID-w1we-d8uq-s3hh","summary":"haproxy: segfault DoS","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0056.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0056.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0056","reference_id":"","reference_type":"","scores":[{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34741","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34648","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34674","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37615","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37666","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.3768","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37711","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37736","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.41197","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.41226","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.41123","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.41012","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.40998","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.40914","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.40774","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.40849","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.40864","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.41183","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.41229","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0056","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25725","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25725"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2160808","reference_id":"2160808","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2160808"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-0056","reference_id":"CVE-2023-0056","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T19:35:23Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-0056"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0727","reference_id":"RHSA-2023:0727","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0727"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1325","reference_id":"RHSA-2023:1325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1696","reference_id":"RHSA-2023:1696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1696"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1978","reference_id":"RHSA-2023:1978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0746","reference_id":"RHSA-2024:0746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0746"},{"reference_url":"https://usn.ubuntu.com/5819-1/","reference_id":"USN-5819-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5819-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051816?format=json","purl":"pkg:deb/debian/haproxy@2.2.9-2%2Bdeb11u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zm3-vw55-k3af"},{"vulnerability":"VCID-97wa-uwp2-57gu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@2.2.9-2%252Bdeb11u6"}],"aliases":["CVE-2023-0056"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w1we-d8uq-s3hh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78192?format=json","vulnerability_id":"VCID-ygb3-7kb1-tqbc","summary":"haproxy: Proxy forwards malformed empty Content-Length headers","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40225.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40225.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-40225","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06969","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06995","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06963","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07053","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08232","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08091","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.0807","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08054","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07959","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07943","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08102","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08056","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08021","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07995","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08057","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08017","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08077","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08101","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08835","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10428","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-40225"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40225","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40225"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45539"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043502","reference_id":"1043502","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043502"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2231370","reference_id":"2231370","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2231370"},{"reference_url":"https://github.com/haproxy/haproxy/issues/2237","reference_id":"2237","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-09T20:14:21Z/"}],"url":"https://github.com/haproxy/haproxy/issues/2237"},{"reference_url":"https://cwe.mitre.org/data/definitions/436.html","reference_id":"436.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-09T20:14:21Z/"}],"url":"https://cwe.mitre.org/data/definitions/436.html"},{"reference_url":"https://github.com/haproxy/haproxy/commit/6492f1f29d738457ea9f382aca54537f35f9d856","reference_id":"6492f1f29d738457ea9f382aca54537f35f9d856","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-09T20:14:21Z/"}],"url":"https://github.com/haproxy/haproxy/commit/6492f1f29d738457ea9f382aca54537f35f9d856"},{"reference_url":"https://www.haproxy.org/download/2.6/src/CHANGELOG","reference_id":"CHANGELOG","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-09T20:14:21Z/"}],"url":"https://www.haproxy.org/download/2.6/src/CHANGELOG"},{"reference_url":"https://www.haproxy.org/download/2.7/src/CHANGELOG","reference_id":"CHANGELOG","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-09T20:14:21Z/"}],"url":"https://www.haproxy.org/download/2.7/src/CHANGELOG"},{"reference_url":"https://www.haproxy.org/download/2.8/src/CHANGELOG","reference_id":"CHANGELOG","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-09T20:14:21Z/"}],"url":"https://www.haproxy.org/download/2.8/src/CHANGELOG"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7473","reference_id":"RHSA-2023:7473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7606","reference_id":"RHSA-2023:7606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0200","reference_id":"RHSA-2024:0200","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0200"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0308","reference_id":"RHSA-2024:0308","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0308"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1089","reference_id":"RHSA-2024:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1089"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1142","reference_id":"RHSA-2024:1142","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1142"},{"reference_url":"https://usn.ubuntu.com/6294-1/","reference_id":"USN-6294-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6294-1/"},{"reference_url":"https://usn.ubuntu.com/6294-2/","reference_id":"USN-6294-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6294-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051816?format=json","purl":"pkg:deb/debian/haproxy@2.2.9-2%2Bdeb11u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zm3-vw55-k3af"},{"vulnerability":"VCID-97wa-uwp2-57gu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@2.2.9-2%252Bdeb11u6"}],"aliases":["CVE-2023-40225"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ygb3-7kb1-tqbc"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82941?format=json","vulnerability_id":"VCID-31wf-mpnt-dycm","summary":"haproxy: Out-of-bounds read in dns.c:dns_validate_dns_response() allows for memory disclosure","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20102.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20102.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20102","reference_id":"","reference_type":"","scores":[{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09068","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09312","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09211","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09235","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09074","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09126","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09046","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09156","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09157","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09124","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.0911","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09005","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.08985","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09141","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09183","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09128","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09098","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09012","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09177","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09248","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20102"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20102","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20102"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1658874","reference_id":"1658874","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1658874"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916308","reference_id":"916308","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916308"},{"reference_url":"https://security.archlinux.org/ASA-201901-15","reference_id":"ASA-201901-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201901-15"},{"reference_url":"https://security.archlinux.org/AVG-836","reference_id":"AVG-836","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-836"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0547","reference_id":"RHSA-2019:0547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0547"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1436","reference_id":"RHSA-2019:1436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1436"},{"reference_url":"https://usn.ubuntu.com/3858-1/","reference_id":"USN-3858-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3858-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037923?format=json","purl":"pkg:deb/debian/haproxy@1.8.19-1%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zm3-vw55-k3af"},{"vulnerability":"VCID-4zyf-tsw1-8bfv"},{"vulnerability":"VCID-5q7p-8nxf-sfem"},{"vulnerability":"VCID-93ba-zj92-zqf1"},{"vulnerability":"VCID-9gwz-6dnd-r7fj"},{"vulnerability":"VCID-a7s4-6k62-3qh2"},{"vulnerability":"VCID-atwp-g4uy-3qgg"},{"vulnerability":"VCID-bb8w-k2e1-xbht"},{"vulnerability":"VCID-jz63-5mba-3qbx"},{"vulnerability":"VCID-mrdn-6cwg-j3h8"},{"vulnerability":"VCID-s86j-egny-77cu"},{"vulnerability":"VCID-sy71-5m1g-2yav"},{"vulnerability":"VCID-w1we-d8uq-s3hh"},{"vulnerability":"VCID-ygb3-7kb1-tqbc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@1.8.19-1%252Bdeb10u3"}],"aliases":["CVE-2018-20102"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-31wf-mpnt-dycm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82942?format=json","vulnerability_id":"VCID-48er-rqvk-nyhg","summary":"haproxy: Infinite recursion via crafted packet allows stack exhaustion and denial of service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20103.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20103.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20103","reference_id":"","reference_type":"","scores":[{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27737","published_at":"2026-04-01T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.2726","published_at":"2026-05-14T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27169","published_at":"2026-05-11T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27183","published_at":"2026-05-12T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27774","published_at":"2026-04-02T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27813","published_at":"2026-04-04T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27605","published_at":"2026-04-07T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27671","published_at":"2026-04-08T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27715","published_at":"2026-04-09T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27719","published_at":"2026-04-11T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27676","published_at":"2026-04-12T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27617","published_at":"2026-04-13T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27626","published_at":"2026-04-16T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.276","published_at":"2026-04-18T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27562","published_at":"2026-04-21T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27522","published_at":"2026-04-24T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27416","published_at":"2026-04-26T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27338","published_at":"2026-04-29T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.2717","published_at":"2026-05-05T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27232","published_at":"2026-05-07T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27252","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20103"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20103","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20103"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1658876","reference_id":"1658876","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1658876"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916307","reference_id":"916307","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916307"},{"reference_url":"https://security.archlinux.org/ASA-201901-15","reference_id":"ASA-201901-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201901-15"},{"reference_url":"https://security.archlinux.org/AVG-836","reference_id":"AVG-836","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-836"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1436","reference_id":"RHSA-2019:1436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1436"},{"reference_url":"https://usn.ubuntu.com/3858-1/","reference_id":"USN-3858-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3858-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037923?format=json","purl":"pkg:deb/debian/haproxy@1.8.19-1%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zm3-vw55-k3af"},{"vulnerability":"VCID-4zyf-tsw1-8bfv"},{"vulnerability":"VCID-5q7p-8nxf-sfem"},{"vulnerability":"VCID-93ba-zj92-zqf1"},{"vulnerability":"VCID-9gwz-6dnd-r7fj"},{"vulnerability":"VCID-a7s4-6k62-3qh2"},{"vulnerability":"VCID-atwp-g4uy-3qgg"},{"vulnerability":"VCID-bb8w-k2e1-xbht"},{"vulnerability":"VCID-jz63-5mba-3qbx"},{"vulnerability":"VCID-mrdn-6cwg-j3h8"},{"vulnerability":"VCID-s86j-egny-77cu"},{"vulnerability":"VCID-sy71-5m1g-2yav"},{"vulnerability":"VCID-w1we-d8uq-s3hh"},{"vulnerability":"VCID-ygb3-7kb1-tqbc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@1.8.19-1%252Bdeb10u3"}],"aliases":["CVE-2018-20103"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-48er-rqvk-nyhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38409?format=json","vulnerability_id":"VCID-4zyf-tsw1-8bfv","summary":"A vulnerability in HAProxy might lead to remote execution of\n    arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19330.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19330.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19330","reference_id":"","reference_type":"","scores":[{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76385","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76389","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76418","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76399","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76432","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76445","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76471","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76449","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76443","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76483","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76488","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76474","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76509","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76515","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76528","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76544","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76562","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.7655","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76567","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76617","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19330"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19330","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19330"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1777584","reference_id":"1777584","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1777584"},{"reference_url":"https://security.gentoo.org/glsa/202004-01","reference_id":"GLSA-202004-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202004-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1287","reference_id":"RHSA-2020:1287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1725","reference_id":"RHSA-2020:1725","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1725"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1936","reference_id":"RHSA-2020:1936","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1936"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2265","reference_id":"RHSA-2020:2265","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2265"},{"reference_url":"https://usn.ubuntu.com/4212-1/","reference_id":"USN-4212-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4212-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037923?format=json","purl":"pkg:deb/debian/haproxy@1.8.19-1%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zm3-vw55-k3af"},{"vulnerability":"VCID-4zyf-tsw1-8bfv"},{"vulnerability":"VCID-5q7p-8nxf-sfem"},{"vulnerability":"VCID-93ba-zj92-zqf1"},{"vulnerability":"VCID-9gwz-6dnd-r7fj"},{"vulnerability":"VCID-a7s4-6k62-3qh2"},{"vulnerability":"VCID-atwp-g4uy-3qgg"},{"vulnerability":"VCID-bb8w-k2e1-xbht"},{"vulnerability":"VCID-jz63-5mba-3qbx"},{"vulnerability":"VCID-mrdn-6cwg-j3h8"},{"vulnerability":"VCID-s86j-egny-77cu"},{"vulnerability":"VCID-sy71-5m1g-2yav"},{"vulnerability":"VCID-w1we-d8uq-s3hh"},{"vulnerability":"VCID-ygb3-7kb1-tqbc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@1.8.19-1%252Bdeb10u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1051816?format=json","purl":"pkg:deb/debian/haproxy@2.2.9-2%2Bdeb11u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zm3-vw55-k3af"},{"vulnerability":"VCID-97wa-uwp2-57gu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@2.2.9-2%252Bdeb11u6"}],"aliases":["CVE-2019-19330"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4zyf-tsw1-8bfv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49894?format=json","vulnerability_id":"VCID-5q7p-8nxf-sfem","summary":"A buffer overflow in HAProxy might allow an attacker to execute\n    arbitrary code.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00002.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00002.html"},{"reference_url":"http://packetstormsecurity.com/files/157323/haproxy-hpack-tbl.c-Out-Of-Bounds-Write.html","reference_id":"","reference_type":"","scores":[],"url":"http://packetstormsecurity.com/files/157323/haproxy-hpack-tbl.c-Out-Of-Bounds-Write.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11100.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11100.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11100","reference_id":"","reference_type":"","scores":[{"value":"0.74791","scoring_system":"epss","scoring_elements":"0.98851","published_at":"2026-04-01T12:55:00Z"},{"value":"0.74791","scoring_system":"epss","scoring_elements":"0.98887","published_at":"2026-05-14T12:55:00Z"},{"value":"0.74791","scoring_system":"epss","scoring_elements":"0.98878","published_at":"2026-05-07T12:55:00Z"},{"value":"0.74791","scoring_system":"epss","scoring_elements":"0.98881","published_at":"2026-05-09T12:55:00Z"},{"value":"0.74791","scoring_system":"epss","scoring_elements":"0.98882","published_at":"2026-05-11T12:55:00Z"},{"value":"0.74791","scoring_system":"epss","scoring_elements":"0.98883","published_at":"2026-05-12T12:55:00Z"},{"value":"0.74791","scoring_system":"epss","scoring_elements":"0.98853","published_at":"2026-04-02T12:55:00Z"},{"value":"0.74791","scoring_system":"epss","scoring_elements":"0.98855","published_at":"2026-04-04T12:55:00Z"},{"value":"0.74791","scoring_system":"epss","scoring_elements":"0.98856","published_at":"2026-04-07T12:55:00Z"},{"value":"0.74791","scoring_system":"epss","scoring_elements":"0.98857","published_at":"2026-04-09T12:55:00Z"},{"value":"0.74791","scoring_system":"epss","scoring_elements":"0.9886","published_at":"2026-04-12T12:55:00Z"},{"value":"0.74791","scoring_system":"epss","scoring_elements":"0.98861","published_at":"2026-04-13T12:55:00Z"},{"value":"0.74791","scoring_system":"epss","scoring_elements":"0.98864","published_at":"2026-04-16T12:55:00Z"},{"value":"0.74791","scoring_system":"epss","scoring_elements":"0.98866","published_at":"2026-04-18T12:55:00Z"},{"value":"0.74791","scoring_system":"epss","scoring_elements":"0.9887","published_at":"2026-04-21T12:55:00Z"},{"value":"0.74791","scoring_system":"epss","scoring_elements":"0.98874","published_at":"2026-04-29T12:55:00Z"},{"value":"0.74791","scoring_system":"epss","scoring_elements":"0.98873","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11100"},{"reference_url":"https://bugzilla.suse.com/show_bug.cgi?id=1168023","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.suse.com/show_bug.cgi?id=1168023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11100","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11100"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=5dfc5d5cd0d2128d77253ead3acf03a421ab5b88","reference_id":"","reference_type":"","scores":[],"url":"https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=5dfc5d5cd0d2128d77253ead3acf03a421ab5b88"},{"reference_url":"https://lists.debian.org/debian-security-announce/2020/msg00052.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-security-announce/2020/msg00052.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/264C7UL3X7L7QE74ZJ557IOUFS3J4QQC/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/264C7UL3X7L7QE74ZJ557IOUFS3J4QQC/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MNW5RZLIX7LOXRLV7WMHX22CI43XSXKW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MNW5RZLIX7LOXRLV7WMHX22CI43XSXKW/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4649","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2020/dsa-4649"},{"reference_url":"https://www.haproxy.org/download/2.1/src/CHANGELOG","reference_id":"","reference_type":"","scores":[],"url":"https://www.haproxy.org/download/2.1/src/CHANGELOG"},{"reference_url":"https://www.mail-archive.com/haproxy%40formilux.org/msg36876.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.mail-archive.com/haproxy%40formilux.org/msg36876.html"},{"reference_url":"http://www.haproxy.org","reference_id":"","reference_type":"","scores":[],"url":"http://www.haproxy.org"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1819111","reference_id":"1819111","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1819111"},{"reference_url":"https://security.archlinux.org/ASA-202004-7","reference_id":"ASA-202004-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202004-7"},{"reference_url":"https://security.archlinux.org/AVG-1124","reference_id":"AVG-1124","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1124"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11100","reference_id":"CVE-2020-11100","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11100"},{"reference_url":"https://security.gentoo.org/glsa/202012-22","reference_id":"GLSA-202012-22","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202012-22"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1287","reference_id":"RHSA-2020:1287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1288","reference_id":"RHSA-2020:1288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1289","reference_id":"RHSA-2020:1289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1290","reference_id":"RHSA-2020:1290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1936","reference_id":"RHSA-2020:1936","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1936"},{"reference_url":"https://usn.ubuntu.com/4321-1/","reference_id":"USN-4321-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4321-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037923?format=json","purl":"pkg:deb/debian/haproxy@1.8.19-1%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zm3-vw55-k3af"},{"vulnerability":"VCID-4zyf-tsw1-8bfv"},{"vulnerability":"VCID-5q7p-8nxf-sfem"},{"vulnerability":"VCID-93ba-zj92-zqf1"},{"vulnerability":"VCID-9gwz-6dnd-r7fj"},{"vulnerability":"VCID-a7s4-6k62-3qh2"},{"vulnerability":"VCID-atwp-g4uy-3qgg"},{"vulnerability":"VCID-bb8w-k2e1-xbht"},{"vulnerability":"VCID-jz63-5mba-3qbx"},{"vulnerability":"VCID-mrdn-6cwg-j3h8"},{"vulnerability":"VCID-s86j-egny-77cu"},{"vulnerability":"VCID-sy71-5m1g-2yav"},{"vulnerability":"VCID-w1we-d8uq-s3hh"},{"vulnerability":"VCID-ygb3-7kb1-tqbc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@1.8.19-1%252Bdeb10u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1051816?format=json","purl":"pkg:deb/debian/haproxy@2.2.9-2%2Bdeb11u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zm3-vw55-k3af"},{"vulnerability":"VCID-97wa-uwp2-57gu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@2.2.9-2%252Bdeb11u6"}],"aliases":["CVE-2020-11100"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5q7p-8nxf-sfem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82892?format=json","vulnerability_id":"VCID-8e1s-dgj6-vyfq","summary":"haproxy: Mishandling of priority flag in short HEADERS frame by HTTP/2 decoder allows for crash","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00018.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00018.html"},{"reference_url":"https://access.redhat.com/errata/RHBA-2019:0327","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHBA-2019:0327"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20615.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20615.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20615","reference_id":"","reference_type":"","scores":[{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34239","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37523","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37213","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37133","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37105","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37705","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.3773","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37609","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.3766","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37673","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37687","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37653","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37625","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37672","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37654","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.3759","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37353","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37334","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37245","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37127","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37194","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20615"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20615","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20615"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.mail-archive.com/haproxy%40formilux.org/msg32304.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.mail-archive.com/haproxy%40formilux.org/msg32304.html"},{"reference_url":"http://www.securityfocus.com/bid/106645","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/106645"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1663060","reference_id":"1663060","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1663060"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:-:*:*:*:*:*:*","reference_id":"cpe:2.3:a:haproxy:haproxy:1.9.0:-:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:-:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev0:*:*:*:*:*:*","reference_id":"cpe:2.3:a:haproxy:haproxy:1.9.0:dev0:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev0:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:haproxy:haproxy:1.9.0:dev1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev10:*:*:*:*:*:*","reference_id":"cpe:2.3:a:haproxy:haproxy:1.9.0:dev10:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev10:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev11:*:*:*:*:*:*","reference_id":"cpe:2.3:a:haproxy:haproxy:1.9.0:dev11:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev11:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:haproxy:haproxy:1.9.0:dev2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:haproxy:haproxy:1.9.0:dev3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:haproxy:haproxy:1.9.0:dev4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev5:*:*:*:*:*:*","reference_id":"cpe:2.3:a:haproxy:haproxy:1.9.0:dev5:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev5:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev6:*:*:*:*:*:*","reference_id":"cpe:2.3:a:haproxy:haproxy:1.9.0:dev6:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev6:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev7:*:*:*:*:*:*","reference_id":"cpe:2.3:a:haproxy:haproxy:1.9.0:dev7:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev7:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev8:*:*:*:*:*:*","reference_id":"cpe:2.3:a:haproxy:haproxy:1.9.0:dev8:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev8:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev9:*:*:*:*:*:*","reference_id":"cpe:2.3:a:haproxy:haproxy:1.9.0:dev9:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haproxy:haproxy:1.9.0:dev9:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20615","reference_id":"CVE-2018-20615","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20615"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0275","reference_id":"RHSA-2019:0275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0547","reference_id":"RHSA-2019:0547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0547"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0548","reference_id":"RHSA-2019:0548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0548"},{"reference_url":"https://usn.ubuntu.com/3858-1/","reference_id":"USN-3858-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3858-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037923?format=json","purl":"pkg:deb/debian/haproxy@1.8.19-1%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zm3-vw55-k3af"},{"vulnerability":"VCID-4zyf-tsw1-8bfv"},{"vulnerability":"VCID-5q7p-8nxf-sfem"},{"vulnerability":"VCID-93ba-zj92-zqf1"},{"vulnerability":"VCID-9gwz-6dnd-r7fj"},{"vulnerability":"VCID-a7s4-6k62-3qh2"},{"vulnerability":"VCID-atwp-g4uy-3qgg"},{"vulnerability":"VCID-bb8w-k2e1-xbht"},{"vulnerability":"VCID-jz63-5mba-3qbx"},{"vulnerability":"VCID-mrdn-6cwg-j3h8"},{"vulnerability":"VCID-s86j-egny-77cu"},{"vulnerability":"VCID-sy71-5m1g-2yav"},{"vulnerability":"VCID-w1we-d8uq-s3hh"},{"vulnerability":"VCID-ygb3-7kb1-tqbc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@1.8.19-1%252Bdeb10u3"}],"aliases":["CVE-2018-20615"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8e1s-dgj6-vyfq"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/haproxy@1.8.19-1%252Bdeb10u3"}