{"url":"http://public2.vulnerablecode.io/api/packages/111303?format=json","purl":"pkg:apk/alpine/suricata@6.0.4-r0?arch=riscv64&distroversion=edge&reponame=community","type":"apk","namespace":"alpine","name":"suricata","version":"6.0.4-r0","qualifiers":{"arch":"riscv64","distroversion":"edge","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"7.0.6-r0","latest_non_vulnerable_version":"8.0.2-r0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208931?format=json","vulnerability_id":"VCID-8e9w-87a5-23gt","summary":"An issue was discovered in Suricata before 6.0.4. It is possible to bypass/evade any HTTP-based signature by faking an RST TCP packet with random TCP options of the md5header from the client side. After the three-way handshake, it's possible to inject an RST ACK with a random TCP md5header option. Then, the client can send an HTTP GET request with a forbidden URL. The server will ignore the RST ACK and send the response HTTP packet for the client's request. These packets will not trigger a Suricata reject action.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45098","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45098"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/111303?format=json","purl":"pkg:apk/alpine/suricata@6.0.4-r0?arch=riscv64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/suricata@6.0.4-r0%3Farch=riscv64&distroversion=edge&reponame=community"}],"aliases":["CVE-2021-45098"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8e9w-87a5-23gt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208655?format=json","vulnerability_id":"VCID-qbq6-7kz5-4ke6","summary":"Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a crafted TCP/IP stack that can send a certain sequence of segments.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37592","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37592"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/111303?format=json","purl":"pkg:apk/alpine/suricata@6.0.4-r0?arch=riscv64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/suricata@6.0.4-r0%3Farch=riscv64&distroversion=edge&reponame=community"}],"aliases":["CVE-2021-37592"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qbq6-7kz5-4ke6"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/suricata@6.0.4-r0%3Farch=riscv64&distroversion=edge&reponame=community"}