{"url":"http://public2.vulnerablecode.io/api/packages/106611?format=json","purl":"pkg:deb/debian/varnish@7.1.1-1?distro=trixie","type":"deb","namespace":"debian","name":"varnish","version":"7.1.1-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"7.1.1-1.1","latest_non_vulnerable_version":"7.7.3-3","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/164728?format=json","vulnerability_id":"VCID-1dk5-q911-a7cd","summary":"In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38150.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38150.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-38150","reference_id":"","reference_type":"","scores":[{"value":"0.00944","scoring_system":"epss","scoring_elements":"0.76729","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-38150"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2117692","reference_id":"2117692","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2117692"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4KVVCIQVINQQ2D7ORNARSYALMJUMP3I/","reference_id":"M4KVVCIQVINQQ2D7ORNARSYALMJUMP3I","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-20T18:02:09Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4KVVCIQVINQQ2D7ORNARSYALMJUMP3I/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TW3X4PEKC5C736SCKE2UG3Y7JWKMD2K6/","reference_id":"TW3X4PEKC5C736SCKE2UG3Y7JWKMD2K6","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-20T18:02:09Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TW3X4PEKC5C736SCKE2UG3Y7JWKMD2K6/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2BUKFICLZBXESLQ3MXMIG3G52RZURFK/","reference_id":"V2BUKFICLZBXESLQ3MXMIG3G52RZURFK","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-20T18:02:09Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2BUKFICLZBXESLQ3MXMIG3G52RZURFK/"},{"reference_url":"https://varnish-cache.org/security/VSV00009.html","reference_id":"VSV00009.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-20T18:02:09Z/"}],"url":"https://varnish-cache.org/security/VSV00009.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/106600?format=json","purl":"pkg:deb/debian/varnish@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/106597?format=json","purl":"pkg:deb/debian/varnish@6.5.1-1%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1weg-s38v-nkh9"},{"vulnerability":"VCID-3dne-w168-ckcb"},{"vulnerability":"VCID-9h7s-uh6r-ckam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@6.5.1-1%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/106611?format=json","purl":"pkg:deb/debian/varnish@7.1.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@7.1.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/106595?format=json","purl":"pkg:deb/debian/varnish@7.1.1-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1weg-s38v-nkh9"},{"vulnerability":"VCID-3dne-w168-ckcb"},{"vulnerability":"VCID-9h7s-uh6r-ckam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@7.1.1-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/106599?format=json","purl":"pkg:deb/debian/varnish@7.7.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@7.7.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/106598?format=json","purl":"pkg:deb/debian/varnish@7.7.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@7.7.3-3%3Fdistro=trixie"}],"aliases":["CVE-2022-38150"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1dk5-q911-a7cd"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/varnish@7.1.1-1%3Fdistro=trixie"}