{"url":"http://public2.vulnerablecode.io/api/packages/137883?format=json","purl":"pkg:generic/curl.se/curl@7.49.1","type":"generic","namespace":"curl.se","name":"curl","version":"7.49.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"8.20.0","latest_non_vulnerable_version":"8.20.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7242?format=json","vulnerability_id":"VCID-18p4-rvxz-pkeu","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22923.json","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22923.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22923","reference_id":"","reference_type":"","scores":[{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.20998","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22923"},{"reference_url":"https://curl.se/docs/CVE-2021-22923.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2021-22923.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1213181","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-19T14:25:07Z/"}],"url":"https://hackerone.com/reports/1213181"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1981438","reference_id":"1981438","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1981438"},{"reference_url":"https://security.archlinux.org/ASA-202107-59","reference_id":"ASA-202107-59","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-59"},{"reference_url":"https://security.archlinux.org/AVG-2194","reference_id":"AVG-2194","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2194"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/","reference_id":"FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-19T14:25:07Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/"},{"reference_url":"https://security.gentoo.org/glsa/202212-01","reference_id":"GLSA-202212-01","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-19T14:25:07Z/"}],"url":"https://security.gentoo.org/glsa/202212-01"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210902-0003/","reference_id":"ntap-20210902-0003","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-19T14:25:07Z/"}],"url":"https://security.netapp.com/advisory/ntap-20210902-0003/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3582","reference_id":"RHSA-2021:3582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3582"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3903","reference_id":"RHSA-2021:3903","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3903"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137934?format=json","purl":"pkg:generic/curl.se/curl@7.78.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-287k-bzqy-n7ag"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3p2z-61gq-muhs"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6ggz-pa5t-77c4"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-7z3h-9pk3-rqct"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-cjyz-fdnv-b3g4"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h4nw-va5b-23ef"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-k5vr-1fmp-sqbw"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-ns58-vmsz-5ued"},{"vulnerability":"VCID-nwvb-d466-4uaa"},{"vulnerability":"VCID-p155-gbtu-abg1"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-razg-yr7y-ukgd"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-tzs5-qzhn-rqbk"},{"vulnerability":"VCID-u1p8-s8vm-3yer"},{"vulnerability":"VCID-urgp-rqyc-sqer"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wbwx-5vg3-uqcd"},{"vulnerability":"VCID-wgur-psum-pbck"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.78.0"}],"aliases":["CVE-2021-22923"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-18p4-rvxz-pkeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65692?format=json","vulnerability_id":"VCID-1a1k-d4ez-ybdu","summary":"When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35252.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35252.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-35252","reference_id":"","reference_type":"","scores":[{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.52551","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-35252"},{"reference_url":"https://curl.se/docs/CVE-2022-35252.html","reference_id":"","reference_type":"","scores":[{"value":"Low","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2022-35252.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1613943","reference_id":"","reference_type":"","scores":[],"url":"https://hackerone.com/reports/1613943"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018831","reference_id":"1018831","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018831"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2120718","reference_id":"2120718","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2120718"},{"reference_url":"https://security.gentoo.org/glsa/202212-01","reference_id":"GLSA-202212-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202212-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8840","reference_id":"RHSA-2022:8840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8841","reference_id":"RHSA-2022:8841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2478","reference_id":"RHSA-2023:2478","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2478"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2963","reference_id":"RHSA-2023:2963","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2963"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0428","reference_id":"RHSA-2024:0428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0428"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137945?format=json","purl":"pkg:generic/curl.se/curl@7.85.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-287k-bzqy-n7ag"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3p2z-61gq-muhs"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6en5-etsd-2bce"},{"vulnerability":"VCID-6ggz-pa5t-77c4"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-85qb-zec7-subc"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-ffmg-djmk-57hn"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h4nw-va5b-23ef"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-k3nv-gf9b-5ua2"},{"vulnerability":"VCID-k5vr-1fmp-sqbw"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-mpuf-pp6z-q3d6"},{"vulnerability":"VCID-ns58-vmsz-5ued"},{"vulnerability":"VCID-nwvb-d466-4uaa"},{"vulnerability":"VCID-p155-gbtu-abg1"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-razg-yr7y-ukgd"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-u1p8-s8vm-3yer"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wgur-psum-pbck"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.85.0"}],"aliases":["CVE-2022-35252"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1a1k-d4ez-ybdu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65666?format=json","vulnerability_id":"VCID-1b5g-9trz-7ufb","summary":"curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9586.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9586.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9586","reference_id":"","reference_type":"","scores":[{"value":"0.01009","scoring_system":"epss","scoring_elements":"0.7743","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9586"},{"reference_url":"https://curl.se/docs/CVE-2016-9586.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2016-9586.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"1.2","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:N/C:N/I:N/A:P"},{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securitytracker.com/id/1037515","reference_id":"1037515","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T21:03:41Z/"}],"url":"http://www.securitytracker.com/id/1037515"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1406712","reference_id":"1406712","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1406712"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848958","reference_id":"848958","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848958"},{"reference_url":"http://www.securityfocus.com/bid/95019","reference_id":"95019","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T21:03:41Z/"}],"url":"http://www.securityfocus.com/bid/95019"},{"reference_url":"https://curl.haxx.se/docs/adv_20161221A.html","reference_id":"adv_20161221A.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T21:03:41Z/"}],"url":"https://curl.haxx.se/docs/adv_20161221A.html"},{"reference_url":"https://security.archlinux.org/ASA-201612-22","reference_id":"ASA-201612-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-22"},{"reference_url":"https://security.archlinux.org/ASA-201701-10","reference_id":"ASA-201701-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-10"},{"reference_url":"https://security.archlinux.org/ASA-201701-11","reference_id":"ASA-201701-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-11"},{"reference_url":"https://security.archlinux.org/ASA-201701-7","reference_id":"ASA-201701-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-7"},{"reference_url":"https://security.archlinux.org/ASA-201701-8","reference_id":"ASA-201701-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-8"},{"reference_url":"https://security.archlinux.org/ASA-201701-9","reference_id":"ASA-201701-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-9"},{"reference_url":"https://security.archlinux.org/AVG-112","reference_id":"AVG-112","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-112"},{"reference_url":"https://security.archlinux.org/AVG-113","reference_id":"AVG-113","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-113"},{"reference_url":"https://security.archlinux.org/AVG-114","reference_id":"AVG-114","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-114"},{"reference_url":"https://security.archlinux.org/AVG-115","reference_id":"AVG-115","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-115"},{"reference_url":"https://security.archlinux.org/AVG-116","reference_id":"AVG-116","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-116"},{"reference_url":"https://security.archlinux.org/AVG-117","reference_id":"AVG-117","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-117"},{"reference_url":"https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16","reference_id":"curl-7_51_0-162-g3ab3c16","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T21:03:41Z/"}],"url":"https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16"},{"reference_url":"https://security.gentoo.org/glsa/201701-47","reference_id":"GLSA-201701-47","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T21:03:41Z/"}],"url":"https://security.gentoo.org/glsa/201701-47"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html","reference_id":"msg00005.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T21:03:41Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html"},{"reference_url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","reference_id":"r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T21:03:41Z/"}],"url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","reference_id":"rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T21:03:41Z/"}],"url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586","reference_id":"show_bug.cgi?id=CVE-2016-9586","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T21:03:41Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137890?format=json","purl":"pkg:generic/curl.se/curl@7.52.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1kpz-55f1-f7dj"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3ws4-1sak-r3ck"},{"vulnerability":"VCID-4hha-2z31-2bf8"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-53st-1j3z-h7by"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5svr-3vv9-mqea"},{"vulnerability":"VCID-5ujs-47hf-g7gj"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6745-tyba-33fa"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7jrx-ykk8-h3gp"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bb6v-z8yg-6fe3"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f8vu-23bb-5ue7"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-k79t-tesa-jfck"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-mh96-gkf1-9uek"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-naac-snjw-qbad"},{"vulnerability":"VCID-p8vk-yf66-wbb7"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-qrnc-7ywu-37cz"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-raxd-4nxj-gkhp"},{"vulnerability":"VCID-rt5e-saz2-j7c9"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-swmn-7ns9-ekg1"},{"vulnerability":"VCID-tcxd-z7f3-kkes"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-tn33-re3r-yfhw"},{"vulnerability":"VCID-uj78-2cgz-zbdb"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w63e-dku9-mqe9"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"},{"vulnerability":"VCID-zg98-v6dj-s7gv"},{"vulnerability":"VCID-zqyj-7rr3-fqew"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.52.0"}],"aliases":["CVE-2016-9586"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1b5g-9trz-7ufb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65724?format=json","vulnerability_id":"VCID-1dw3-33ju-jkbs","summary":"When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0725.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0725.json"},{"reference_url":"https://curl.se/docs/CVE-2025-0725.html","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Low","scoring_system":"cvssv3.1","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T14:33:50Z/"}],"url":"https://curl.se/docs/CVE-2025-0725.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/2956023","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T14:33:50Z/"}],"url":"https://hackerone.com/reports/2956023"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2343899","reference_id":"2343899","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2343899"},{"reference_url":"https://curl.se/docs/CVE-2025-0725.json","reference_id":"CVE-2025-0725.json","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T14:33:50Z/"}],"url":"https://curl.se/docs/CVE-2025-0725.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137970?format=json","purl":"pkg:generic/curl.se/curl@8.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bp56-gy66-mqae"},{"vulnerability":"VCID-ezve-gc2h-qyga"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gux4-dncg-h7a6"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-ns6z-wp2x-fkdq"},{"vulnerability":"VCID-p155-gbtu-abg1"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-t45k-skv6-cfg2"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wgur-psum-pbck"},{"vulnerability":"VCID-y44u-23he-aya8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.12.0"}],"aliases":["CVE-2025-0725"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1dw3-33ju-jkbs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65684?format=json","vulnerability_id":"VCID-1kpz-55f1-f7dj","summary":"curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14618.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14618.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14618","reference_id":"","reference_type":"","scores":[{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.66048","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14618"},{"reference_url":"https://curl.se/docs/CVE-2018-14618.html","reference_id":"","reference_type":"","scores":[{"value":"High","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2018-14618.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securitytracker.com/id/1041605","reference_id":"1041605","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:54:10Z/"}],"url":"http://www.securitytracker.com/id/1041605"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1622707","reference_id":"1622707","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1622707"},{"reference_url":"https://usn.ubuntu.com/3765-1/","reference_id":"3765-1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:54:10Z/"}],"url":"https://usn.ubuntu.com/3765-1/"},{"reference_url":"https://usn.ubuntu.com/3765-2/","reference_id":"3765-2","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:54:10Z/"}],"url":"https://usn.ubuntu.com/3765-2/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908327","reference_id":"908327","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908327"},{"reference_url":"https://curl.haxx.se/docs/CVE-2018-14618.html","reference_id":"CVE-2018-14618.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:54:10Z/"}],"url":"https://curl.haxx.se/docs/CVE-2018-14618.html"},{"reference_url":"https://www.debian.org/security/2018/dsa-4286","reference_id":"dsa-4286","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:54:10Z/"}],"url":"https://www.debian.org/security/2018/dsa-4286"},{"reference_url":"https://security.gentoo.org/glsa/201903-03","reference_id":"GLSA-201903-03","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:54:10Z/"}],"url":"https://security.gentoo.org/glsa/201903-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1880","reference_id":"RHSA-2019:1880","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:54:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:1880"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618","reference_id":"show_bug.cgi?id=CVE-2018-14618","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:54:10Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618"},{"reference_url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014","reference_id":"SNWLID-2018-0014","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:54:10Z/"}],"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf","reference_id":"ssa-436177.pdf","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:54:10Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137907?format=json","purl":"pkg:generic/curl.se/curl@7.61.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3ws4-1sak-r3ck"},{"vulnerability":"VCID-4hha-2z31-2bf8"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bb6v-z8yg-6fe3"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-byzw-xw9s-pkga"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-qrnc-7ywu-37cz"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-tcxd-z7f3-kkes"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-ubnn-z97k-47gw"},{"vulnerability":"VCID-uj78-2cgz-zbdb"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wbwx-5vg3-uqcd"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"},{"vulnerability":"VCID-zg98-v6dj-s7gv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.61.1"}],"aliases":["CVE-2018-14618"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1kpz-55f1-f7dj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7243?format=json","vulnerability_id":"VCID-1m1w-rayk-sffe","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22922.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22922.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22922","reference_id":"","reference_type":"","scores":[{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.347","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22922"},{"reference_url":"https://curl.se/docs/CVE-2021-22922.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2021-22922.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1213175","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:09:24Z/"}],"url":"https://hackerone.com/reports/1213175"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1981435","reference_id":"1981435","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1981435"},{"reference_url":"https://security.archlinux.org/ASA-202107-59","reference_id":"ASA-202107-59","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-59"},{"reference_url":"https://security.archlinux.org/AVG-2194","reference_id":"AVG-2194","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2194"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/","reference_id":"FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:09:24Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/"},{"reference_url":"https://security.gentoo.org/glsa/202212-01","reference_id":"GLSA-202212-01","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:09:24Z/"}],"url":"https://security.gentoo.org/glsa/202212-01"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210902-0003/","reference_id":"ntap-20210902-0003","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:09:24Z/"}],"url":"https://security.netapp.com/advisory/ntap-20210902-0003/"},{"reference_url":"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E","reference_id":"r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:09:24Z/"}],"url":"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E","reference_id":"r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:09:24Z/"}],"url":"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E","reference_id":"rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:09:24Z/"}],"url":"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E","reference_id":"rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:09:24Z/"}],"url":"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3582","reference_id":"RHSA-2021:3582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3582"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3903","reference_id":"RHSA-2021:3903","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3903"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137934?format=json","purl":"pkg:generic/curl.se/curl@7.78.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-287k-bzqy-n7ag"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3p2z-61gq-muhs"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6ggz-pa5t-77c4"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-7z3h-9pk3-rqct"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-cjyz-fdnv-b3g4"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h4nw-va5b-23ef"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-k5vr-1fmp-sqbw"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-ns58-vmsz-5ued"},{"vulnerability":"VCID-nwvb-d466-4uaa"},{"vulnerability":"VCID-p155-gbtu-abg1"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-razg-yr7y-ukgd"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-tzs5-qzhn-rqbk"},{"vulnerability":"VCID-u1p8-s8vm-3yer"},{"vulnerability":"VCID-urgp-rqyc-sqer"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wbwx-5vg3-uqcd"},{"vulnerability":"VCID-wgur-psum-pbck"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.78.0"}],"aliases":["CVE-2021-22922"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1m1w-rayk-sffe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6749?format=json","vulnerability_id":"VCID-1y6d-7vfu-ybb3","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8620.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8620.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8620","reference_id":"","reference_type":"","scores":[{"value":"0.00881","scoring_system":"epss","scoring_elements":"0.75721","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8620"},{"reference_url":"https://curl.se/docs/CVE-2016-8620.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2016-8620.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"1.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securitytracker.com/id/1037192","reference_id":"1037192","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-15T21:04:13Z/"}],"url":"http://www.securitytracker.com/id/1037192"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388382","reference_id":"1388382","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388382"},{"reference_url":"http://www.securityfocus.com/bid/94102","reference_id":"94102","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-15T21:04:13Z/"}],"url":"http://www.securityfocus.com/bid/94102"},{"reference_url":"https://curl.haxx.se/docs/adv_20161102F.html","reference_id":"adv_20161102F.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-15T21:04:13Z/"}],"url":"https://curl.haxx.se/docs/adv_20161102F.html"},{"reference_url":"https://security.archlinux.org/ASA-201611-7","reference_id":"ASA-201611-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-7"},{"reference_url":"https://security.archlinux.org/AVG-60","reference_id":"AVG-60","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-60"},{"reference_url":"https://security.gentoo.org/glsa/201701-47","reference_id":"GLSA-201701-47","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-15T21:04:13Z/"}],"url":"https://security.gentoo.org/glsa/201701-47"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8620","reference_id":"show_bug.cgi?id=CVE-2016-8620","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-15T21:04:13Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8620"},{"reference_url":"https://www.tenable.com/security/tns-2016-21","reference_id":"tns-2016-21","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-15T21:04:13Z/"}],"url":"https://www.tenable.com/security/tns-2016-21"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137889?format=json","purl":"pkg:generic/curl.se/curl@7.51.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1b5g-9trz-7ufb"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1kpz-55f1-f7dj"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3ws4-1sak-r3ck"},{"vulnerability":"VCID-4hha-2z31-2bf8"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5svr-3vv9-mqea"},{"vulnerability":"VCID-5ujs-47hf-g7gj"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6745-tyba-33fa"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7jrx-ykk8-h3gp"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bb6v-z8yg-6fe3"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f8vu-23bb-5ue7"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jf17-h97b-6bak"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-mh96-gkf1-9uek"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-naac-snjw-qbad"},{"vulnerability":"VCID-p8vk-yf66-wbb7"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-qrnc-7ywu-37cz"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-raxd-4nxj-gkhp"},{"vulnerability":"VCID-rt5e-saz2-j7c9"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-swmn-7ns9-ekg1"},{"vulnerability":"VCID-tcxd-z7f3-kkes"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-tn33-re3r-yfhw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"},{"vulnerability":"VCID-z8ex-47nd-47cm"},{"vulnerability":"VCID-zg98-v6dj-s7gv"},{"vulnerability":"VCID-zqyj-7rr3-fqew"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.51.0"}],"aliases":["CVE-2016-8620"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1y6d-7vfu-ybb3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44796?format=json","vulnerability_id":"VCID-1zsv-4jdy-63en","summary":"Improper Authentication\nAn authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27536.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27536.json"},{"reference_url":"https://curl.se/docs/CVE-2023-27536.html","reference_id":"","reference_type":"","scores":[{"value":"Low","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2023-27536.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1895135","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:39:19Z/"}],"url":"https://hackerone.com/reports/1895135"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2179092","reference_id":"2179092","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2179092"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/","reference_id":"36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:39:19Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27536","reference_id":"CVE-2023-27536","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27536"},{"reference_url":"https://security.gentoo.org/glsa/202310-12","reference_id":"GLSA-202310-12","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:39:19Z/"}],"url":"https://security.gentoo.org/glsa/202310-12"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html","reference_id":"msg00025.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:39:19Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230420-0010/","reference_id":"ntap-20230420-0010","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:39:19Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230420-0010/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4523","reference_id":"RHSA-2023:4523","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4523"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6679","reference_id":"RHSA-2023:6679","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6679"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0428","reference_id":"RHSA-2024:0428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0428"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137950?format=json","purl":"pkg:generic/curl.se/curl@8.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3p2z-61gq-muhs"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6en5-etsd-2bce"},{"vulnerability":"VCID-6ggz-pa5t-77c4"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-85qb-zec7-subc"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-ffmg-djmk-57hn"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gux4-dncg-h7a6"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-k3nv-gf9b-5ua2"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-p155-gbtu-abg1"},{"vulnerability":"VCID-razg-yr7y-ukgd"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-u1p8-s8vm-3yer"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wgur-psum-pbck"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.0.0"}],"aliases":["CVE-2023-27536"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1zsv-4jdy-63en"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65730?format=json","vulnerability_id":"VCID-21ff-tazv-9ud3","summary":"When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14524.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14524.json"},{"reference_url":"https://curl.se/docs/CVE-2025-14524.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Low","scoring_system":"cvssv3.1","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-09T19:24:54Z/"}],"url":"https://curl.se/docs/CVE-2025-14524.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/3459417","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-09T19:24:54Z/"}],"url":"https://hackerone.com/reports/3459417"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2426407","reference_id":"2426407","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2426407"},{"reference_url":"https://curl.se/docs/CVE-2025-14524.json","reference_id":"CVE-2025-14524.json","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-09T19:24:54Z/"}],"url":"https://curl.se/docs/CVE-2025-14524.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6893","reference_id":"RHSA-2026:6893","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6893"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137978?format=json","purl":"pkg:generic/curl.se/curl@8.18.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-9vbs-w124-q3au"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fxgf-t3ue-6qhf"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wgur-psum-pbck"},{"vulnerability":"VCID-y44u-23he-aya8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.18.0"}],"aliases":["CVE-2025-14524"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-21ff-tazv-9ud3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106856?format=json","vulnerability_id":"VCID-27bv-f11z-myak","summary":"curl: CURLOPT_SSLCERT mixup with Secure Transport","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22926.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22926.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22926","reference_id":"","reference_type":"","scores":[{"value":"0.00657","scoring_system":"epss","scoring_elements":"0.71416","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22926"},{"reference_url":"https://curl.se/docs/CVE-2021-22926.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2021-22926.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1234760","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:49:01Z/"}],"url":"https://hackerone.com/reports/1234760"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2016088","reference_id":"2016088","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2016088"},{"reference_url":"https://security.gentoo.org/glsa/202212-01","reference_id":"GLSA-202212-01","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:49:01Z/"}],"url":"https://security.gentoo.org/glsa/202212-01"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210902-0003/","reference_id":"ntap-20210902-0003","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:49:01Z/"}],"url":"https://security.netapp.com/advisory/ntap-20210902-0003/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211022-0003/","reference_id":"ntap-20211022-0003","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:49:01Z/"}],"url":"https://security.netapp.com/advisory/ntap-20211022-0003/"},{"reference_url":"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E","reference_id":"r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:49:01Z/"}],"url":"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E","reference_id":"r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:49:01Z/"}],"url":"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E","reference_id":"rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:49:01Z/"}],"url":"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E","reference_id":"rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:49:01Z/"}],"url":"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137934?format=json","purl":"pkg:generic/curl.se/curl@7.78.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-287k-bzqy-n7ag"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3p2z-61gq-muhs"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6ggz-pa5t-77c4"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-7z3h-9pk3-rqct"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-cjyz-fdnv-b3g4"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h4nw-va5b-23ef"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-k5vr-1fmp-sqbw"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-ns58-vmsz-5ued"},{"vulnerability":"VCID-nwvb-d466-4uaa"},{"vulnerability":"VCID-p155-gbtu-abg1"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-razg-yr7y-ukgd"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-tzs5-qzhn-rqbk"},{"vulnerability":"VCID-u1p8-s8vm-3yer"},{"vulnerability":"VCID-urgp-rqyc-sqer"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wbwx-5vg3-uqcd"},{"vulnerability":"VCID-wgur-psum-pbck"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.78.0"}],"aliases":["CVE-2021-22926"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-27bv-f11z-myak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65106?format=json","vulnerability_id":"VCID-39qh-jayw-g3dh","summary":"curl: curl: Authentication bypass due to incorrect connection reuse with Negotiate authentication","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1965.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1965.json"},{"reference_url":"https://curl.se/docs/CVE-2026-1965.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:31:56Z/"}],"url":"https://curl.se/docs/CVE-2026-1965.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2446448","reference_id":"2446448","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2446448"},{"reference_url":"https://curl.se/docs/CVE-2026-1965.json","reference_id":"CVE-2026-1965.json","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:31:56Z/"}],"url":"https://curl.se/docs/CVE-2026-1965.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6893","reference_id":"RHSA-2026:6893","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6893"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137979?format=json","purl":"pkg:generic/curl.se/curl@8.19.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-9vbs-w124-q3au"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wgur-psum-pbck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.19.0"}],"aliases":["CVE-2026-1965"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-39qh-jayw-g3dh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6153?format=json","vulnerability_id":"VCID-3ws4-1sak-r3ck","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16890.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16890.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16890","reference_id":"","reference_type":"","scores":[{"value":"0.01204","scoring_system":"epss","scoring_elements":"0.79272","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16890"},{"reference_url":"https://curl.se/docs/CVE-2018-16890.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2018-16890.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securityfocus.com/bid/106947","reference_id":"106947","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:53:28Z/"}],"url":"http://www.securityfocus.com/bid/106947"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1670252","reference_id":"1670252","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1670252"},{"reference_url":"https://usn.ubuntu.com/3882-1/","reference_id":"3882-1","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:53:28Z/"}],"url":"https://usn.ubuntu.com/3882-1/"},{"reference_url":"https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E","reference_id":"8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:53:28Z/"}],"url":"https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E"},{"reference_url":"https://security.archlinux.org/ASA-201902-10","reference_id":"ASA-201902-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201902-10"},{"reference_url":"https://security.archlinux.org/ASA-201902-11","reference_id":"ASA-201902-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201902-11"},{"reference_url":"https://security.archlinux.org/ASA-201902-12","reference_id":"ASA-201902-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201902-12"},{"reference_url":"https://security.archlinux.org/ASA-201902-13","reference_id":"ASA-201902-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201902-13"},{"reference_url":"https://security.archlinux.org/ASA-201902-9","reference_id":"ASA-201902-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201902-9"},{"reference_url":"https://security.archlinux.org/AVG-873","reference_id":"AVG-873","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-873"},{"reference_url":"https://security.archlinux.org/AVG-874","reference_id":"AVG-874","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-874"},{"reference_url":"https://security.archlinux.org/AVG-875","reference_id":"AVG-875","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-875"},{"reference_url":"https://security.archlinux.org/AVG-876","reference_id":"AVG-876","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-876"},{"reference_url":"https://security.archlinux.org/AVG-877","reference_id":"AVG-877","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-877"},{"reference_url":"https://curl.haxx.se/docs/CVE-2018-16890.html","reference_id":"CVE-2018-16890.html","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:53:28Z/"}],"url":"https://curl.haxx.se/docs/CVE-2018-16890.html"},{"reference_url":"https://www.debian.org/security/2019/dsa-4386","reference_id":"dsa-4386","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:53:28Z/"}],"url":"https://www.debian.org/security/2019/dsa-4386"},{"reference_url":"https://support.f5.com/csp/article/K03314397?utm_source=f5support&amp%3Butm_medium=RSS","reference_id":"K03314397?utm_source=f5support&amp%3Butm_medium=RSS","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:53:28Z/"}],"url":"https://support.f5.com/csp/article/K03314397?utm_source=f5support&amp%3Butm_medium=RSS"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190315-0001/","reference_id":"ntap-20190315-0001","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:53:28Z/"}],"url":"https://security.netapp.com/advisory/ntap-20190315-0001/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3701","reference_id":"RHSA-2019:3701","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:53:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:3701"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890","reference_id":"show_bug.cgi?id=CVE-2018-16890","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:53:28Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf","reference_id":"ssa-436177.pdf","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:53:28Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137911?format=json","purl":"pkg:generic/curl.se/curl@7.64.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-byzw-xw9s-pkga"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-fp66-fzqt-6yg7"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kn6z-caj8-bbc9"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-tcxd-z7f3-kkes"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-uj78-2cgz-zbdb"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wbwx-5vg3-uqcd"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xc5k-47n9-43d6"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.64.0"}],"aliases":["CVE-2018-16890"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ws4-1sak-r3ck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6217?format=json","vulnerability_id":"VCID-4hha-2z31-2bf8","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16839.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16839.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16839","reference_id":"","reference_type":"","scores":[{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57384","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16839"},{"reference_url":"https://curl.se/docs/CVE-2018-16839.html","reference_id":"","reference_type":"","scores":[{"value":"Low","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2018-16839.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16839"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securitytracker.com/id/1042012","reference_id":"1042012","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:57:02Z/"}],"url":"http://www.securitytracker.com/id/1042012"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1642201","reference_id":"1642201","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1642201"},{"reference_url":"https://usn.ubuntu.com/3805-1/","reference_id":"3805-1","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:57:02Z/"}],"url":"https://usn.ubuntu.com/3805-1/"},{"reference_url":"https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E","reference_id":"8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:57:02Z/"}],"url":"https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E"},{"reference_url":"https://security.archlinux.org/ASA-201811-7","reference_id":"ASA-201811-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201811-7"},{"reference_url":"https://security.archlinux.org/ASA-201811-8","reference_id":"ASA-201811-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201811-8"},{"reference_url":"https://security.archlinux.org/ASA-201811-9","reference_id":"ASA-201811-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201811-9"},{"reference_url":"https://security.archlinux.org/AVG-796","reference_id":"AVG-796","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-796"},{"reference_url":"https://security.archlinux.org/AVG-797","reference_id":"AVG-797","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-797"},{"reference_url":"https://security.archlinux.org/AVG-798","reference_id":"AVG-798","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-798"},{"reference_url":"https://curl.haxx.se/docs/CVE-2018-16839.html","reference_id":"CVE-2018-16839.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:57:02Z/"}],"url":"https://curl.haxx.se/docs/CVE-2018-16839.html"},{"reference_url":"https://www.debian.org/security/2018/dsa-4331","reference_id":"dsa-4331","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:57:02Z/"}],"url":"https://www.debian.org/security/2018/dsa-4331"},{"reference_url":"https://github.com/curl/curl/commit/f3a24d7916b9173c69a3e0ee790102993833d6c5","reference_id":"f3a24d7916b9173c69a3e0ee790102993833d6c5","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:57:02Z/"}],"url":"https://github.com/curl/curl/commit/f3a24d7916b9173c69a3e0ee790102993833d6c5"},{"reference_url":"https://security.gentoo.org/glsa/201903-03","reference_id":"GLSA-201903-03","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:57:02Z/"}],"url":"https://security.gentoo.org/glsa/201903-03"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html","reference_id":"msg00005.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:57:02Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16839","reference_id":"show_bug.cgi?id=CVE-2018-16839","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:57:02Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16839"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137908?format=json","purl":"pkg:generic/curl.se/curl@7.62.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3ws4-1sak-r3ck"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bb6v-z8yg-6fe3"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-byzw-xw9s-pkga"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-fp66-fzqt-6yg7"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-qrnc-7ywu-37cz"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-tcxd-z7f3-kkes"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-uj78-2cgz-zbdb"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wbwx-5vg3-uqcd"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xc5k-47n9-43d6"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.62.0"}],"aliases":["CVE-2018-16839"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4hha-2z31-2bf8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65687?format=json","vulnerability_id":"VCID-4zcd-rbx3-qye5","summary":"Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5482.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5482.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5482","reference_id":"","reference_type":"","scores":[{"value":"0.09715","scoring_system":"epss","scoring_elements":"0.93078","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5482"},{"reference_url":"https://curl.se/docs/CVE-2019-5482.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2019-5482.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/684603","reference_id":"","reference_type":"","scores":[],"url":"https://hackerone.com/reports/684603"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1749652","reference_id":"1749652","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1749652"},{"reference_url":"https://seclists.org/bugtraq/2020/Feb/36","reference_id":"36","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:55:46Z/"}],"url":"https://seclists.org/bugtraq/2020/Feb/36"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/","reference_id":"6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:55:46Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940010","reference_id":"940010","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940010"},{"reference_url":"https://security.archlinux.org/AVG-1982","reference_id":"AVG-1982","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1982"},{"reference_url":"https://curl.haxx.se/docs/CVE-2019-5482.html","reference_id":"CVE-2019-5482.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:55:46Z/"}],"url":"https://curl.haxx.se/docs/CVE-2019-5482.html"},{"reference_url":"https://www.debian.org/security/2020/dsa-4633","reference_id":"dsa-4633","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:55:46Z/"}],"url":"https://www.debian.org/security/2020/dsa-4633"},{"reference_url":"https://security.gentoo.org/glsa/202003-29","reference_id":"GLSA-202003-29","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:55:46Z/"}],"url":"https://security.gentoo.org/glsa/202003-29"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html","reference_id":"msg00048.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:55:46Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html","reference_id":"msg00055.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:55:46Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20191004-0003/","reference_id":"ntap-20191004-0003","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:55:46Z/"}],"url":"https://security.netapp.com/advisory/ntap-20191004-0003/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200416-0003/","reference_id":"ntap-20200416-0003","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:55:46Z/"}],"url":"https://security.netapp.com/advisory/ntap-20200416-0003/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/","reference_id":"RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:55:46Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0250","reference_id":"RHSA-2020:0250","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0250"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1792","reference_id":"RHSA-2020:1792","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1792"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3916","reference_id":"RHSA-2020:3916","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3916"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0759","reference_id":"RHSA-2021:0759","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0759"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0877","reference_id":"RHSA-2021:0877","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0877"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0949","reference_id":"RHSA-2021:0949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1027","reference_id":"RHSA-2021:1027","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1027"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/","reference_id":"UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:55:46Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137917?format=json","purl":"pkg:generic/curl.se/curl@7.66.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-byzw-xw9s-pkga"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-fp66-fzqt-6yg7"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kn6z-caj8-bbc9"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-urgp-rqyc-sqer"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wbwx-5vg3-uqcd"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.66.0"}],"aliases":["CVE-2019-5482"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4zcd-rbx3-qye5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6748?format=json","vulnerability_id":"VCID-51ac-1jc2-vfed","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8622.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8622.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8622","reference_id":"","reference_type":"","scores":[{"value":"0.0185","scoring_system":"epss","scoring_elements":"0.83349","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8622"},{"reference_url":"https://curl.se/docs/CVE-2016-8622.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2016-8622.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securitytracker.com/id/1037192","reference_id":"1037192","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:54:47Z/"}],"url":"http://www.securitytracker.com/id/1037192"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388386","reference_id":"1388386","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388386"},{"reference_url":"http://www.securityfocus.com/bid/94105","reference_id":"94105","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:54:47Z/"}],"url":"http://www.securityfocus.com/bid/94105"},{"reference_url":"https://curl.haxx.se/docs/adv_20161102H.html","reference_id":"adv_20161102H.html","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:54:47Z/"}],"url":"https://curl.haxx.se/docs/adv_20161102H.html"},{"reference_url":"https://security.archlinux.org/ASA-201611-7","reference_id":"ASA-201611-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-7"},{"reference_url":"https://security.archlinux.org/ASA-201611-8","reference_id":"ASA-201611-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-8"},{"reference_url":"https://security.archlinux.org/ASA-201611-9","reference_id":"ASA-201611-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-9"},{"reference_url":"https://security.archlinux.org/AVG-60","reference_id":"AVG-60","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-60"},{"reference_url":"https://security.archlinux.org/AVG-62","reference_id":"AVG-62","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-62"},{"reference_url":"https://security.archlinux.org/AVG-65","reference_id":"AVG-65","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-65"},{"reference_url":"https://security.gentoo.org/glsa/201701-47","reference_id":"GLSA-201701-47","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:54:47Z/"}],"url":"https://security.gentoo.org/glsa/201701-47"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8622","reference_id":"show_bug.cgi?id=CVE-2016-8622","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:54:47Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8622"},{"reference_url":"https://www.tenable.com/security/tns-2016-21","reference_id":"tns-2016-21","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:54:47Z/"}],"url":"https://www.tenable.com/security/tns-2016-21"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137889?format=json","purl":"pkg:generic/curl.se/curl@7.51.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1b5g-9trz-7ufb"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1kpz-55f1-f7dj"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3ws4-1sak-r3ck"},{"vulnerability":"VCID-4hha-2z31-2bf8"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5svr-3vv9-mqea"},{"vulnerability":"VCID-5ujs-47hf-g7gj"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6745-tyba-33fa"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7jrx-ykk8-h3gp"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bb6v-z8yg-6fe3"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f8vu-23bb-5ue7"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jf17-h97b-6bak"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-mh96-gkf1-9uek"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-naac-snjw-qbad"},{"vulnerability":"VCID-p8vk-yf66-wbb7"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-qrnc-7ywu-37cz"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-raxd-4nxj-gkhp"},{"vulnerability":"VCID-rt5e-saz2-j7c9"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-swmn-7ns9-ekg1"},{"vulnerability":"VCID-tcxd-z7f3-kkes"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-tn33-re3r-yfhw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"},{"vulnerability":"VCID-z8ex-47nd-47cm"},{"vulnerability":"VCID-zg98-v6dj-s7gv"},{"vulnerability":"VCID-zqyj-7rr3-fqew"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.51.0"}],"aliases":["CVE-2016-8622"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-51ac-1jc2-vfed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65685?format=json","vulnerability_id":"VCID-58p5-pfy3-xug1","summary":"A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl \"engine\") on invocation. If that curl is invoked by a privileged user it can do anything it wants.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5443.json","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5443.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5443","reference_id":"","reference_type":"","scores":[{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.7677","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5443"},{"reference_url":"https://curl.se/docs/CVE-2019-5443.html","reference_id":"","reference_type":"","scores":[{"value":"High","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2019-5443.html"},{"reference_url":"https://hackerone.com/reports/608577","reference_id":"","reference_type":"","scores":[],"url":"https://hackerone.com/reports/608577"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1772100","reference_id":"1772100","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1772100"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137917?format=json","purl":"pkg:generic/curl.se/curl@7.66.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-byzw-xw9s-pkga"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-fp66-fzqt-6yg7"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kn6z-caj8-bbc9"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-urgp-rqyc-sqer"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wbwx-5vg3-uqcd"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.66.0"}],"aliases":["CVE-2019-5443"],"risk_score":3.8,"exploitability":"0.5","weighted_severity":"7.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-58p5-pfy3-xug1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65671?format=json","vulnerability_id":"VCID-5svr-3vv9-mqea","summary":"When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000100.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000100.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000100","reference_id":"","reference_type":"","scores":[{"value":"0.00618","scoring_system":"epss","scoring_elements":"0.70342","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000100"},{"reference_url":"https://curl.se/docs/CVE-2017-1000100.html","reference_id":"","reference_type":"","scores":[{"value":"High","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2017-1000100.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000101","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000101"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"1.5","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:S/C:P/I:N/A:N"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securityfocus.com/bid/100286","reference_id":"100286","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:34:47Z/"}],"url":"http://www.securityfocus.com/bid/100286"},{"reference_url":"http://www.securitytracker.com/id/1039118","reference_id":"1039118","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:34:47Z/"}],"url":"http://www.securitytracker.com/id/1039118"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1478310","reference_id":"1478310","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1478310"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871555","reference_id":"871555","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871555"},{"reference_url":"https://curl.haxx.se/docs/adv_20170809B.html","reference_id":"adv_20170809B.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:34:47Z/"}],"url":"https://curl.haxx.se/docs/adv_20170809B.html"},{"reference_url":"https://security.archlinux.org/ASA-201708-16","reference_id":"ASA-201708-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-16"},{"reference_url":"https://security.archlinux.org/ASA-201710-3","reference_id":"ASA-201710-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-3"},{"reference_url":"https://security.archlinux.org/ASA-201710-4","reference_id":"ASA-201710-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-4"},{"reference_url":"https://security.archlinux.org/ASA-201710-5","reference_id":"ASA-201710-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-5"},{"reference_url":"https://security.archlinux.org/ASA-201710-6","reference_id":"ASA-201710-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-6"},{"reference_url":"https://security.archlinux.org/ASA-201710-7","reference_id":"ASA-201710-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-7"},{"reference_url":"https://security.archlinux.org/AVG-370","reference_id":"AVG-370","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-370"},{"reference_url":"https://security.archlinux.org/AVG-371","reference_id":"AVG-371","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-371"},{"reference_url":"https://security.archlinux.org/AVG-386","reference_id":"AVG-386","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-386"},{"reference_url":"https://security.archlinux.org/AVG-387","reference_id":"AVG-387","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-387"},{"reference_url":"https://security.archlinux.org/AVG-388","reference_id":"AVG-388","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-388"},{"reference_url":"https://security.archlinux.org/AVG-389","reference_id":"AVG-389","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-389"},{"reference_url":"http://www.debian.org/security/2017/dsa-3992","reference_id":"dsa-3992","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:34:47Z/"}],"url":"http://www.debian.org/security/2017/dsa-3992"},{"reference_url":"https://security.gentoo.org/glsa/201709-14","reference_id":"GLSA-201709-14","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:34:47Z/"}],"url":"https://security.gentoo.org/glsa/201709-14"},{"reference_url":"https://support.apple.com/HT208221","reference_id":"HT208221","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:34:47Z/"}],"url":"https://support.apple.com/HT208221"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137897?format=json","purl":"pkg:generic/curl.se/curl@7.55.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1kpz-55f1-f7dj"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3ws4-1sak-r3ck"},{"vulnerability":"VCID-4hha-2z31-2bf8"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5ujs-47hf-g7gj"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6745-tyba-33fa"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7jrx-ykk8-h3gp"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bb6v-z8yg-6fe3"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f8vu-23bb-5ue7"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kae8-wmf2-2kf1"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-naac-snjw-qbad"},{"vulnerability":"VCID-p7mn-a632-c3ag"},{"vulnerability":"VCID-p8vk-yf66-wbb7"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-qrnc-7ywu-37cz"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-raxd-4nxj-gkhp"},{"vulnerability":"VCID-rt5e-saz2-j7c9"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-swmn-7ns9-ekg1"},{"vulnerability":"VCID-tcxd-z7f3-kkes"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-tn33-re3r-yfhw"},{"vulnerability":"VCID-uj78-2cgz-zbdb"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"},{"vulnerability":"VCID-zg98-v6dj-s7gv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.55.0"}],"aliases":["CVE-2017-1000100"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5svr-3vv9-mqea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65683?format=json","vulnerability_id":"VCID-5ujs-47hf-g7gj","summary":"A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000122.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000122.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000122","reference_id":"","reference_type":"","scores":[{"value":"0.01639","scoring_system":"epss","scoring_elements":"0.82277","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000122"},{"reference_url":"https://curl.se/docs/CVE-2018-1000122.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2018-1000122.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000120","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000120"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000121","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000121"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000122"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1553398","reference_id":"1553398","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1553398"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893546","reference_id":"893546","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893546"},{"reference_url":"https://security.archlinux.org/ASA-201803-15","reference_id":"ASA-201803-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-15"},{"reference_url":"https://security.archlinux.org/ASA-201803-16","reference_id":"ASA-201803-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-16"},{"reference_url":"https://security.archlinux.org/ASA-201803-17","reference_id":"ASA-201803-17","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-17"},{"reference_url":"https://security.archlinux.org/ASA-201803-18","reference_id":"ASA-201803-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-18"},{"reference_url":"https://security.archlinux.org/ASA-201803-19","reference_id":"ASA-201803-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-19"},{"reference_url":"https://security.archlinux.org/ASA-201803-20","reference_id":"ASA-201803-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-20"},{"reference_url":"https://security.archlinux.org/AVG-653","reference_id":"AVG-653","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-653"},{"reference_url":"https://security.archlinux.org/AVG-654","reference_id":"AVG-654","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-654"},{"reference_url":"https://security.archlinux.org/AVG-655","reference_id":"AVG-655","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-655"},{"reference_url":"https://security.archlinux.org/AVG-656","reference_id":"AVG-656","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-656"},{"reference_url":"https://security.archlinux.org/AVG-660","reference_id":"AVG-660","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-660"},{"reference_url":"https://security.archlinux.org/AVG-661","reference_id":"AVG-661","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-661"},{"reference_url":"https://security.gentoo.org/glsa/201804-04","reference_id":"GLSA-201804-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201804-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137904?format=json","purl":"pkg:generic/curl.se/curl@7.59.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1kpz-55f1-f7dj"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3ws4-1sak-r3ck"},{"vulnerability":"VCID-4hha-2z31-2bf8"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6745-tyba-33fa"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bb6v-z8yg-6fe3"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kae8-wmf2-2kf1"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-p7mn-a632-c3ag"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-qrnc-7ywu-37cz"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-tcxd-z7f3-kkes"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-ubnn-z97k-47gw"},{"vulnerability":"VCID-uj78-2cgz-zbdb"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wbwx-5vg3-uqcd"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"},{"vulnerability":"VCID-zg98-v6dj-s7gv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.59.0"}],"aliases":["CVE-2018-1000122"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5ujs-47hf-g7gj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61672?format=json","vulnerability_id":"VCID-5un8-xymy-37bt","summary":"curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5773.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5773.json"},{"reference_url":"https://curl.se/docs/CVE-2026-5773.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Low","scoring_system":"cvssv3.1","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:45:00Z/"}],"url":"https://curl.se/docs/CVE-2026-5773.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/3650689","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:45:00Z/"}],"url":"https://hackerone.com/reports/3650689"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461201","reference_id":"2461201","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461201"},{"reference_url":"https://curl.se/docs/CVE-2026-5773.json","reference_id":"CVE-2026-5773.json","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:45:00Z/"}],"url":"https://curl.se/docs/CVE-2026-5773.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12916","reference_id":"RHSA-2026:12916","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12916"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137980?format=json","purl":"pkg:generic/curl.se/curl@8.20.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.20.0"}],"aliases":["CVE-2026-5773"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5un8-xymy-37bt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6747?format=json","vulnerability_id":"VCID-5xjw-u8ad-n3g5","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8615.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8615.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8615","reference_id":"","reference_type":"","scores":[{"value":"0.04293","scoring_system":"epss","scoring_elements":"0.89048","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8615"},{"reference_url":"https://curl.se/docs/CVE-2016-8615.html","reference_id":"","reference_type":"","scores":[{"value":"High","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2016-8615.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securitytracker.com/id/1037192","reference_id":"1037192","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:35:21Z/"}],"url":"http://www.securitytracker.com/id/1037192"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388370","reference_id":"1388370","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388370"},{"reference_url":"http://www.securityfocus.com/bid/94096","reference_id":"94096","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:35:21Z/"}],"url":"http://www.securityfocus.com/bid/94096"},{"reference_url":"https://curl.haxx.se/docs/adv_20161102A.html","reference_id":"adv_20161102A.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:35:21Z/"}],"url":"https://curl.haxx.se/docs/adv_20161102A.html"},{"reference_url":"https://security.archlinux.org/ASA-201611-10","reference_id":"ASA-201611-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-10"},{"reference_url":"https://security.archlinux.org/ASA-201611-4","reference_id":"ASA-201611-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-4"},{"reference_url":"https://security.archlinux.org/ASA-201611-5","reference_id":"ASA-201611-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-5"},{"reference_url":"https://security.archlinux.org/ASA-201611-7","reference_id":"ASA-201611-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-7"},{"reference_url":"https://security.archlinux.org/ASA-201611-8","reference_id":"ASA-201611-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-8"},{"reference_url":"https://security.archlinux.org/ASA-201611-9","reference_id":"ASA-201611-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-9"},{"reference_url":"https://security.archlinux.org/AVG-60","reference_id":"AVG-60","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-60"},{"reference_url":"https://security.archlinux.org/AVG-61","reference_id":"AVG-61","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-61"},{"reference_url":"https://security.archlinux.org/AVG-62","reference_id":"AVG-62","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-62"},{"reference_url":"https://security.archlinux.org/AVG-63","reference_id":"AVG-63","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-63"},{"reference_url":"https://security.archlinux.org/AVG-65","reference_id":"AVG-65","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-65"},{"reference_url":"https://security.archlinux.org/AVG-66","reference_id":"AVG-66","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-66"},{"reference_url":"https://curl.haxx.se/CVE-2016-8615.patch","reference_id":"CVE-2016-8615.patch","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:35:21Z/"}],"url":"https://curl.haxx.se/CVE-2016-8615.patch"},{"reference_url":"https://security.gentoo.org/glsa/201701-47","reference_id":"GLSA-201701-47","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:35:21Z/"}],"url":"https://security.gentoo.org/glsa/201701-47"},{"reference_url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","reference_id":"r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:35:21Z/"}],"url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","reference_id":"rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:35:21Z/"}],"url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8615","reference_id":"show_bug.cgi?id=CVE-2016-8615","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:35:21Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8615"},{"reference_url":"https://www.tenable.com/security/tns-2016-21","reference_id":"tns-2016-21","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:35:21Z/"}],"url":"https://www.tenable.com/security/tns-2016-21"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137889?format=json","purl":"pkg:generic/curl.se/curl@7.51.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1b5g-9trz-7ufb"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1kpz-55f1-f7dj"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3ws4-1sak-r3ck"},{"vulnerability":"VCID-4hha-2z31-2bf8"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5svr-3vv9-mqea"},{"vulnerability":"VCID-5ujs-47hf-g7gj"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6745-tyba-33fa"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7jrx-ykk8-h3gp"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bb6v-z8yg-6fe3"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f8vu-23bb-5ue7"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jf17-h97b-6bak"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-mh96-gkf1-9uek"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-naac-snjw-qbad"},{"vulnerability":"VCID-p8vk-yf66-wbb7"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-qrnc-7ywu-37cz"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-raxd-4nxj-gkhp"},{"vulnerability":"VCID-rt5e-saz2-j7c9"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-swmn-7ns9-ekg1"},{"vulnerability":"VCID-tcxd-z7f3-kkes"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-tn33-re3r-yfhw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"},{"vulnerability":"VCID-z8ex-47nd-47cm"},{"vulnerability":"VCID-zg98-v6dj-s7gv"},{"vulnerability":"VCID-zqyj-7rr3-fqew"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.51.0"}],"aliases":["CVE-2016-8615"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5xjw-u8ad-n3g5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4268?format=json","vulnerability_id":"VCID-6745-tyba-33fa","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000301.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000301.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000301","reference_id":"","reference_type":"","scores":[{"value":"0.02845","scoring_system":"epss","scoring_elements":"0.86486","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000301"},{"reference_url":"https://curl.se/docs/CVE-2018-1000301.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2018-1000301.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000301"},{"reference_url":"http://www.securitytracker.com/id/1040931","reference_id":"1040931","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:58:33Z/"}],"url":"http://www.securitytracker.com/id/1040931"},{"reference_url":"http://www.securityfocus.com/bid/104225","reference_id":"104225","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:58:33Z/"}],"url":"http://www.securityfocus.com/bid/104225"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1575536","reference_id":"1575536","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1575536"},{"reference_url":"https://usn.ubuntu.com/3648-1/","reference_id":"3648-1","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:58:33Z/"}],"url":"https://usn.ubuntu.com/3648-1/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898856","reference_id":"898856","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898856"},{"reference_url":"https://curl.haxx.se/docs/adv_2018-b138.html","reference_id":"adv_2018-b138.html","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:58:33Z/"}],"url":"https://curl.haxx.se/docs/adv_2018-b138.html"},{"reference_url":"https://security.archlinux.org/ASA-201805-13","reference_id":"ASA-201805-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201805-13"},{"reference_url":"https://security.archlinux.org/ASA-201805-14","reference_id":"ASA-201805-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201805-14"},{"reference_url":"https://security.archlinux.org/ASA-201805-15","reference_id":"ASA-201805-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201805-15"},{"reference_url":"https://security.archlinux.org/ASA-201805-16","reference_id":"ASA-201805-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201805-16"},{"reference_url":"https://security.archlinux.org/ASA-201805-17","reference_id":"ASA-201805-17","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201805-17"},{"reference_url":"https://security.archlinux.org/ASA-201805-18","reference_id":"ASA-201805-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201805-18"},{"reference_url":"https://security.archlinux.org/AVG-694","reference_id":"AVG-694","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-694"},{"reference_url":"https://security.archlinux.org/AVG-695","reference_id":"AVG-695","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-695"},{"reference_url":"https://security.archlinux.org/AVG-696","reference_id":"AVG-696","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-696"},{"reference_url":"https://security.archlinux.org/AVG-697","reference_id":"AVG-697","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-697"},{"reference_url":"https://security.archlinux.org/AVG-698","reference_id":"AVG-698","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-698"},{"reference_url":"https://security.archlinux.org/AVG-699","reference_id":"AVG-699","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-699"},{"reference_url":"https://www.debian.org/security/2018/dsa-4202","reference_id":"dsa-4202","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:58:33Z/"}],"url":"https://www.debian.org/security/2018/dsa-4202"},{"reference_url":"https://security.gentoo.org/glsa/201806-05","reference_id":"GLSA-201806-05","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:58:33Z/"}],"url":"https://security.gentoo.org/glsa/201806-05"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/05/msg00010.html","reference_id":"msg00010.html","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:58:33Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2018/05/msg00010.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137905?format=json","purl":"pkg:generic/curl.se/curl@7.60.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1kpz-55f1-f7dj"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3ws4-1sak-r3ck"},{"vulnerability":"VCID-4hha-2z31-2bf8"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bb6v-z8yg-6fe3"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-p7mn-a632-c3ag"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-qrnc-7ywu-37cz"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-tcxd-z7f3-kkes"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-ubnn-z97k-47gw"},{"vulnerability":"VCID-uj78-2cgz-zbdb"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wbwx-5vg3-uqcd"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"},{"vulnerability":"VCID-zg98-v6dj-s7gv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.60.0"}],"aliases":["CVE-2018-1000301"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6745-tyba-33fa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65662?format=json","vulnerability_id":"VCID-6rk4-vb5u-bkg6","summary":"curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5420.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5420.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5420","reference_id":"","reference_type":"","scores":[{"value":"0.01071","scoring_system":"epss","scoring_elements":"0.7808","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5420"},{"reference_url":"https://curl.se/docs/CVE-2016-5420.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2016-5420.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5419","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5419"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5420","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5420"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5421","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5421"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1362190","reference_id":"1362190","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1362190"},{"reference_url":"https://security.gentoo.org/glsa/201701-47","reference_id":"GLSA-201701-47","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-47"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2575","reference_id":"RHSA-2016:2575","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2575"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2957","reference_id":"RHSA-2016:2957","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2957"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137886?format=json","purl":"pkg:generic/curl.se/curl@7.50.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1b5g-9trz-7ufb"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1kpz-55f1-f7dj"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1y6d-7vfu-ybb3"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3ws4-1sak-r3ck"},{"vulnerability":"VCID-4hha-2z31-2bf8"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-51ac-1jc2-vfed"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5svr-3vv9-mqea"},{"vulnerability":"VCID-5ujs-47hf-g7gj"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-5xjw-u8ad-n3g5"},{"vulnerability":"VCID-6745-tyba-33fa"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7jrx-ykk8-h3gp"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-av4f-gxku-qbhp"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bb6v-z8yg-6fe3"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f8vu-23bb-5ue7"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jf17-h97b-6bak"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-mh96-gkf1-9uek"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-naac-snjw-qbad"},{"vulnerability":"VCID-p8vk-yf66-wbb7"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8ja-keyk-fyfb"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-qe9z-wuze-tucq"},{"vulnerability":"VCID-qrnc-7ywu-37cz"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-raxd-4nxj-gkhp"},{"vulnerability":"VCID-rt5e-saz2-j7c9"},{"vulnerability":"VCID-s2gu-8jpq-mub9"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sesh-938m-x3f8"},{"vulnerability":"VCID-snsg-c2up-b7cn"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-swmn-7ns9-ekg1"},{"vulnerability":"VCID-tcxd-z7f3-kkes"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-tn33-re3r-yfhw"},{"vulnerability":"VCID-ugrr-z2zv-6qgp"},{"vulnerability":"VCID-vfc1-yy11-bycp"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-xyze-msxs-1qem"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"},{"vulnerability":"VCID-z8ex-47nd-47cm"},{"vulnerability":"VCID-zg98-v6dj-s7gv"},{"vulnerability":"VCID-zqyj-7rr3-fqew"},{"vulnerability":"VCID-zv25-wupq-bqfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.50.1"}],"aliases":["CVE-2016-5420"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6rk4-vb5u-bkg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6859?format=json","vulnerability_id":"VCID-738z-myg9-37hr","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27774.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27774.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-27774","reference_id":"","reference_type":"","scores":[{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54842","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-27774"},{"reference_url":"https://curl.se/docs/CVE-2022-27774.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2022-27774.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1543773","reference_id":"","reference_type":"","scores":[],"url":"https://hackerone.com/reports/1543773"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010254","reference_id":"1010254","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010254"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2077547","reference_id":"2077547","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2077547"},{"reference_url":"https://security.archlinux.org/AVG-2685","reference_id":"AVG-2685","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2685"},{"reference_url":"https://security.gentoo.org/glsa/202212-01","reference_id":"GLSA-202212-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202212-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5245","reference_id":"RHSA-2022:5245","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5245"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5313","reference_id":"RHSA-2022:5313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5313"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137941?format=json","purl":"pkg:generic/curl.se/curl@7.83.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-287k-bzqy-n7ag"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3p2z-61gq-muhs"},{"vulnerability":"VCID-5m9y-9y57-kqg6"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6en5-etsd-2bce"},{"vulnerability":"VCID-6ggz-pa5t-77c4"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7z3h-9pk3-rqct"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h4nw-va5b-23ef"},{"vulnerability":"VCID-hb4z-s871-d7ck"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-k5vr-1fmp-sqbw"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-mqzd-mcw5-s3h6"},{"vulnerability":"VCID-mray-vkqx-5ka7"},{"vulnerability":"VCID-ns58-vmsz-5ued"},{"vulnerability":"VCID-nwvb-d466-4uaa"},{"vulnerability":"VCID-p155-gbtu-abg1"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-razg-yr7y-ukgd"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-tzs5-qzhn-rqbk"},{"vulnerability":"VCID-u1p8-s8vm-3yer"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wbwx-5vg3-uqcd"},{"vulnerability":"VCID-wgur-psum-pbck"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.83.0"}],"aliases":["CVE-2022-27774"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-738z-myg9-37hr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6395?format=json","vulnerability_id":"VCID-7jrx-ykk8-h3gp","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8817.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8817.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8817","reference_id":"","reference_type":"","scores":[{"value":"0.00735","scoring_system":"epss","scoring_elements":"0.73169","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8817"},{"reference_url":"https://curl.se/docs/CVE-2017-8817.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2017-8817.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8816","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8816"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:N"},{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securityfocus.com/bid/102057","reference_id":"102057","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:59:34Z/"}],"url":"http://www.securityfocus.com/bid/102057"},{"reference_url":"http://www.securitytracker.com/id/1039897","reference_id":"1039897","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:59:34Z/"}],"url":"http://www.securitytracker.com/id/1039897"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1515760","reference_id":"1515760","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1515760"},{"reference_url":"https://curl.haxx.se/docs/adv_2017-ae72.html","reference_id":"adv_2017-ae72.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:59:34Z/"}],"url":"https://curl.haxx.se/docs/adv_2017-ae72.html"},{"reference_url":"https://security.archlinux.org/ASA-201711-33","reference_id":"ASA-201711-33","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-33"},{"reference_url":"https://security.archlinux.org/ASA-201711-34","reference_id":"ASA-201711-34","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-34"},{"reference_url":"https://security.archlinux.org/ASA-201711-35","reference_id":"ASA-201711-35","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-35"},{"reference_url":"https://security.archlinux.org/ASA-201711-36","reference_id":"ASA-201711-36","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-36"},{"reference_url":"https://security.archlinux.org/ASA-201711-37","reference_id":"ASA-201711-37","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-37"},{"reference_url":"https://security.archlinux.org/ASA-201711-38","reference_id":"ASA-201711-38","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-38"},{"reference_url":"https://security.archlinux.org/AVG-521","reference_id":"AVG-521","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-521"},{"reference_url":"https://security.archlinux.org/AVG-522","reference_id":"AVG-522","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-522"},{"reference_url":"https://security.archlinux.org/AVG-523","reference_id":"AVG-523","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-523"},{"reference_url":"https://security.archlinux.org/AVG-524","reference_id":"AVG-524","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-524"},{"reference_url":"https://security.archlinux.org/AVG-525","reference_id":"AVG-525","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-525"},{"reference_url":"https://security.archlinux.org/AVG-526","reference_id":"AVG-526","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-526"},{"reference_url":"http://security.cucumberlinux.com/security/details.php?id=162","reference_id":"details.php?id=162","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:59:34Z/"}],"url":"http://security.cucumberlinux.com/security/details.php?id=162"},{"reference_url":"https://www.debian.org/security/2017/dsa-4051","reference_id":"dsa-4051","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:59:34Z/"}],"url":"https://www.debian.org/security/2017/dsa-4051"},{"reference_url":"https://security.gentoo.org/glsa/201712-04","reference_id":"GLSA-201712-04","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:59:34Z/"}],"url":"https://security.gentoo.org/glsa/201712-04"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00040.html","reference_id":"msg00040.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:59:34Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00040.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137901?format=json","purl":"pkg:generic/curl.se/curl@7.57.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1kpz-55f1-f7dj"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3ws4-1sak-r3ck"},{"vulnerability":"VCID-4hha-2z31-2bf8"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5ujs-47hf-g7gj"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6745-tyba-33fa"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bb6v-z8yg-6fe3"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kae8-wmf2-2kf1"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-p7mn-a632-c3ag"},{"vulnerability":"VCID-p8vk-yf66-wbb7"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-qrnc-7ywu-37cz"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-raxd-4nxj-gkhp"},{"vulnerability":"VCID-rt5e-saz2-j7c9"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-tcxd-z7f3-kkes"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-tn33-re3r-yfhw"},{"vulnerability":"VCID-uj78-2cgz-zbdb"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wbwx-5vg3-uqcd"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"},{"vulnerability":"VCID-zg98-v6dj-s7gv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.57.0"}],"aliases":["CVE-2017-8817"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7jrx-ykk8-h3gp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65729?format=json","vulnerability_id":"VCID-7wqd-99h2-e7hk","summary":"When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers.  Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14017.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14017.json"},{"reference_url":"https://curl.se/docs/CVE-2025-14017.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-16T15:39:09Z/"}],"url":"https://curl.se/docs/CVE-2025-14017.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427870","reference_id":"2427870","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427870"},{"reference_url":"https://curl.se/docs/CVE-2025-14017.json","reference_id":"CVE-2025-14017.json","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-16T15:39:09Z/"}],"url":"https://curl.se/docs/CVE-2025-14017.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6893","reference_id":"RHSA-2026:6893","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6893"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137978?format=json","purl":"pkg:generic/curl.se/curl@8.18.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-9vbs-w124-q3au"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fxgf-t3ue-6qhf"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wgur-psum-pbck"},{"vulnerability":"VCID-y44u-23he-aya8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.18.0"}],"aliases":["CVE-2025-14017"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7wqd-99h2-e7hk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5242?format=json","vulnerability_id":"VCID-7yvu-s3p2-sfhc","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22947.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22947.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22947","reference_id":"","reference_type":"","scores":[{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48856","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22947"},{"reference_url":"https://curl.se/docs/CVE-2021-22947.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2021-22947.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1334763","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-28T18:31:17Z/"}],"url":"https://hackerone.com/reports/1334763"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2003191","reference_id":"2003191","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2003191"},{"reference_url":"http://seclists.org/fulldisclosure/2022/Mar/29","reference_id":"29","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-28T18:31:17Z/"}],"url":"http://seclists.org/fulldisclosure/2022/Mar/29"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/","reference_id":"APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-28T18:31:17Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/"},{"reference_url":"https://security.archlinux.org/AVG-2384","reference_id":"AVG-2384","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2384"},{"reference_url":"https://security.archlinux.org/AVG-2385","reference_id":"AVG-2385","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2385"},{"reference_url":"https://security.archlinux.org/AVG-2386","reference_id":"AVG-2386","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2386"},{"reference_url":"https://security.archlinux.org/AVG-2387","reference_id":"AVG-2387","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2387"},{"reference_url":"https://security.archlinux.org/AVG-2388","reference_id":"AVG-2388","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2388"},{"reference_url":"https://security.archlinux.org/AVG-2389","reference_id":"AVG-2389","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2389"},{"reference_url":"https://www.debian.org/security/2022/dsa-5197","reference_id":"dsa-5197","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-28T18:31:17Z/"}],"url":"https://www.debian.org/security/2022/dsa-5197"},{"reference_url":"https://security.gentoo.org/glsa/202212-01","reference_id":"GLSA-202212-01","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-28T18:31:17Z/"}],"url":"https://security.gentoo.org/glsa/202212-01"},{"reference_url":"https://support.apple.com/kb/HT213183","reference_id":"HT213183","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-28T18:31:17Z/"}],"url":"https://support.apple.com/kb/HT213183"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html","reference_id":"msg00017.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-28T18:31:17Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html","reference_id":"msg00022.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-28T18:31:17Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211029-0003/","reference_id":"ntap-20211029-0003","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-28T18:31:17Z/"}],"url":"https://security.netapp.com/advisory/ntap-20211029-0003/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4059","reference_id":"RHSA-2021:4059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0635","reference_id":"RHSA-2022:0635","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0635"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1354","reference_id":"RHSA-2022:1354","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1354"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/","reference_id":"RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-28T18:31:17Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137935?format=json","purl":"pkg:generic/curl.se/curl@7.79.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-287k-bzqy-n7ag"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3p2z-61gq-muhs"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6ggz-pa5t-77c4"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7z3h-9pk3-rqct"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h4nw-va5b-23ef"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-k5vr-1fmp-sqbw"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-ns58-vmsz-5ued"},{"vulnerability":"VCID-nwvb-d466-4uaa"},{"vulnerability":"VCID-p155-gbtu-abg1"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-razg-yr7y-ukgd"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-tzs5-qzhn-rqbk"},{"vulnerability":"VCID-u1p8-s8vm-3yer"},{"vulnerability":"VCID-urgp-rqyc-sqer"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wbwx-5vg3-uqcd"},{"vulnerability":"VCID-wgur-psum-pbck"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.79.0"}],"aliases":["CVE-2021-22947"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7yvu-s3p2-sfhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5469?format=json","vulnerability_id":"VCID-a58z-fu87-9ybs","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22898.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22898.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22898","reference_id":"","reference_type":"","scores":[{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33296","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22898"},{"reference_url":"https://curl.se/docs/CVE-2021-22898.html","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-28T18:31:55Z/"}],"url":"https://curl.se/docs/CVE-2021-22898.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1176461","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-28T18:31:55Z/"}],"url":"https://hackerone.com/reports/1176461"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1964887","reference_id":"1964887","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1964887"},{"reference_url":"https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde","reference_id":"39ce47f219b09c380b81f89fe54ac586c8db6bde","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-28T18:31:55Z/"}],"url":"https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/07/21/4","reference_id":"4","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-28T18:31:55Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/07/21/4"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989228","reference_id":"989228","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989228"},{"reference_url":"https://security.archlinux.org/ASA-202106-4","reference_id":"ASA-202106-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-4"},{"reference_url":"https://security.archlinux.org/ASA-202106-5","reference_id":"ASA-202106-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-5"},{"reference_url":"https://security.archlinux.org/ASA-202106-6","reference_id":"ASA-202106-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-6"},{"reference_url":"https://security.archlinux.org/ASA-202106-7","reference_id":"ASA-202106-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-7"},{"reference_url":"https://security.archlinux.org/ASA-202106-8","reference_id":"ASA-202106-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-8"},{"reference_url":"https://security.archlinux.org/ASA-202106-9","reference_id":"ASA-202106-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-9"},{"reference_url":"https://security.archlinux.org/AVG-1995","reference_id":"AVG-1995","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1995"},{"reference_url":"https://security.archlinux.org/AVG-1996","reference_id":"AVG-1996","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1996"},{"reference_url":"https://security.archlinux.org/AVG-1997","reference_id":"AVG-1997","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1997"},{"reference_url":"https://security.archlinux.org/AVG-1998","reference_id":"AVG-1998","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1998"},{"reference_url":"https://security.archlinux.org/AVG-1999","reference_id":"AVG-1999","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1999"},{"reference_url":"https://security.archlinux.org/AVG-2000","reference_id":"AVG-2000","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2000"},{"reference_url":"https://www.debian.org/security/2022/dsa-5197","reference_id":"dsa-5197","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-28T18:31:55Z/"}],"url":"https://www.debian.org/security/2022/dsa-5197"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/","reference_id":"FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-28T18:31:55Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/"},{"reference_url":"https://security.gentoo.org/glsa/202105-36","reference_id":"GLSA-202105-36","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202105-36"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html","reference_id":"msg00017.html","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-28T18:31:55Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html","reference_id":"msg00017.html","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-28T18:31:55Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POOC3UV7V6L4CJ5KA2PTWTNUV5Y72T3Q/","reference_id":"POOC3UV7V6L4CJ5KA2PTWTNUV5Y72T3Q","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-28T18:31:55Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POOC3UV7V6L4CJ5KA2PTWTNUV5Y72T3Q/"},{"reference_url":"https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E","reference_id":"rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-28T18:31:55Z/"}],"url":"https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4511","reference_id":"RHSA-2021:4511","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4511"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137933?format=json","purl":"pkg:generic/curl.se/curl@7.77.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-287k-bzqy-n7ag"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3p2z-61gq-muhs"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6ggz-pa5t-77c4"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-7z3h-9pk3-rqct"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-cjyz-fdnv-b3g4"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h4nw-va5b-23ef"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-k5vr-1fmp-sqbw"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-ns58-vmsz-5ued"},{"vulnerability":"VCID-nwvb-d466-4uaa"},{"vulnerability":"VCID-p155-gbtu-abg1"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-razg-yr7y-ukgd"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-tzs5-qzhn-rqbk"},{"vulnerability":"VCID-u1p8-s8vm-3yer"},{"vulnerability":"VCID-urgp-rqyc-sqer"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wbwx-5vg3-uqcd"},{"vulnerability":"VCID-wgur-psum-pbck"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.77.0"}],"aliases":["CVE-2021-22898"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a58z-fu87-9ybs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65704?format=json","vulnerability_id":"VCID-a8z6-bswu-jue8","summary":"A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28320.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28320.json"},{"reference_url":"https://curl.se/docs/CVE-2023-28320.html","reference_id":"","reference_type":"","scores":[{"value":"Low","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2023-28320.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1929597","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/"}],"url":"https://hackerone.com/reports/1929597"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239","reference_id":"1036239","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2196783","reference_id":"2196783","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2196783"},{"reference_url":"http://seclists.org/fulldisclosure/2023/Jul/47","reference_id":"47","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/"}],"url":"http://seclists.org/fulldisclosure/2023/Jul/47"},{"reference_url":"http://seclists.org/fulldisclosure/2023/Jul/48","reference_id":"48","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/"}],"url":"http://seclists.org/fulldisclosure/2023/Jul/48"},{"reference_url":"http://seclists.org/fulldisclosure/2023/Jul/52","reference_id":"52","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/"}],"url":"http://seclists.org/fulldisclosure/2023/Jul/52"},{"reference_url":"https://security.gentoo.org/glsa/202310-12","reference_id":"GLSA-202310-12","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/"}],"url":"https://security.gentoo.org/glsa/202310-12"},{"reference_url":"https://support.apple.com/kb/HT213843","reference_id":"HT213843","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/"}],"url":"https://support.apple.com/kb/HT213843"},{"reference_url":"https://support.apple.com/kb/HT213844","reference_id":"HT213844","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/"}],"url":"https://support.apple.com/kb/HT213844"},{"reference_url":"https://support.apple.com/kb/HT213845","reference_id":"HT213845","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/"}],"url":"https://support.apple.com/kb/HT213845"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230609-0009/","reference_id":"ntap-20230609-0009","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230609-0009/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137952?format=json","purl":"pkg:generic/curl.se/curl@8.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3p2z-61gq-muhs"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6ggz-pa5t-77c4"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-85qb-zec7-subc"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-ffmg-djmk-57hn"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gux4-dncg-h7a6"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-k3nv-gf9b-5ua2"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-p155-gbtu-abg1"},{"vulnerability":"VCID-razg-yr7y-ukgd"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-u1p8-s8vm-3yer"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wgur-psum-pbck"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.1.0"}],"aliases":["CVE-2023-28320"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a8z6-bswu-jue8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7240?format=json","vulnerability_id":"VCID-am31-t2h3-zbgw","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22925.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22925.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22925","reference_id":"","reference_type":"","scores":[{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46217","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22925"},{"reference_url":"https://curl.se/docs/CVE-2021-22925.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2021-22925.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1223882","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T16:36:17Z/"}],"url":"https://hackerone.com/reports/1223882"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1970902","reference_id":"1970902","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1970902"},{"reference_url":"http://seclists.org/fulldisclosure/2021/Sep/39","reference_id":"39","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T16:36:17Z/"}],"url":"http://seclists.org/fulldisclosure/2021/Sep/39"},{"reference_url":"http://seclists.org/fulldisclosure/2021/Sep/40","reference_id":"40","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T16:36:17Z/"}],"url":"http://seclists.org/fulldisclosure/2021/Sep/40"},{"reference_url":"https://security.archlinux.org/ASA-202107-59","reference_id":"ASA-202107-59","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-59"},{"reference_url":"https://security.archlinux.org/ASA-202107-60","reference_id":"ASA-202107-60","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-60"},{"reference_url":"https://security.archlinux.org/ASA-202107-61","reference_id":"ASA-202107-61","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-61"},{"reference_url":"https://security.archlinux.org/ASA-202107-62","reference_id":"ASA-202107-62","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-62"},{"reference_url":"https://security.archlinux.org/ASA-202107-63","reference_id":"ASA-202107-63","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-63"},{"reference_url":"https://security.archlinux.org/ASA-202107-64","reference_id":"ASA-202107-64","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-64"},{"reference_url":"https://security.archlinux.org/AVG-2194","reference_id":"AVG-2194","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2194"},{"reference_url":"https://security.archlinux.org/AVG-2195","reference_id":"AVG-2195","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2195"},{"reference_url":"https://security.archlinux.org/AVG-2196","reference_id":"AVG-2196","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2196"},{"reference_url":"https://security.archlinux.org/AVG-2197","reference_id":"AVG-2197","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2197"},{"reference_url":"https://security.archlinux.org/AVG-2198","reference_id":"AVG-2198","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2198"},{"reference_url":"https://security.archlinux.org/AVG-2199","reference_id":"AVG-2199","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2199"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/","reference_id":"FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T16:36:17Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/"},{"reference_url":"https://security.gentoo.org/glsa/202212-01","reference_id":"GLSA-202212-01","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T16:36:17Z/"}],"url":"https://security.gentoo.org/glsa/202212-01"},{"reference_url":"https://support.apple.com/kb/HT212804","reference_id":"HT212804","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T16:36:17Z/"}],"url":"https://support.apple.com/kb/HT212804"},{"reference_url":"https://support.apple.com/kb/HT212805","reference_id":"HT212805","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T16:36:17Z/"}],"url":"https://support.apple.com/kb/HT212805"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210902-0003/","reference_id":"ntap-20210902-0003","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T16:36:17Z/"}],"url":"https://security.netapp.com/advisory/ntap-20210902-0003/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4511","reference_id":"RHSA-2021:4511","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4511"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf","reference_id":"ssa-484086.pdf","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T16:36:17Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137934?format=json","purl":"pkg:generic/curl.se/curl@7.78.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-287k-bzqy-n7ag"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3p2z-61gq-muhs"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6ggz-pa5t-77c4"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-7z3h-9pk3-rqct"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-cjyz-fdnv-b3g4"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h4nw-va5b-23ef"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-k5vr-1fmp-sqbw"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-ns58-vmsz-5ued"},{"vulnerability":"VCID-nwvb-d466-4uaa"},{"vulnerability":"VCID-p155-gbtu-abg1"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-razg-yr7y-ukgd"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-tzs5-qzhn-rqbk"},{"vulnerability":"VCID-u1p8-s8vm-3yer"},{"vulnerability":"VCID-urgp-rqyc-sqer"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wbwx-5vg3-uqcd"},{"vulnerability":"VCID-wgur-psum-pbck"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.78.0"}],"aliases":["CVE-2021-22925"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-am31-t2h3-zbgw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6740?format=json","vulnerability_id":"VCID-av4f-gxku-qbhp","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8624.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8624.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8624","reference_id":"","reference_type":"","scores":[{"value":"0.01363","scoring_system":"epss","scoring_elements":"0.80514","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8624"},{"reference_url":"https://curl.se/docs/CVE-2016-8624.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2016-8624.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securitytracker.com/id/1037192","reference_id":"1037192","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:39:44Z/"}],"url":"http://www.securitytracker.com/id/1037192"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388390","reference_id":"1388390","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388390"},{"reference_url":"http://www.securityfocus.com/bid/94103","reference_id":"94103","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:39:44Z/"}],"url":"http://www.securityfocus.com/bid/94103"},{"reference_url":"https://curl.haxx.se/docs/adv_20161102J.html","reference_id":"adv_20161102J.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:39:44Z/"}],"url":"https://curl.haxx.se/docs/adv_20161102J.html"},{"reference_url":"https://security.archlinux.org/ASA-201611-10","reference_id":"ASA-201611-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-10"},{"reference_url":"https://security.archlinux.org/ASA-201611-4","reference_id":"ASA-201611-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-4"},{"reference_url":"https://security.archlinux.org/ASA-201611-5","reference_id":"ASA-201611-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-5"},{"reference_url":"https://security.archlinux.org/ASA-201611-7","reference_id":"ASA-201611-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-7"},{"reference_url":"https://security.archlinux.org/ASA-201611-8","reference_id":"ASA-201611-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-8"},{"reference_url":"https://security.archlinux.org/ASA-201611-9","reference_id":"ASA-201611-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-9"},{"reference_url":"https://security.archlinux.org/AVG-60","reference_id":"AVG-60","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-60"},{"reference_url":"https://security.archlinux.org/AVG-61","reference_id":"AVG-61","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-61"},{"reference_url":"https://security.archlinux.org/AVG-62","reference_id":"AVG-62","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-62"},{"reference_url":"https://security.archlinux.org/AVG-63","reference_id":"AVG-63","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-63"},{"reference_url":"https://security.archlinux.org/AVG-65","reference_id":"AVG-65","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-65"},{"reference_url":"https://security.archlinux.org/AVG-66","reference_id":"AVG-66","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-66"},{"reference_url":"https://security.gentoo.org/glsa/201701-47","reference_id":"GLSA-201701-47","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:39:44Z/"}],"url":"https://security.gentoo.org/glsa/201701-47"},{"reference_url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","reference_id":"r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:39:44Z/"}],"url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","reference_id":"rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:39:44Z/"}],"url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rfaa4d578587f52a9c4d176af516a681a712c664e3be440a4163691d5%40%3Ccommits.pulsar.apache.org%3E","reference_id":"rfaa4d578587f52a9c4d176af516a681a712c664e3be440a4163691d5%40%3Ccommits.pulsar.apache.org%3E","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:39:44Z/"}],"url":"https://lists.apache.org/thread.html/rfaa4d578587f52a9c4d176af516a681a712c664e3be440a4163691d5%40%3Ccommits.pulsar.apache.org%3E"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8624","reference_id":"show_bug.cgi?id=CVE-2016-8624","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:39:44Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8624"},{"reference_url":"https://www.tenable.com/security/tns-2016-21","reference_id":"tns-2016-21","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:39:44Z/"}],"url":"https://www.tenable.com/security/tns-2016-21"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137889?format=json","purl":"pkg:generic/curl.se/curl@7.51.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1b5g-9trz-7ufb"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1kpz-55f1-f7dj"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3ws4-1sak-r3ck"},{"vulnerability":"VCID-4hha-2z31-2bf8"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5svr-3vv9-mqea"},{"vulnerability":"VCID-5ujs-47hf-g7gj"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6745-tyba-33fa"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7jrx-ykk8-h3gp"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bb6v-z8yg-6fe3"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f8vu-23bb-5ue7"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jf17-h97b-6bak"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-mh96-gkf1-9uek"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-naac-snjw-qbad"},{"vulnerability":"VCID-p8vk-yf66-wbb7"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-qrnc-7ywu-37cz"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-raxd-4nxj-gkhp"},{"vulnerability":"VCID-rt5e-saz2-j7c9"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-swmn-7ns9-ekg1"},{"vulnerability":"VCID-tcxd-z7f3-kkes"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-tn33-re3r-yfhw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"},{"vulnerability":"VCID-z8ex-47nd-47cm"},{"vulnerability":"VCID-zg98-v6dj-s7gv"},{"vulnerability":"VCID-zqyj-7rr3-fqew"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.51.0"}],"aliases":["CVE-2016-8624"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-av4f-gxku-qbhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65701?format=json","vulnerability_id":"VCID-azcz-b8f2-63be","summary":"A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27533.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27533.json"},{"reference_url":"https://curl.se/docs/CVE-2023-27533.html","reference_id":"","reference_type":"","scores":[{"value":"Low","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2023-27533.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1891474","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T20:09:15Z/"}],"url":"https://hackerone.com/reports/1891474"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2179062","reference_id":"2179062","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2179062"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/","reference_id":"36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T20:09:15Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/"},{"reference_url":"https://security.gentoo.org/glsa/202310-12","reference_id":"GLSA-202310-12","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T20:09:15Z/"}],"url":"https://security.gentoo.org/glsa/202310-12"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html","reference_id":"msg00025.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T20:09:15Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230420-0011/","reference_id":"ntap-20230420-0011","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T20:09:15Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230420-0011/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3354","reference_id":"RHSA-2023:3354","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3354"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3355","reference_id":"RHSA-2023:3355","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3355"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6679","reference_id":"RHSA-2023:6679","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6679"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137950?format=json","purl":"pkg:generic/curl.se/curl@8.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3p2z-61gq-muhs"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6en5-etsd-2bce"},{"vulnerability":"VCID-6ggz-pa5t-77c4"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-85qb-zec7-subc"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-ffmg-djmk-57hn"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gux4-dncg-h7a6"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-k3nv-gf9b-5ua2"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-p155-gbtu-abg1"},{"vulnerability":"VCID-razg-yr7y-ukgd"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-u1p8-s8vm-3yer"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wgur-psum-pbck"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.0.0"}],"aliases":["CVE-2023-27533"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-azcz-b8f2-63be"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6151?format=json","vulnerability_id":"VCID-bb6v-z8yg-6fe3","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3823.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3823.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3823","reference_id":"","reference_type":"","scores":[{"value":"0.01568","scoring_system":"epss","scoring_elements":"0.81855","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3823"},{"reference_url":"https://curl.se/docs/CVE-2019-3823.html","reference_id":"","reference_type":"","scores":[{"value":"Low","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2019-3823.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securityfocus.com/bid/106950","reference_id":"106950","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:52:04Z/"}],"url":"http://www.securityfocus.com/bid/106950"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1670256","reference_id":"1670256","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1670256"},{"reference_url":"https://usn.ubuntu.com/3882-1/","reference_id":"3882-1","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:52:04Z/"}],"url":"https://usn.ubuntu.com/3882-1/"},{"reference_url":"https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E","reference_id":"8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:52:04Z/"}],"url":"https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E"},{"reference_url":"https://security.archlinux.org/ASA-201902-10","reference_id":"ASA-201902-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201902-10"},{"reference_url":"https://security.archlinux.org/ASA-201902-11","reference_id":"ASA-201902-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201902-11"},{"reference_url":"https://security.archlinux.org/ASA-201902-12","reference_id":"ASA-201902-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201902-12"},{"reference_url":"https://security.archlinux.org/ASA-201902-13","reference_id":"ASA-201902-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201902-13"},{"reference_url":"https://security.archlinux.org/ASA-201902-9","reference_id":"ASA-201902-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201902-9"},{"reference_url":"https://security.archlinux.org/AVG-873","reference_id":"AVG-873","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-873"},{"reference_url":"https://security.archlinux.org/AVG-874","reference_id":"AVG-874","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-874"},{"reference_url":"https://security.archlinux.org/AVG-875","reference_id":"AVG-875","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-875"},{"reference_url":"https://security.archlinux.org/AVG-876","reference_id":"AVG-876","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-876"},{"reference_url":"https://security.archlinux.org/AVG-877","reference_id":"AVG-877","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-877"},{"reference_url":"https://curl.haxx.se/docs/CVE-2019-3823.html","reference_id":"CVE-2019-3823.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:52:04Z/"}],"url":"https://curl.haxx.se/docs/CVE-2019-3823.html"},{"reference_url":"https://www.debian.org/security/2019/dsa-4386","reference_id":"dsa-4386","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:52:04Z/"}],"url":"https://www.debian.org/security/2019/dsa-4386"},{"reference_url":"https://security.gentoo.org/glsa/201903-03","reference_id":"GLSA-201903-03","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:52:04Z/"}],"url":"https://security.gentoo.org/glsa/201903-03"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190315-0001/","reference_id":"ntap-20190315-0001","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:52:04Z/"}],"url":"https://security.netapp.com/advisory/ntap-20190315-0001/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3701","reference_id":"RHSA-2019:3701","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:52:04Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:3701"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3823","reference_id":"show_bug.cgi?id=CVE-2019-3823","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:52:04Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3823"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-936080.pdf","reference_id":"ssa-936080.pdf","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:52:04Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-936080.pdf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137911?format=json","purl":"pkg:generic/curl.se/curl@7.64.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-byzw-xw9s-pkga"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-fp66-fzqt-6yg7"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kn6z-caj8-bbc9"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-tcxd-z7f3-kkes"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-uj78-2cgz-zbdb"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wbwx-5vg3-uqcd"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xc5k-47n9-43d6"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.64.0"}],"aliases":["CVE-2019-3823"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bb6v-z8yg-6fe3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60252?format=json","vulnerability_id":"VCID-bcuq-n4vb-k7f3","summary":"curl: libcurl: Information disclosure via incorrect Proxy-Authorization header reuse","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7168.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7168.json"},{"reference_url":"https://curl.se/docs/CVE-2026-7168.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2026-7168.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/3697719","reference_id":"","reference_type":"","scores":[],"url":"https://hackerone.com/reports/3697719"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476979","reference_id":"2476979","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19106","reference_id":"RHSA-2026:19106","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19106"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137980?format=json","purl":"pkg:generic/curl.se/curl@8.20.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.20.0"}],"aliases":["CVE-2026-7168"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bcuq-n4vb-k7f3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44801?format=json","vulnerability_id":"VCID-bx2m-n5ft-3be8","summary":"Improper Authentication\nAn authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27535.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27535.json"},{"reference_url":"https://curl.se/docs/CVE-2023-27535.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2023-27535.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1892780","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:24:11Z/"}],"url":"https://hackerone.com/reports/1892780"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2179073","reference_id":"2179073","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2179073"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/","reference_id":"36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:24:11Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27535","reference_id":"CVE-2023-27535","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27535"},{"reference_url":"https://security.gentoo.org/glsa/202310-12","reference_id":"GLSA-202310-12","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:24:11Z/"}],"url":"https://security.gentoo.org/glsa/202310-12"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html","reference_id":"msg00025.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:24:11Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230420-0010/","reference_id":"ntap-20230420-0010","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:24:11Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230420-0010/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2650","reference_id":"RHSA-2023:2650","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2650"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3106","reference_id":"RHSA-2023:3106","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3106"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0428","reference_id":"RHSA-2024:0428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0428"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137950?format=json","purl":"pkg:generic/curl.se/curl@8.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3p2z-61gq-muhs"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6en5-etsd-2bce"},{"vulnerability":"VCID-6ggz-pa5t-77c4"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-85qb-zec7-subc"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-ffmg-djmk-57hn"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gux4-dncg-h7a6"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-k3nv-gf9b-5ua2"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-p155-gbtu-abg1"},{"vulnerability":"VCID-razg-yr7y-ukgd"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-u1p8-s8vm-3yer"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wgur-psum-pbck"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.0.0"}],"aliases":["CVE-2023-27535"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bx2m-n5ft-3be8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65691?format=json","vulnerability_id":"VCID-cdzf-3ydt-8bdk","summary":"When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32221.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32221.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-32221","reference_id":"","reference_type":"","scores":[{"value":"0.01853","scoring_system":"epss","scoring_elements":"0.83366","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-32221"},{"reference_url":"https://curl.se/docs/CVE-2022-32221.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2022-32221.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1704017","reference_id":"","reference_type":"","scores":[],"url":"https://hackerone.com/reports/1704017"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2135411","reference_id":"2135411","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2135411"},{"reference_url":"https://security.gentoo.org/glsa/202212-01","reference_id":"GLSA-202212-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202212-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8840","reference_id":"RHSA-2022:8840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8841","reference_id":"RHSA-2022:8841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0333","reference_id":"RHSA-2023:0333","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0333"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4139","reference_id":"RHSA-2023:4139","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4139"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137946?format=json","purl":"pkg:generic/curl.se/curl@7.86.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-287k-bzqy-n7ag"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3p2z-61gq-muhs"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6en5-etsd-2bce"},{"vulnerability":"VCID-6ggz-pa5t-77c4"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-85qb-zec7-subc"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-ffmg-djmk-57hn"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-k3nv-gf9b-5ua2"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-ns58-vmsz-5ued"},{"vulnerability":"VCID-nwvb-d466-4uaa"},{"vulnerability":"VCID-p155-gbtu-abg1"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-razg-yr7y-ukgd"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-u1p8-s8vm-3yer"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wgur-psum-pbck"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.86.0"}],"aliases":["CVE-2022-32221"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cdzf-3ydt-8bdk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65661?format=json","vulnerability_id":"VCID-dndt-tapy-23d2","summary":"curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5419.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5419.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5419","reference_id":"","reference_type":"","scores":[{"value":"0.01912","scoring_system":"epss","scoring_elements":"0.83631","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5419"},{"reference_url":"https://curl.se/docs/CVE-2016-5419.html","reference_id":"","reference_type":"","scores":[{"value":"High","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2016-5419.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5419","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5419"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5420","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5420"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5421","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5421"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1362183","reference_id":"1362183","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1362183"},{"reference_url":"https://security.gentoo.org/glsa/201701-47","reference_id":"GLSA-201701-47","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-47"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2575","reference_id":"RHSA-2016:2575","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2575"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2957","reference_id":"RHSA-2016:2957","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2957"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137886?format=json","purl":"pkg:generic/curl.se/curl@7.50.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1b5g-9trz-7ufb"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1kpz-55f1-f7dj"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1y6d-7vfu-ybb3"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3ws4-1sak-r3ck"},{"vulnerability":"VCID-4hha-2z31-2bf8"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-51ac-1jc2-vfed"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5svr-3vv9-mqea"},{"vulnerability":"VCID-5ujs-47hf-g7gj"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-5xjw-u8ad-n3g5"},{"vulnerability":"VCID-6745-tyba-33fa"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7jrx-ykk8-h3gp"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-av4f-gxku-qbhp"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bb6v-z8yg-6fe3"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f8vu-23bb-5ue7"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jf17-h97b-6bak"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-mh96-gkf1-9uek"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-naac-snjw-qbad"},{"vulnerability":"VCID-p8vk-yf66-wbb7"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8ja-keyk-fyfb"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-qe9z-wuze-tucq"},{"vulnerability":"VCID-qrnc-7ywu-37cz"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-raxd-4nxj-gkhp"},{"vulnerability":"VCID-rt5e-saz2-j7c9"},{"vulnerability":"VCID-s2gu-8jpq-mub9"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sesh-938m-x3f8"},{"vulnerability":"VCID-snsg-c2up-b7cn"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-swmn-7ns9-ekg1"},{"vulnerability":"VCID-tcxd-z7f3-kkes"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-tn33-re3r-yfhw"},{"vulnerability":"VCID-ugrr-z2zv-6qgp"},{"vulnerability":"VCID-vfc1-yy11-bycp"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-xyze-msxs-1qem"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"},{"vulnerability":"VCID-z8ex-47nd-47cm"},{"vulnerability":"VCID-zg98-v6dj-s7gv"},{"vulnerability":"VCID-zqyj-7rr3-fqew"},{"vulnerability":"VCID-zv25-wupq-bqfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.50.1"}],"aliases":["CVE-2016-5419"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dndt-tapy-23d2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53886?format=json","vulnerability_id":"VCID-f7n8-zzhz-fuc8","summary":"Improper Certificate Validation\ncurl is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8286.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8286.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8286","reference_id":"","reference_type":"","scores":[{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52333","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8286"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1048457","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T15:29:39Z/"}],"url":"https://hackerone.com/reports/1048457"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1906096","reference_id":"1906096","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1906096"},{"reference_url":"http://seclists.org/fulldisclosure/2021/Apr/50","reference_id":"50","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T15:29:39Z/"}],"url":"http://seclists.org/fulldisclosure/2021/Apr/50"},{"reference_url":"http://seclists.org/fulldisclosure/2021/Apr/51","reference_id":"51","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T15:29:39Z/"}],"url":"http://seclists.org/fulldisclosure/2021/Apr/51"},{"reference_url":"http://seclists.org/fulldisclosure/2021/Apr/54","reference_id":"54","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T15:29:39Z/"}],"url":"http://seclists.org/fulldisclosure/2021/Apr/54"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977161","reference_id":"977161","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977161"},{"reference_url":"https://security.archlinux.org/AVG-1337","reference_id":"AVG-1337","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1337"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8286","reference_id":"CVE-2020-8286","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8286"},{"reference_url":"https://curl.se/docs/CVE-2020-8286.html","reference_id":"CVE-2020-8286.HTML","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T15:29:39Z/"}],"url":"https://curl.se/docs/CVE-2020-8286.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/","reference_id":"DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T15:29:39Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/"},{"reference_url":"https://www.debian.org/security/2021/dsa-4881","reference_id":"dsa-4881","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T15:29:39Z/"}],"url":"https://www.debian.org/security/2021/dsa-4881"},{"reference_url":"https://security.gentoo.org/glsa/202012-14","reference_id":"GLSA-202012-14","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T15:29:39Z/"}],"url":"https://security.gentoo.org/glsa/202012-14"},{"reference_url":"https://support.apple.com/kb/HT212325","reference_id":"HT212325","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T15:29:39Z/"}],"url":"https://support.apple.com/kb/HT212325"},{"reference_url":"https://support.apple.com/kb/HT212326","reference_id":"HT212326","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T15:29:39Z/"}],"url":"https://support.apple.com/kb/HT212326"},{"reference_url":"https://support.apple.com/kb/HT212327","reference_id":"HT212327","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T15:29:39Z/"}],"url":"https://support.apple.com/kb/HT212327"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html","reference_id":"msg00029.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T15:29:39Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210122-0007/","reference_id":"ntap-20210122-0007","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T15:29:39Z/"}],"url":"https://security.netapp.com/advisory/ntap-20210122-0007/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/","reference_id":"NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T15:29:39Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1610","reference_id":"RHSA-2021:1610","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1610"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2471","reference_id":"RHSA-2021:2471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2472","reference_id":"RHSA-2021:2472","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2472"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf","reference_id":"ssa-200951.pdf","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T15:29:39Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137929?format=json","purl":"pkg:generic/curl.se/curl@7.74.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6ggz-pa5t-77c4"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-7z3h-9pk3-rqct"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-byzw-xw9s-pkga"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-cjyz-fdnv-b3g4"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kn6z-caj8-bbc9"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-p155-gbtu-abg1"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-razg-yr7y-ukgd"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-tzs5-qzhn-rqbk"},{"vulnerability":"VCID-urgp-rqyc-sqer"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wbwx-5vg3-uqcd"},{"vulnerability":"VCID-wgur-psum-pbck"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.74.0"}],"aliases":["CVE-2020-8286"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f7n8-zzhz-fuc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6394?format=json","vulnerability_id":"VCID-f8vu-23bb-5ue7","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8816.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8816.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8816","reference_id":"","reference_type":"","scores":[{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.64147","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8816"},{"reference_url":"https://curl.se/docs/CVE-2017-8816.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2017-8816.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8816","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8816"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P"},{"value":"5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securityfocus.com/bid/101998","reference_id":"101998","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-15T21:01:08Z/"}],"url":"http://www.securityfocus.com/bid/101998"},{"reference_url":"http://www.securitytracker.com/id/1039896","reference_id":"1039896","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-15T21:01:08Z/"}],"url":"http://www.securitytracker.com/id/1039896"},{"reference_url":"http://www.securitytracker.com/id/1040608","reference_id":"1040608","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-15T21:01:08Z/"}],"url":"http://www.securitytracker.com/id/1040608"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1515757","reference_id":"1515757","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1515757"},{"reference_url":"https://curl.haxx.se/docs/adv_2017-12e7.html","reference_id":"adv_2017-12e7.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-15T21:01:08Z/"}],"url":"https://curl.haxx.se/docs/adv_2017-12e7.html"},{"reference_url":"https://security.archlinux.org/ASA-201711-36","reference_id":"ASA-201711-36","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-36"},{"reference_url":"https://security.archlinux.org/ASA-201711-37","reference_id":"ASA-201711-37","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-37"},{"reference_url":"https://security.archlinux.org/ASA-201711-38","reference_id":"ASA-201711-38","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-38"},{"reference_url":"https://security.archlinux.org/AVG-521","reference_id":"AVG-521","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-521"},{"reference_url":"https://security.archlinux.org/AVG-522","reference_id":"AVG-522","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-522"},{"reference_url":"https://security.archlinux.org/AVG-523","reference_id":"AVG-523","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-523"},{"reference_url":"https://security.archlinux.org/AVG-527","reference_id":"AVG-527","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-527"},{"reference_url":"https://security.archlinux.org/AVG-528","reference_id":"AVG-528","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-528"},{"reference_url":"https://security.archlinux.org/AVG-529","reference_id":"AVG-529","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-529"},{"reference_url":"http://security.cucumberlinux.com/security/details.php?id=161","reference_id":"details.php?id=161","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-15T21:01:08Z/"}],"url":"http://security.cucumberlinux.com/security/details.php?id=161"},{"reference_url":"https://www.debian.org/security/2017/dsa-4051","reference_id":"dsa-4051","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-15T21:01:08Z/"}],"url":"https://www.debian.org/security/2017/dsa-4051"},{"reference_url":"https://security.gentoo.org/glsa/201712-04","reference_id":"GLSA-201712-04","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-15T21:01:08Z/"}],"url":"https://security.gentoo.org/glsa/201712-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137901?format=json","purl":"pkg:generic/curl.se/curl@7.57.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1kpz-55f1-f7dj"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3ws4-1sak-r3ck"},{"vulnerability":"VCID-4hha-2z31-2bf8"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5ujs-47hf-g7gj"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6745-tyba-33fa"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bb6v-z8yg-6fe3"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kae8-wmf2-2kf1"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-p7mn-a632-c3ag"},{"vulnerability":"VCID-p8vk-yf66-wbb7"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-qrnc-7ywu-37cz"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-raxd-4nxj-gkhp"},{"vulnerability":"VCID-rt5e-saz2-j7c9"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-tcxd-z7f3-kkes"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-tn33-re3r-yfhw"},{"vulnerability":"VCID-uj78-2cgz-zbdb"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wbwx-5vg3-uqcd"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"},{"vulnerability":"VCID-zg98-v6dj-s7gv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.57.0"}],"aliases":["CVE-2017-8816"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f8vu-23bb-5ue7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61679?format=json","vulnerability_id":"VCID-f9nm-d5ax-qkcb","summary":"curl: libcurl: Credential leak via reused proxy connection during HTTP redirects","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6429.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6429.json"},{"reference_url":"https://curl.se/docs/CVE-2026-6429.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T14:03:52Z/"}],"url":"https://curl.se/docs/CVE-2026-6429.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/3677759","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T14:03:52Z/"}],"url":"https://hackerone.com/reports/3677759"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461205","reference_id":"2461205","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461205"},{"reference_url":"https://curl.se/docs/CVE-2026-6429.json","reference_id":"CVE-2026-6429.json","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T14:03:52Z/"}],"url":"https://curl.se/docs/CVE-2026-6429.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12916","reference_id":"RHSA-2026:12916","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12916"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137980?format=json","purl":"pkg:generic/curl.se/curl@8.20.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.20.0"}],"aliases":["CVE-2026-6429"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f9nm-d5ax-qkcb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5600?format=json","vulnerability_id":"VCID-fhc8-r8gv-bugj","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22876.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22876.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22876","reference_id":"","reference_type":"","scores":[{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29799","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22876"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8177","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8177"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8284","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8284"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8285","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8285"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8286","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8286"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22876","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22876"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22890","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22890"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1101882","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:54:20Z/"}],"url":"https://hackerone.com/reports/1101882"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1941964","reference_id":"1941964","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1941964"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP/","reference_id":"2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:54:20Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986269","reference_id":"986269","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986269"},{"reference_url":"https://security.archlinux.org/AVG-1753","reference_id":"AVG-1753","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1753"},{"reference_url":"https://security.archlinux.org/AVG-1754","reference_id":"AVG-1754","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1754"},{"reference_url":"https://security.archlinux.org/AVG-1755","reference_id":"AVG-1755","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1755"},{"reference_url":"https://security.archlinux.org/AVG-1756","reference_id":"AVG-1756","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1756"},{"reference_url":"https://security.archlinux.org/AVG-1757","reference_id":"AVG-1757","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1757"},{"reference_url":"https://security.archlinux.org/AVG-1758","reference_id":"AVG-1758","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1758"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22876","reference_id":"CVE-2021-22876","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22876"},{"reference_url":"https://curl.se/docs/CVE-2021-22876.html","reference_id":"CVE-2021-22876.HTML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Low","scoring_system":"cvssv3.1","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:54:20Z/"}],"url":"https://curl.se/docs/CVE-2021-22876.html"},{"reference_url":"https://security.gentoo.org/glsa/202105-36","reference_id":"GLSA-202105-36","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:54:20Z/"}],"url":"https://security.gentoo.org/glsa/202105-36"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC/","reference_id":"ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:54:20Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ/","reference_id":"KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:54:20Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ/"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00019.html","reference_id":"msg00019.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:54:20Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00019.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210521-0007/","reference_id":"ntap-20210521-0007","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:54:20Z/"}],"url":"https://security.netapp.com/advisory/ntap-20210521-0007/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2471","reference_id":"RHSA-2021:2471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2472","reference_id":"RHSA-2021:2472","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2472"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4511","reference_id":"RHSA-2021:4511","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1354","reference_id":"RHSA-2022:1354","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1354"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137931?format=json","purl":"pkg:generic/curl.se/curl@7.76.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3p2z-61gq-muhs"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6ggz-pa5t-77c4"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-7z3h-9pk3-rqct"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-byzw-xw9s-pkga"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-cjyz-fdnv-b3g4"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-p155-gbtu-abg1"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-razg-yr7y-ukgd"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-tzs5-qzhn-rqbk"},{"vulnerability":"VCID-u1p8-s8vm-3yer"},{"vulnerability":"VCID-urgp-rqyc-sqer"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-vgap-k5zw-9qbn"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wbwx-5vg3-uqcd"},{"vulnerability":"VCID-wgur-psum-pbck"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.76.0"}],"aliases":["CVE-2021-22876"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fhc8-r8gv-bugj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65705?format=json","vulnerability_id":"VCID-g4n9-kg3s-pfcr","summary":"An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28321.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28321.json"},{"reference_url":"https://curl.se/docs/CVE-2023-28321.html","reference_id":"","reference_type":"","scores":[{"value":"Low","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2023-28321.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1950627","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/"}],"url":"https://hackerone.com/reports/1950627"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239","reference_id":"1036239","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2196786","reference_id":"2196786","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2196786"},{"reference_url":"http://seclists.org/fulldisclosure/2023/Jul/47","reference_id":"47","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/"}],"url":"http://seclists.org/fulldisclosure/2023/Jul/47"},{"reference_url":"http://seclists.org/fulldisclosure/2023/Jul/48","reference_id":"48","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/"}],"url":"http://seclists.org/fulldisclosure/2023/Jul/48"},{"reference_url":"http://seclists.org/fulldisclosure/2023/Jul/52","reference_id":"52","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/"}],"url":"http://seclists.org/fulldisclosure/2023/Jul/52"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/","reference_id":"F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/"},{"reference_url":"https://security.gentoo.org/glsa/202310-12","reference_id":"GLSA-202310-12","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/"}],"url":"https://security.gentoo.org/glsa/202310-12"},{"reference_url":"https://support.apple.com/kb/HT213843","reference_id":"HT213843","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/"}],"url":"https://support.apple.com/kb/HT213843"},{"reference_url":"https://support.apple.com/kb/HT213844","reference_id":"HT213844","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/"}],"url":"https://support.apple.com/kb/HT213844"},{"reference_url":"https://support.apple.com/kb/HT213845","reference_id":"HT213845","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/"}],"url":"https://support.apple.com/kb/HT213845"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00016.html","reference_id":"msg00016.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00016.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230609-0009/","reference_id":"ntap-20230609-0009","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230609-0009/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4354","reference_id":"RHSA-2023:4354","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4354"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4523","reference_id":"RHSA-2023:4523","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4523"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4628","reference_id":"RHSA-2023:4628","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4628"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4629","reference_id":"RHSA-2023:4629","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4629"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5598","reference_id":"RHSA-2023:5598","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5598"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6292","reference_id":"RHSA-2023:6292","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6292"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/","reference_id":"Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137952?format=json","purl":"pkg:generic/curl.se/curl@8.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3p2z-61gq-muhs"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6ggz-pa5t-77c4"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-85qb-zec7-subc"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-ffmg-djmk-57hn"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gux4-dncg-h7a6"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-k3nv-gf9b-5ua2"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-p155-gbtu-abg1"},{"vulnerability":"VCID-razg-yr7y-ukgd"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-u1p8-s8vm-3yer"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wgur-psum-pbck"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.1.0"}],"aliases":["CVE-2023-28321"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g4n9-kg3s-pfcr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61678?format=json","vulnerability_id":"VCID-g7ux-4vz2-ckfg","summary":"curl: libcurl: Authentication bypass due to incorrect HTTP Negotiate connection reuse","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5545.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5545.json"},{"reference_url":"https://curl.se/docs/CVE-2026-5545.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:46:36Z/"}],"url":"https://curl.se/docs/CVE-2026-5545.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/3642555","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:46:36Z/"}],"url":"https://hackerone.com/reports/3642555"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461204","reference_id":"2461204","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461204"},{"reference_url":"https://curl.se/docs/CVE-2026-5545.json","reference_id":"CVE-2026-5545.json","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:46:36Z/"}],"url":"https://curl.se/docs/CVE-2026-5545.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12916","reference_id":"RHSA-2026:12916","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12916"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137980?format=json","purl":"pkg:generic/curl.se/curl@8.20.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.20.0"}],"aliases":["CVE-2026-5545"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g7ux-4vz2-ckfg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53887?format=json","vulnerability_id":"VCID-gud1-yg9u-zyfp","summary":"Use After Free\nDue to use of a dangling pointer, libcurl can use the wrong connection when sending data.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8231.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8231.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8231","reference_id":"","reference_type":"","scores":[{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36534","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8231"},{"reference_url":"https://curl.se/docs/CVE-2020-8231.html","reference_id":"","reference_type":"","scores":[{"value":"Low","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2020-8231.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/948876","reference_id":"","reference_type":"","scores":[],"url":"https://hackerone.com/reports/948876"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868032","reference_id":"1868032","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868032"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968831","reference_id":"968831","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968831"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8231","reference_id":"CVE-2020-8231","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8231"},{"reference_url":"https://security.gentoo.org/glsa/202012-14","reference_id":"GLSA-202012-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202012-14"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1610","reference_id":"RHSA-2021:1610","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1610"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137926?format=json","purl":"pkg:generic/curl.se/curl@7.72.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-7z3h-9pk3-rqct"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-byzw-xw9s-pkga"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kn6z-caj8-bbc9"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-p155-gbtu-abg1"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-razg-yr7y-ukgd"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-tzs5-qzhn-rqbk"},{"vulnerability":"VCID-urgp-rqyc-sqer"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wbwx-5vg3-uqcd"},{"vulnerability":"VCID-wgur-psum-pbck"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.72.0"}],"aliases":["CVE-2020-8231"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gud1-yg9u-zyfp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44797?format=json","vulnerability_id":"VCID-gueb-wzpx-ufb2","summary":"Improper Authentication\nAn authentication bypass vulnerability exists in libcurl v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27538.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27538.json"},{"reference_url":"https://curl.se/docs/CVE-2023-27538.html","reference_id":"","reference_type":"","scores":[{"value":"Low","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2023-27538.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1898475","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:52:04Z/"}],"url":"https://hackerone.com/reports/1898475"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2179103","reference_id":"2179103","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2179103"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27538","reference_id":"CVE-2023-27538","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27538"},{"reference_url":"https://security.gentoo.org/glsa/202310-12","reference_id":"GLSA-202310-12","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:52:04Z/"}],"url":"https://security.gentoo.org/glsa/202310-12"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html","reference_id":"msg00025.html","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:52:04Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230420-0010/","reference_id":"ntap-20230420-0010","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:52:04Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230420-0010/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6679","reference_id":"RHSA-2023:6679","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6679"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137950?format=json","purl":"pkg:generic/curl.se/curl@8.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3p2z-61gq-muhs"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6en5-etsd-2bce"},{"vulnerability":"VCID-6ggz-pa5t-77c4"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-85qb-zec7-subc"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-ffmg-djmk-57hn"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gux4-dncg-h7a6"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-k3nv-gf9b-5ua2"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-p155-gbtu-abg1"},{"vulnerability":"VCID-razg-yr7y-ukgd"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-u1p8-s8vm-3yer"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wgur-psum-pbck"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.0.0"}],"aliases":["CVE-2023-27538"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gueb-wzpx-ufb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5853?format=json","vulnerability_id":"VCID-h6xj-mys4-pucf","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8177.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8177.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8177","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05244","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8177"},{"reference_url":"https://curl.se/docs/CVE-2020-8177.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T21:05:17Z/"}],"url":"https://curl.se/docs/CVE-2020-8177.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8177","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8177"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8284","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8284"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8285","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8285"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8286","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8286"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22876","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22876"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22890","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22890"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/887462","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T21:05:17Z/"}],"url":"https://hackerone.com/reports/887462"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1847915","reference_id":"1847915","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1847915"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965281","reference_id":"965281","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965281"},{"reference_url":"https://security.archlinux.org/AVG-1194","reference_id":"AVG-1194","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1194"},{"reference_url":"https://www.debian.org/security/2021/dsa-4881","reference_id":"dsa-4881","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T21:05:17Z/"}],"url":"https://www.debian.org/security/2021/dsa-4881"},{"reference_url":"https://security.gentoo.org/glsa/202007-16","reference_id":"GLSA-202007-16","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-16"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4599","reference_id":"RHSA-2020:4599","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4599"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5002","reference_id":"RHSA-2020:5002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5002"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5417","reference_id":"RHSA-2020:5417","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5417"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0949","reference_id":"RHSA-2021:0949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0949"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137924?format=json","purl":"pkg:generic/curl.se/curl@7.71.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-7z3h-9pk3-rqct"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-byzw-xw9s-pkga"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kn6z-caj8-bbc9"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-p155-gbtu-abg1"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-razg-yr7y-ukgd"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-tzs5-qzhn-rqbk"},{"vulnerability":"VCID-urgp-rqyc-sqer"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wbwx-5vg3-uqcd"},{"vulnerability":"VCID-wgur-psum-pbck"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.71.0"}],"aliases":["CVE-2020-8177"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h6xj-mys4-pucf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65105?format=json","vulnerability_id":"VCID-hhms-2hg6-nke9","summary":"curl: curl: Information disclosure via OAuth2 bearer token leakage during HTTP(S) redirect","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3783.json","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3783.json"},{"reference_url":"https://curl.se/docs/CVE-2026-3783.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:25:28Z/"}],"url":"https://curl.se/docs/CVE-2026-3783.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/3583983","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:25:28Z/"}],"url":"https://hackerone.com/reports/3583983"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2446450","reference_id":"2446450","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2446450"},{"reference_url":"https://curl.se/docs/CVE-2026-3783.json","reference_id":"CVE-2026-3783.json","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:25:28Z/"}],"url":"https://curl.se/docs/CVE-2026-3783.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6893","reference_id":"RHSA-2026:6893","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6893"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137979?format=json","purl":"pkg:generic/curl.se/curl@8.19.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-9vbs-w124-q3au"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wgur-psum-pbck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.19.0"}],"aliases":["CVE-2026-3783"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hhms-2hg6-nke9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6860?format=json","vulnerability_id":"VCID-j688-cyfg-p7gu","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22576.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22576.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22576","reference_id":"","reference_type":"","scores":[{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57608","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22576"},{"reference_url":"https://curl.se/docs/CVE-2022-22576.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2022-22576.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1526328","reference_id":"","reference_type":"","scores":[],"url":"https://hackerone.com/reports/1526328"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010295","reference_id":"1010295","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010295"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2077541","reference_id":"2077541","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2077541"},{"reference_url":"https://security.archlinux.org/AVG-2685","reference_id":"AVG-2685","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2685"},{"reference_url":"https://security.gentoo.org/glsa/202212-01","reference_id":"GLSA-202212-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202212-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5245","reference_id":"RHSA-2022:5245","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5245"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5313","reference_id":"RHSA-2022:5313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5313"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137941?format=json","purl":"pkg:generic/curl.se/curl@7.83.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-287k-bzqy-n7ag"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3p2z-61gq-muhs"},{"vulnerability":"VCID-5m9y-9y57-kqg6"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6en5-etsd-2bce"},{"vulnerability":"VCID-6ggz-pa5t-77c4"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7z3h-9pk3-rqct"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h4nw-va5b-23ef"},{"vulnerability":"VCID-hb4z-s871-d7ck"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-k5vr-1fmp-sqbw"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-mqzd-mcw5-s3h6"},{"vulnerability":"VCID-mray-vkqx-5ka7"},{"vulnerability":"VCID-ns58-vmsz-5ued"},{"vulnerability":"VCID-nwvb-d466-4uaa"},{"vulnerability":"VCID-p155-gbtu-abg1"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-razg-yr7y-ukgd"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-tzs5-qzhn-rqbk"},{"vulnerability":"VCID-u1p8-s8vm-3yer"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wbwx-5vg3-uqcd"},{"vulnerability":"VCID-wgur-psum-pbck"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.83.0"}],"aliases":["CVE-2022-22576"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j688-cyfg-p7gu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65668?format=json","vulnerability_id":"VCID-jf17-h97b-6bak","summary":"The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by \"*.com.\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9952","reference_id":"","reference_type":"","scores":[{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60879","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9952"},{"reference_url":"https://curl.se/docs/CVE-2016-9952.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2016-9952.html"},{"reference_url":"https://curl.haxx.se/docs/adv_20161221B.html","reference_id":"adv_20161221B.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-23T19:19:07Z/"}],"url":"https://curl.haxx.se/docs/adv_20161221B.html"},{"reference_url":"https://curl.haxx.se/CVE-2016-9952.patch","reference_id":"CVE-2016-9952.patch","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-23T19:19:07Z/"}],"url":"https://curl.haxx.se/CVE-2016-9952.patch"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137890?format=json","purl":"pkg:generic/curl.se/curl@7.52.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1kpz-55f1-f7dj"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3ws4-1sak-r3ck"},{"vulnerability":"VCID-4hha-2z31-2bf8"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-53st-1j3z-h7by"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5svr-3vv9-mqea"},{"vulnerability":"VCID-5ujs-47hf-g7gj"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6745-tyba-33fa"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7jrx-ykk8-h3gp"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bb6v-z8yg-6fe3"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f8vu-23bb-5ue7"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-k79t-tesa-jfck"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-mh96-gkf1-9uek"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-naac-snjw-qbad"},{"vulnerability":"VCID-p8vk-yf66-wbb7"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-qrnc-7ywu-37cz"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-raxd-4nxj-gkhp"},{"vulnerability":"VCID-rt5e-saz2-j7c9"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-swmn-7ns9-ekg1"},{"vulnerability":"VCID-tcxd-z7f3-kkes"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-tn33-re3r-yfhw"},{"vulnerability":"VCID-uj78-2cgz-zbdb"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w63e-dku9-mqe9"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"},{"vulnerability":"VCID-zg98-v6dj-s7gv"},{"vulnerability":"VCID-zqyj-7rr3-fqew"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.52.0"}],"aliases":["CVE-2016-9952"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jf17-h97b-6bak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65714?format=json","vulnerability_id":"VCID-jnq1-hk6d-b3a3","summary":"When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory.  Further, this error condition fails silently and is therefore not easily detected by an application.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2398.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2398.json"},{"reference_url":"https://curl.se/docs/CVE-2024-2398.html","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/"}],"url":"https://curl.se/docs/CVE-2024-2398.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/2402845","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/"}],"url":"https://hackerone.com/reports/2402845"},{"reference_url":"http://seclists.org/fulldisclosure/2024/Jul/18","reference_id":"18","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/"}],"url":"http://seclists.org/fulldisclosure/2024/Jul/18"},{"reference_url":"http://seclists.org/fulldisclosure/2024/Jul/19","reference_id":"19","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/"}],"url":"http://seclists.org/fulldisclosure/2024/Jul/19"},{"reference_url":"http://seclists.org/fulldisclosure/2024/Jul/20","reference_id":"20","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/"}],"url":"http://seclists.org/fulldisclosure/2024/Jul/20"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2270498","reference_id":"2270498","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2270498"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6/","reference_id":"2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/03/27/3","reference_id":"3","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/03/27/3"},{"reference_url":"https://curl.se/docs/CVE-2024-2398.json","reference_id":"CVE-2024-2398.json","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/"}],"url":"https://curl.se/docs/CVE-2024-2398.json"},{"reference_url":"https://security.gentoo.org/glsa/202409-20","reference_id":"GLSA-202409-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-20"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI/","reference_id":"GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI/"},{"reference_url":"https://support.apple.com/kb/HT214118","reference_id":"HT214118","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/"}],"url":"https://support.apple.com/kb/HT214118"},{"reference_url":"https://support.apple.com/kb/HT214119","reference_id":"HT214119","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/"}],"url":"https://support.apple.com/kb/HT214119"},{"reference_url":"https://support.apple.com/kb/HT214120","reference_id":"HT214120","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/"}],"url":"https://support.apple.com/kb/HT214120"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240503-0009/","reference_id":"ntap-20240503-0009","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240503-0009/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10135","reference_id":"RHSA-2024:10135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11109","reference_id":"RHSA-2024:11109","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11109"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2693","reference_id":"RHSA-2024:2693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2694","reference_id":"RHSA-2024:2694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3998","reference_id":"RHSA-2024:3998","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3998"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5529","reference_id":"RHSA-2024:5529","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5529"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5654","reference_id":"RHSA-2024:5654","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5654"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7213","reference_id":"RHSA-2024:7213","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7213"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7374","reference_id":"RHSA-2024:7374","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7374"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137961?format=json","purl":"pkg:generic/curl.se/curl@8.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3p2z-61gq-muhs"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6ggz-pa5t-77c4"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-85ne-e7gm-5ua9"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bp56-gy66-mqae"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gux4-dncg-h7a6"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-p155-gbtu-abg1"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-u1p8-s8vm-3yer"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wgur-psum-pbck"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.7.0"}],"aliases":["CVE-2024-2398"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jnq1-hk6d-b3a3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6857?format=json","vulnerability_id":"VCID-kkrm-dj79-4ucj","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27776.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27776.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-27776","reference_id":"","reference_type":"","scores":[{"value":"0.00682","scoring_system":"epss","scoring_elements":"0.72016","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-27776"},{"reference_url":"https://curl.se/docs/CVE-2022-27776.html","reference_id":"","reference_type":"","scores":[{"value":"Low","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2022-27776.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1547048","reference_id":"","reference_type":"","scores":[],"url":"https://hackerone.com/reports/1547048"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010252","reference_id":"1010252","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010252"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2078408","reference_id":"2078408","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2078408"},{"reference_url":"https://security.archlinux.org/AVG-2685","reference_id":"AVG-2685","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2685"},{"reference_url":"https://security.gentoo.org/glsa/202212-01","reference_id":"GLSA-202212-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202212-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5245","reference_id":"RHSA-2022:5245","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5245"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5313","reference_id":"RHSA-2022:5313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5313"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137941?format=json","purl":"pkg:generic/curl.se/curl@7.83.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-287k-bzqy-n7ag"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3p2z-61gq-muhs"},{"vulnerability":"VCID-5m9y-9y57-kqg6"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6en5-etsd-2bce"},{"vulnerability":"VCID-6ggz-pa5t-77c4"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7z3h-9pk3-rqct"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h4nw-va5b-23ef"},{"vulnerability":"VCID-hb4z-s871-d7ck"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-k5vr-1fmp-sqbw"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-mqzd-mcw5-s3h6"},{"vulnerability":"VCID-mray-vkqx-5ka7"},{"vulnerability":"VCID-ns58-vmsz-5ued"},{"vulnerability":"VCID-nwvb-d466-4uaa"},{"vulnerability":"VCID-p155-gbtu-abg1"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-razg-yr7y-ukgd"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-tzs5-qzhn-rqbk"},{"vulnerability":"VCID-u1p8-s8vm-3yer"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wbwx-5vg3-uqcd"},{"vulnerability":"VCID-wgur-psum-pbck"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.83.0"}],"aliases":["CVE-2022-27776"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kkrm-dj79-4ucj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65718?format=json","vulnerability_id":"VCID-kq38-7s5x-nqaz","summary":"libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated.  This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7264.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7264.json"},{"reference_url":"https://curl.se/docs/CVE-2024-7264.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"Low","scoring_system":"cvssv3.1","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:05:41Z/"}],"url":"https://curl.se/docs/CVE-2024-7264.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/2629968","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:05:41Z/"}],"url":"https://hackerone.com/reports/2629968"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/07/31/1","reference_id":"1","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:05:41Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/07/31/1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077656","reference_id":"1077656","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077656"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2301888","reference_id":"2301888","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2301888"},{"reference_url":"https://curl.se/docs/CVE-2024-7264.json","reference_id":"CVE-2024-7264.json","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:05:41Z/"}],"url":"https://curl.se/docs/CVE-2024-7264.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7726","reference_id":"RHSA-2024:7726","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7726"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1671","reference_id":"RHSA-2025:1671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1673","reference_id":"RHSA-2025:1673","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1673"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137965?format=json","purl":"pkg:generic/curl.se/curl@8.9.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3p2z-61gq-muhs"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6ggz-pa5t-77c4"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bp56-gy66-mqae"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gux4-dncg-h7a6"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-ns6z-wp2x-fkdq"},{"vulnerability":"VCID-p155-gbtu-abg1"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-t45k-skv6-cfg2"},{"vulnerability":"VCID-u1p8-s8vm-3yer"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wgur-psum-pbck"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.9.1"}],"aliases":["CVE-2024-7264"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kq38-7s5x-nqaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65672?format=json","vulnerability_id":"VCID-mh96-gkf1-9uek","summary":"curl supports \"globbing\" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000101.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000101.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000101","reference_id":"","reference_type":"","scores":[{"value":"0.00655","scoring_system":"epss","scoring_elements":"0.7133","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000101"},{"reference_url":"https://curl.se/docs/CVE-2017-1000101.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2017-1000101.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000101","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000101"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securityfocus.com/bid/100249","reference_id":"100249","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:45:32Z/"}],"url":"http://www.securityfocus.com/bid/100249"},{"reference_url":"http://www.securitytracker.com/id/1039117","reference_id":"1039117","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:45:32Z/"}],"url":"http://www.securitytracker.com/id/1039117"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1478309","reference_id":"1478309","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1478309"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871554","reference_id":"871554","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871554"},{"reference_url":"https://curl.haxx.se/docs/adv_20170809A.html","reference_id":"adv_20170809A.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:45:32Z/"}],"url":"https://curl.haxx.se/docs/adv_20170809A.html"},{"reference_url":"https://security.archlinux.org/ASA-201708-16","reference_id":"ASA-201708-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-16"},{"reference_url":"https://security.archlinux.org/AVG-370","reference_id":"AVG-370","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-370"},{"reference_url":"http://www.debian.org/security/2017/dsa-3992","reference_id":"dsa-3992","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:45:32Z/"}],"url":"http://www.debian.org/security/2017/dsa-3992"},{"reference_url":"https://security.gentoo.org/glsa/201709-14","reference_id":"GLSA-201709-14","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:45:32Z/"}],"url":"https://security.gentoo.org/glsa/201709-14"},{"reference_url":"https://support.apple.com/HT208221","reference_id":"HT208221","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:45:32Z/"}],"url":"https://support.apple.com/HT208221"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137897?format=json","purl":"pkg:generic/curl.se/curl@7.55.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1kpz-55f1-f7dj"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3ws4-1sak-r3ck"},{"vulnerability":"VCID-4hha-2z31-2bf8"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5ujs-47hf-g7gj"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6745-tyba-33fa"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7jrx-ykk8-h3gp"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bb6v-z8yg-6fe3"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f8vu-23bb-5ue7"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kae8-wmf2-2kf1"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-naac-snjw-qbad"},{"vulnerability":"VCID-p7mn-a632-c3ag"},{"vulnerability":"VCID-p8vk-yf66-wbb7"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-qrnc-7ywu-37cz"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-raxd-4nxj-gkhp"},{"vulnerability":"VCID-rt5e-saz2-j7c9"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-swmn-7ns9-ekg1"},{"vulnerability":"VCID-tcxd-z7f3-kkes"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-tn33-re3r-yfhw"},{"vulnerability":"VCID-uj78-2cgz-zbdb"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"},{"vulnerability":"VCID-zg98-v6dj-s7gv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.55.0"}],"aliases":["CVE-2017-1000101"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mh96-gkf1-9uek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65663?format=json","vulnerability_id":"VCID-mq44-5pmp-2qhh","summary":"Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5421.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5421.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5421","reference_id":"","reference_type":"","scores":[{"value":"0.01092","scoring_system":"epss","scoring_elements":"0.78294","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5421"},{"reference_url":"https://curl.se/docs/CVE-2016-5421.html","reference_id":"","reference_type":"","scores":[{"value":"High","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2016-5421.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5419","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5419"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5420","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5420"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5421","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5421"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1362199","reference_id":"1362199","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1362199"},{"reference_url":"https://security.gentoo.org/glsa/201701-47","reference_id":"GLSA-201701-47","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-47"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137886?format=json","purl":"pkg:generic/curl.se/curl@7.50.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1b5g-9trz-7ufb"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1kpz-55f1-f7dj"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1y6d-7vfu-ybb3"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3ws4-1sak-r3ck"},{"vulnerability":"VCID-4hha-2z31-2bf8"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-51ac-1jc2-vfed"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5svr-3vv9-mqea"},{"vulnerability":"VCID-5ujs-47hf-g7gj"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-5xjw-u8ad-n3g5"},{"vulnerability":"VCID-6745-tyba-33fa"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7jrx-ykk8-h3gp"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-av4f-gxku-qbhp"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bb6v-z8yg-6fe3"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f8vu-23bb-5ue7"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jf17-h97b-6bak"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-mh96-gkf1-9uek"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-naac-snjw-qbad"},{"vulnerability":"VCID-p8vk-yf66-wbb7"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8ja-keyk-fyfb"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-qe9z-wuze-tucq"},{"vulnerability":"VCID-qrnc-7ywu-37cz"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-raxd-4nxj-gkhp"},{"vulnerability":"VCID-rt5e-saz2-j7c9"},{"vulnerability":"VCID-s2gu-8jpq-mub9"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sesh-938m-x3f8"},{"vulnerability":"VCID-snsg-c2up-b7cn"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-swmn-7ns9-ekg1"},{"vulnerability":"VCID-tcxd-z7f3-kkes"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-tn33-re3r-yfhw"},{"vulnerability":"VCID-ugrr-z2zv-6qgp"},{"vulnerability":"VCID-vfc1-yy11-bycp"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-xyze-msxs-1qem"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"},{"vulnerability":"VCID-z8ex-47nd-47cm"},{"vulnerability":"VCID-zg98-v6dj-s7gv"},{"vulnerability":"VCID-zqyj-7rr3-fqew"},{"vulnerability":"VCID-zv25-wupq-bqfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.50.1"}],"aliases":["CVE-2016-5421"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mq44-5pmp-2qhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65689?format=json","vulnerability_id":"VCID-msd2-35g9-nyd2","summary":"A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8284.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8284.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8284","reference_id":"","reference_type":"","scores":[{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24269","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8284"},{"reference_url":"https://curl.se/docs/CVE-2020-8284.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Low","scoring_system":"cvssv3.1","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:56:25Z/"}],"url":"https://curl.se/docs/CVE-2020-8284.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1040166","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:56:25Z/"}],"url":"https://hackerone.com/reports/1040166"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1902667","reference_id":"1902667","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1902667"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977163","reference_id":"977163","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977163"},{"reference_url":"https://security.archlinux.org/AVG-1337","reference_id":"AVG-1337","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1337"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/","reference_id":"DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:56:25Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/"},{"reference_url":"https://www.debian.org/security/2021/dsa-4881","reference_id":"dsa-4881","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:56:25Z/"}],"url":"https://www.debian.org/security/2021/dsa-4881"},{"reference_url":"https://security.gentoo.org/glsa/202012-14","reference_id":"GLSA-202012-14","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:56:25Z/"}],"url":"https://security.gentoo.org/glsa/202012-14"},{"reference_url":"https://support.apple.com/kb/HT212325","reference_id":"HT212325","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:56:25Z/"}],"url":"https://support.apple.com/kb/HT212325"},{"reference_url":"https://support.apple.com/kb/HT212326","reference_id":"HT212326","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:56:25Z/"}],"url":"https://support.apple.com/kb/HT212326"},{"reference_url":"https://support.apple.com/kb/HT212327","reference_id":"HT212327","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:56:25Z/"}],"url":"https://support.apple.com/kb/HT212327"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html","reference_id":"msg00029.html","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:56:25Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210122-0007/","reference_id":"ntap-20210122-0007","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:56:25Z/"}],"url":"https://security.netapp.com/advisory/ntap-20210122-0007/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/","reference_id":"NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:56:25Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1610","reference_id":"RHSA-2021:1610","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1610"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2471","reference_id":"RHSA-2021:2471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2472","reference_id":"RHSA-2021:2472","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2472"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137929?format=json","purl":"pkg:generic/curl.se/curl@7.74.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6ggz-pa5t-77c4"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-7z3h-9pk3-rqct"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-byzw-xw9s-pkga"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-cjyz-fdnv-b3g4"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kn6z-caj8-bbc9"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-p155-gbtu-abg1"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-razg-yr7y-ukgd"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-tzs5-qzhn-rqbk"},{"vulnerability":"VCID-urgp-rqyc-sqer"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wbwx-5vg3-uqcd"},{"vulnerability":"VCID-wgur-psum-pbck"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.74.0"}],"aliases":["CVE-2020-8284"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-msd2-35g9-nyd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65673?format=json","vulnerability_id":"VCID-naac-snjw-qbad","summary":"libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000254.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000254.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000254","reference_id":"","reference_type":"","scores":[{"value":"0.01318","scoring_system":"epss","scoring_elements":"0.80206","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000254"},{"reference_url":"https://curl.se/docs/CVE-2017-1000254.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2017-1000254.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000101","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000101"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1495541","reference_id":"1495541","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1495541"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877671","reference_id":"877671","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877671"},{"reference_url":"https://security.archlinux.org/ASA-201710-2","reference_id":"ASA-201710-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-2"},{"reference_url":"https://security.archlinux.org/ASA-201710-3","reference_id":"ASA-201710-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-3"},{"reference_url":"https://security.archlinux.org/ASA-201710-4","reference_id":"ASA-201710-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-4"},{"reference_url":"https://security.archlinux.org/ASA-201710-5","reference_id":"ASA-201710-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-5"},{"reference_url":"https://security.archlinux.org/ASA-201710-6","reference_id":"ASA-201710-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-6"},{"reference_url":"https://security.archlinux.org/ASA-201710-7","reference_id":"ASA-201710-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-7"},{"reference_url":"https://security.archlinux.org/AVG-371","reference_id":"AVG-371","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-371"},{"reference_url":"https://security.archlinux.org/AVG-386","reference_id":"AVG-386","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-386"},{"reference_url":"https://security.archlinux.org/AVG-387","reference_id":"AVG-387","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-387"},{"reference_url":"https://security.archlinux.org/AVG-388","reference_id":"AVG-388","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-388"},{"reference_url":"https://security.archlinux.org/AVG-389","reference_id":"AVG-389","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-389"},{"reference_url":"https://security.archlinux.org/AVG-422","reference_id":"AVG-422","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-422"},{"reference_url":"https://security.gentoo.org/glsa/201712-04","reference_id":"GLSA-201712-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201712-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137899?format=json","purl":"pkg:generic/curl.se/curl@7.56.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1kpz-55f1-f7dj"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3ws4-1sak-r3ck"},{"vulnerability":"VCID-4hha-2z31-2bf8"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5ujs-47hf-g7gj"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6745-tyba-33fa"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7jrx-ykk8-h3gp"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bb6v-z8yg-6fe3"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-dj48-3dkt-dbdh"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f8vu-23bb-5ue7"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kae8-wmf2-2kf1"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-p7mn-a632-c3ag"},{"vulnerability":"VCID-p8vk-yf66-wbb7"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-qrnc-7ywu-37cz"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-raxd-4nxj-gkhp"},{"vulnerability":"VCID-rt5e-saz2-j7c9"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-swmn-7ns9-ekg1"},{"vulnerability":"VCID-tcxd-z7f3-kkes"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-tn33-re3r-yfhw"},{"vulnerability":"VCID-uj78-2cgz-zbdb"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"},{"vulnerability":"VCID-zg98-v6dj-s7gv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.56.0"}],"aliases":["CVE-2017-1000254"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-naac-snjw-qbad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65682?format=json","vulnerability_id":"VCID-p8vk-yf66-wbb7","summary":"A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000121.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000121.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000121","reference_id":"","reference_type":"","scores":[{"value":"0.02668","scoring_system":"epss","scoring_elements":"0.86088","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000121"},{"reference_url":"https://curl.se/docs/CVE-2018-1000121.html","reference_id":"","reference_type":"","scores":[{"value":"Low","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2018-1000121.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000120","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000120"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000121","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000121"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000122"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1552631","reference_id":"1552631","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1552631"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893546","reference_id":"893546","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893546"},{"reference_url":"https://security.archlinux.org/ASA-201803-15","reference_id":"ASA-201803-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-15"},{"reference_url":"https://security.archlinux.org/ASA-201803-16","reference_id":"ASA-201803-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-16"},{"reference_url":"https://security.archlinux.org/ASA-201803-17","reference_id":"ASA-201803-17","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-17"},{"reference_url":"https://security.archlinux.org/ASA-201803-18","reference_id":"ASA-201803-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-18"},{"reference_url":"https://security.archlinux.org/ASA-201803-19","reference_id":"ASA-201803-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-19"},{"reference_url":"https://security.archlinux.org/ASA-201803-20","reference_id":"ASA-201803-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-20"},{"reference_url":"https://security.archlinux.org/AVG-653","reference_id":"AVG-653","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-653"},{"reference_url":"https://security.archlinux.org/AVG-654","reference_id":"AVG-654","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-654"},{"reference_url":"https://security.archlinux.org/AVG-655","reference_id":"AVG-655","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-655"},{"reference_url":"https://security.archlinux.org/AVG-656","reference_id":"AVG-656","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-656"},{"reference_url":"https://security.archlinux.org/AVG-660","reference_id":"AVG-660","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-660"},{"reference_url":"https://security.archlinux.org/AVG-661","reference_id":"AVG-661","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-661"},{"reference_url":"https://security.gentoo.org/glsa/201804-04","reference_id":"GLSA-201804-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201804-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137904?format=json","purl":"pkg:generic/curl.se/curl@7.59.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1kpz-55f1-f7dj"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3ws4-1sak-r3ck"},{"vulnerability":"VCID-4hha-2z31-2bf8"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6745-tyba-33fa"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bb6v-z8yg-6fe3"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kae8-wmf2-2kf1"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-p7mn-a632-c3ag"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-qrnc-7ywu-37cz"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-tcxd-z7f3-kkes"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-ubnn-z97k-47gw"},{"vulnerability":"VCID-uj78-2cgz-zbdb"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wbwx-5vg3-uqcd"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"},{"vulnerability":"VCID-zg98-v6dj-s7gv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.59.0"}],"aliases":["CVE-2018-1000121"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p8vk-yf66-wbb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65702?format=json","vulnerability_id":"VCID-p97a-kjpp-f3d8","summary":"A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27534.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27534.json"},{"reference_url":"https://curl.se/docs/CVE-2023-27534.html","reference_id":"","reference_type":"","scores":[{"value":"Low","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2023-27534.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1892351","reference_id":"","reference_type":"","scores":[],"url":"https://hackerone.com/reports/1892351"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2179069","reference_id":"2179069","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2179069"},{"reference_url":"https://security.gentoo.org/glsa/202310-12","reference_id":"GLSA-202310-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202310-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3354","reference_id":"RHSA-2023:3354","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3354"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3355","reference_id":"RHSA-2023:3355","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3355"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6679","reference_id":"RHSA-2023:6679","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6679"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137950?format=json","purl":"pkg:generic/curl.se/curl@8.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3p2z-61gq-muhs"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6en5-etsd-2bce"},{"vulnerability":"VCID-6ggz-pa5t-77c4"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-85qb-zec7-subc"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-ffmg-djmk-57hn"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gux4-dncg-h7a6"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-k3nv-gf9b-5ua2"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-p155-gbtu-abg1"},{"vulnerability":"VCID-razg-yr7y-ukgd"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-u1p8-s8vm-3yer"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wgur-psum-pbck"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.0.0"}],"aliases":["CVE-2023-27534"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p97a-kjpp-f3d8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53890?format=json","vulnerability_id":"VCID-q46r-7nct-s3bw","summary":"Out-of-bounds Write\ncurl is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8285.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8285.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8285","reference_id":"","reference_type":"","scores":[{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.73342","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8285"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1045844","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:06:58Z/"}],"url":"https://hackerone.com/reports/1045844"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1902687","reference_id":"1902687","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1902687"},{"reference_url":"http://seclists.org/fulldisclosure/2021/Apr/51","reference_id":"51","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:06:58Z/"}],"url":"http://seclists.org/fulldisclosure/2021/Apr/51"},{"reference_url":"https://github.com/curl/curl/issues/6255","reference_id":"6255","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:06:58Z/"}],"url":"https://github.com/curl/curl/issues/6255"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977162","reference_id":"977162","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977162"},{"reference_url":"https://security.archlinux.org/AVG-1337","reference_id":"AVG-1337","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1337"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8285","reference_id":"CVE-2020-8285","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8285"},{"reference_url":"https://curl.se/docs/CVE-2020-8285.html","reference_id":"CVE-2020-8285.HTML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:06:58Z/"}],"url":"https://curl.se/docs/CVE-2020-8285.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/","reference_id":"DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:06:58Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/"},{"reference_url":"https://www.debian.org/security/2021/dsa-4881","reference_id":"dsa-4881","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:06:58Z/"}],"url":"https://www.debian.org/security/2021/dsa-4881"},{"reference_url":"https://security.gentoo.org/glsa/202012-14","reference_id":"GLSA-202012-14","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:06:58Z/"}],"url":"https://security.gentoo.org/glsa/202012-14"},{"reference_url":"https://support.apple.com/kb/HT212325","reference_id":"HT212325","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:06:58Z/"}],"url":"https://support.apple.com/kb/HT212325"},{"reference_url":"https://support.apple.com/kb/HT212326","reference_id":"HT212326","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:06:58Z/"}],"url":"https://support.apple.com/kb/HT212326"},{"reference_url":"https://support.apple.com/kb/HT212327","reference_id":"HT212327","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:06:58Z/"}],"url":"https://support.apple.com/kb/HT212327"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html","reference_id":"msg00029.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:06:58Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210122-0007/","reference_id":"ntap-20210122-0007","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:06:58Z/"}],"url":"https://security.netapp.com/advisory/ntap-20210122-0007/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/","reference_id":"NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:06:58Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/"},{"reference_url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","reference_id":"r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:06:58Z/"}],"url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","reference_id":"rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:06:58Z/"}],"url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1610","reference_id":"RHSA-2021:1610","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1610"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2471","reference_id":"RHSA-2021:2471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2472","reference_id":"RHSA-2021:2472","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2472"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137929?format=json","purl":"pkg:generic/curl.se/curl@7.74.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6ggz-pa5t-77c4"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-7z3h-9pk3-rqct"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-byzw-xw9s-pkga"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-cjyz-fdnv-b3g4"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kn6z-caj8-bbc9"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-p155-gbtu-abg1"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-razg-yr7y-ukgd"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-tzs5-qzhn-rqbk"},{"vulnerability":"VCID-urgp-rqyc-sqer"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wbwx-5vg3-uqcd"},{"vulnerability":"VCID-wgur-psum-pbck"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.74.0"}],"aliases":["CVE-2020-8285"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q46r-7nct-s3bw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6739?format=json","vulnerability_id":"VCID-q8ja-keyk-fyfb","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8625.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8625.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8625","reference_id":"","reference_type":"","scores":[{"value":"0.01671","scoring_system":"epss","scoring_elements":"0.82463","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8625"},{"reference_url":"https://curl.se/docs/CVE-2016-8625.html","reference_id":"","reference_type":"","scores":[{"value":"High","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2016-8625.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8625","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8625"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388392","reference_id":"1388392","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388392"},{"reference_url":"https://security.archlinux.org/ASA-201611-10","reference_id":"ASA-201611-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-10"},{"reference_url":"https://security.archlinux.org/ASA-201611-4","reference_id":"ASA-201611-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-4"},{"reference_url":"https://security.archlinux.org/ASA-201611-5","reference_id":"ASA-201611-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-5"},{"reference_url":"https://security.archlinux.org/ASA-201611-7","reference_id":"ASA-201611-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-7"},{"reference_url":"https://security.archlinux.org/ASA-201611-8","reference_id":"ASA-201611-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-8"},{"reference_url":"https://security.archlinux.org/ASA-201611-9","reference_id":"ASA-201611-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-9"},{"reference_url":"https://security.archlinux.org/AVG-60","reference_id":"AVG-60","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-60"},{"reference_url":"https://security.archlinux.org/AVG-61","reference_id":"AVG-61","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-61"},{"reference_url":"https://security.archlinux.org/AVG-62","reference_id":"AVG-62","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-62"},{"reference_url":"https://security.archlinux.org/AVG-63","reference_id":"AVG-63","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-63"},{"reference_url":"https://security.archlinux.org/AVG-65","reference_id":"AVG-65","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-65"},{"reference_url":"https://security.archlinux.org/AVG-66","reference_id":"AVG-66","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-66"},{"reference_url":"https://security.gentoo.org/glsa/201701-47","reference_id":"GLSA-201701-47","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-47"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137889?format=json","purl":"pkg:generic/curl.se/curl@7.51.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1b5g-9trz-7ufb"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1kpz-55f1-f7dj"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3ws4-1sak-r3ck"},{"vulnerability":"VCID-4hha-2z31-2bf8"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5svr-3vv9-mqea"},{"vulnerability":"VCID-5ujs-47hf-g7gj"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6745-tyba-33fa"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7jrx-ykk8-h3gp"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bb6v-z8yg-6fe3"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f8vu-23bb-5ue7"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jf17-h97b-6bak"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-mh96-gkf1-9uek"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-naac-snjw-qbad"},{"vulnerability":"VCID-p8vk-yf66-wbb7"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-qrnc-7ywu-37cz"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-raxd-4nxj-gkhp"},{"vulnerability":"VCID-rt5e-saz2-j7c9"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-swmn-7ns9-ekg1"},{"vulnerability":"VCID-tcxd-z7f3-kkes"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-tn33-re3r-yfhw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"},{"vulnerability":"VCID-z8ex-47nd-47cm"},{"vulnerability":"VCID-zg98-v6dj-s7gv"},{"vulnerability":"VCID-zqyj-7rr3-fqew"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.51.0"}],"aliases":["CVE-2016-8625"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q8ja-keyk-fyfb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5243?format=json","vulnerability_id":"VCID-q8tg-prj1-y7b8","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22946.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22946.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22946","reference_id":"","reference_type":"","scores":[{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.1971","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22946"},{"reference_url":"https://curl.se/docs/CVE-2021-22946.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2021-22946.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1334111","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:53:35Z/"}],"url":"https://hackerone.com/reports/1334111"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017589","reference_id":"1017589","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017589"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2003175","reference_id":"2003175","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2003175"},{"reference_url":"http://seclists.org/fulldisclosure/2022/Mar/29","reference_id":"29","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:53:35Z/"}],"url":"http://seclists.org/fulldisclosure/2022/Mar/29"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/","reference_id":"APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:53:35Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/"},{"reference_url":"https://security.archlinux.org/AVG-2384","reference_id":"AVG-2384","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2384"},{"reference_url":"https://security.archlinux.org/AVG-2385","reference_id":"AVG-2385","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2385"},{"reference_url":"https://security.archlinux.org/AVG-2386","reference_id":"AVG-2386","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2386"},{"reference_url":"https://security.archlinux.org/AVG-2387","reference_id":"AVG-2387","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2387"},{"reference_url":"https://security.archlinux.org/AVG-2388","reference_id":"AVG-2388","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2388"},{"reference_url":"https://security.archlinux.org/AVG-2389","reference_id":"AVG-2389","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2389"},{"reference_url":"https://www.debian.org/security/2022/dsa-5197","reference_id":"dsa-5197","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:53:35Z/"}],"url":"https://www.debian.org/security/2022/dsa-5197"},{"reference_url":"https://security.gentoo.org/glsa/202212-01","reference_id":"GLSA-202212-01","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:53:35Z/"}],"url":"https://security.gentoo.org/glsa/202212-01"},{"reference_url":"https://support.apple.com/kb/HT213183","reference_id":"HT213183","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:53:35Z/"}],"url":"https://support.apple.com/kb/HT213183"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html","reference_id":"msg00017.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:53:35Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html","reference_id":"msg00022.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:53:35Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211029-0003/","reference_id":"ntap-20211029-0003","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:53:35Z/"}],"url":"https://security.netapp.com/advisory/ntap-20211029-0003/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220121-0008/","reference_id":"ntap-20220121-0008","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:53:35Z/"}],"url":"https://security.netapp.com/advisory/ntap-20220121-0008/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4059","reference_id":"RHSA-2021:4059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0635","reference_id":"RHSA-2022:0635","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0635"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1354","reference_id":"RHSA-2022:1354","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1354"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/","reference_id":"RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:53:35Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137935?format=json","purl":"pkg:generic/curl.se/curl@7.79.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-287k-bzqy-n7ag"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3p2z-61gq-muhs"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6ggz-pa5t-77c4"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7z3h-9pk3-rqct"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h4nw-va5b-23ef"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-k5vr-1fmp-sqbw"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-ns58-vmsz-5ued"},{"vulnerability":"VCID-nwvb-d466-4uaa"},{"vulnerability":"VCID-p155-gbtu-abg1"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-razg-yr7y-ukgd"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-tzs5-qzhn-rqbk"},{"vulnerability":"VCID-u1p8-s8vm-3yer"},{"vulnerability":"VCID-urgp-rqyc-sqer"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wbwx-5vg3-uqcd"},{"vulnerability":"VCID-wgur-psum-pbck"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.79.0"}],"aliases":["CVE-2021-22946"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q8tg-prj1-y7b8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6746?format=json","vulnerability_id":"VCID-qe9z-wuze-tucq","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8616.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8616.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8616","reference_id":"","reference_type":"","scores":[{"value":"0.04507","scoring_system":"epss","scoring_elements":"0.89324","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8616"},{"reference_url":"https://curl.se/docs/CVE-2016-8616.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2016-8616.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"1.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388371","reference_id":"1388371","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388371"},{"reference_url":"https://security.archlinux.org/ASA-201611-10","reference_id":"ASA-201611-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-10"},{"reference_url":"https://security.archlinux.org/ASA-201611-4","reference_id":"ASA-201611-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-4"},{"reference_url":"https://security.archlinux.org/ASA-201611-5","reference_id":"ASA-201611-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-5"},{"reference_url":"https://security.archlinux.org/ASA-201611-7","reference_id":"ASA-201611-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-7"},{"reference_url":"https://security.archlinux.org/ASA-201611-8","reference_id":"ASA-201611-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-8"},{"reference_url":"https://security.archlinux.org/ASA-201611-9","reference_id":"ASA-201611-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-9"},{"reference_url":"https://security.archlinux.org/AVG-60","reference_id":"AVG-60","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-60"},{"reference_url":"https://security.archlinux.org/AVG-61","reference_id":"AVG-61","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-61"},{"reference_url":"https://security.archlinux.org/AVG-62","reference_id":"AVG-62","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-62"},{"reference_url":"https://security.archlinux.org/AVG-63","reference_id":"AVG-63","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-63"},{"reference_url":"https://security.archlinux.org/AVG-65","reference_id":"AVG-65","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-65"},{"reference_url":"https://security.archlinux.org/AVG-66","reference_id":"AVG-66","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-66"},{"reference_url":"https://security.gentoo.org/glsa/201701-47","reference_id":"GLSA-201701-47","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-47"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137889?format=json","purl":"pkg:generic/curl.se/curl@7.51.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1b5g-9trz-7ufb"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1kpz-55f1-f7dj"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3ws4-1sak-r3ck"},{"vulnerability":"VCID-4hha-2z31-2bf8"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5svr-3vv9-mqea"},{"vulnerability":"VCID-5ujs-47hf-g7gj"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6745-tyba-33fa"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7jrx-ykk8-h3gp"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bb6v-z8yg-6fe3"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f8vu-23bb-5ue7"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jf17-h97b-6bak"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-mh96-gkf1-9uek"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-naac-snjw-qbad"},{"vulnerability":"VCID-p8vk-yf66-wbb7"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-qrnc-7ywu-37cz"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-raxd-4nxj-gkhp"},{"vulnerability":"VCID-rt5e-saz2-j7c9"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-swmn-7ns9-ekg1"},{"vulnerability":"VCID-tcxd-z7f3-kkes"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-tn33-re3r-yfhw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"},{"vulnerability":"VCID-z8ex-47nd-47cm"},{"vulnerability":"VCID-zg98-v6dj-s7gv"},{"vulnerability":"VCID-zqyj-7rr3-fqew"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.51.0"}],"aliases":["CVE-2016-8616"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qe9z-wuze-tucq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6152?format=json","vulnerability_id":"VCID-qrnc-7ywu-37cz","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3822.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3822.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3822","reference_id":"","reference_type":"","scores":[{"value":"0.18518","scoring_system":"epss","scoring_elements":"0.95371","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3822"},{"reference_url":"https://curl.se/docs/CVE-2019-3822.html","reference_id":"","reference_type":"","scores":[{"value":"High","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2019-3822.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securityfocus.com/bid/106950","reference_id":"106950","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:52:41Z/"}],"url":"http://www.securityfocus.com/bid/106950"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1670254","reference_id":"1670254","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1670254"},{"reference_url":"https://usn.ubuntu.com/3882-1/","reference_id":"3882-1","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:52:41Z/"}],"url":"https://usn.ubuntu.com/3882-1/"},{"reference_url":"https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E","reference_id":"8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:52:41Z/"}],"url":"https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E"},{"reference_url":"https://security.archlinux.org/ASA-201902-10","reference_id":"ASA-201902-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201902-10"},{"reference_url":"https://security.archlinux.org/ASA-201902-11","reference_id":"ASA-201902-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201902-11"},{"reference_url":"https://security.archlinux.org/ASA-201902-12","reference_id":"ASA-201902-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201902-12"},{"reference_url":"https://security.archlinux.org/ASA-201902-13","reference_id":"ASA-201902-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201902-13"},{"reference_url":"https://security.archlinux.org/ASA-201902-9","reference_id":"ASA-201902-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201902-9"},{"reference_url":"https://security.archlinux.org/AVG-873","reference_id":"AVG-873","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-873"},{"reference_url":"https://security.archlinux.org/AVG-874","reference_id":"AVG-874","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-874"},{"reference_url":"https://security.archlinux.org/AVG-875","reference_id":"AVG-875","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-875"},{"reference_url":"https://security.archlinux.org/AVG-876","reference_id":"AVG-876","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-876"},{"reference_url":"https://security.archlinux.org/AVG-877","reference_id":"AVG-877","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-877"},{"reference_url":"https://curl.haxx.se/docs/CVE-2019-3822.html","reference_id":"CVE-2019-3822.html","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:52:41Z/"}],"url":"https://curl.haxx.se/docs/CVE-2019-3822.html"},{"reference_url":"https://www.debian.org/security/2019/dsa-4386","reference_id":"dsa-4386","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:52:41Z/"}],"url":"https://www.debian.org/security/2019/dsa-4386"},{"reference_url":"https://security.gentoo.org/glsa/201903-03","reference_id":"GLSA-201903-03","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:52:41Z/"}],"url":"https://security.gentoo.org/glsa/201903-03"},{"reference_url":"https://support.f5.com/csp/article/K84141449","reference_id":"K84141449","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:52:41Z/"}],"url":"https://support.f5.com/csp/article/K84141449"},{"reference_url":"https://support.f5.com/csp/article/K84141449?utm_source=f5support&amp%3Butm_medium=RSS","reference_id":"K84141449?utm_source=f5support&amp%3Butm_medium=RSS","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:52:41Z/"}],"url":"https://support.f5.com/csp/article/K84141449?utm_source=f5support&amp%3Butm_medium=RSS"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190315-0001/","reference_id":"ntap-20190315-0001","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:52:41Z/"}],"url":"https://security.netapp.com/advisory/ntap-20190315-0001/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190719-0004/","reference_id":"ntap-20190719-0004","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:52:41Z/"}],"url":"https://security.netapp.com/advisory/ntap-20190719-0004/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3701","reference_id":"RHSA-2019:3701","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:52:41Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:3701"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3822","reference_id":"show_bug.cgi?id=CVE-2019-3822","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:52:41Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3822"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf","reference_id":"ssa-436177.pdf","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:52:41Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137911?format=json","purl":"pkg:generic/curl.se/curl@7.64.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-byzw-xw9s-pkga"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-fp66-fzqt-6yg7"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kn6z-caj8-bbc9"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-tcxd-z7f3-kkes"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-uj78-2cgz-zbdb"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wbwx-5vg3-uqcd"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xc5k-47n9-43d6"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.64.0"}],"aliases":["CVE-2019-3822"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qrnc-7ywu-37cz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65697?format=json","vulnerability_id":"VCID-r2g9-c896-rkge","summary":"A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43552.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43552.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43552","reference_id":"","reference_type":"","scores":[{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27848","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43552"},{"reference_url":"https://curl.se/docs/CVE-2022-43552.html","reference_id":"","reference_type":"","scores":[{"value":"Low","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2022-43552.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1764858","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:27:40Z/"}],"url":"https://hackerone.com/reports/1764858"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026830","reference_id":"1026830","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026830"},{"reference_url":"http://seclists.org/fulldisclosure/2023/Mar/17","reference_id":"17","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:27:40Z/"}],"url":"http://seclists.org/fulldisclosure/2023/Mar/17"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2152652","reference_id":"2152652","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2152652"},{"reference_url":"https://security.gentoo.org/glsa/202310-12","reference_id":"GLSA-202310-12","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:27:40Z/"}],"url":"https://security.gentoo.org/glsa/202310-12"},{"reference_url":"https://support.apple.com/kb/HT213670","reference_id":"HT213670","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:27:40Z/"}],"url":"https://support.apple.com/kb/HT213670"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230214-0002/","reference_id":"ntap-20230214-0002","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:27:40Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230214-0002/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2478","reference_id":"RHSA-2023:2478","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2478"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2963","reference_id":"RHSA-2023:2963","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2963"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3354","reference_id":"RHSA-2023:3354","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3354"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3355","reference_id":"RHSA-2023:3355","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3355"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7743","reference_id":"RHSA-2023:7743","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7743"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0428","reference_id":"RHSA-2024:0428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0428"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137947?format=json","purl":"pkg:generic/curl.se/curl@7.87.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-287k-bzqy-n7ag"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3p2z-61gq-muhs"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6en5-etsd-2bce"},{"vulnerability":"VCID-6ggz-pa5t-77c4"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-85qb-zec7-subc"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-ffmg-djmk-57hn"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-gux4-dncg-h7a6"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-k3nv-gf9b-5ua2"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-nwvb-d466-4uaa"},{"vulnerability":"VCID-p155-gbtu-abg1"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-razg-yr7y-ukgd"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-u1p8-s8vm-3yer"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wgur-psum-pbck"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.87.0"}],"aliases":["CVE-2022-43552"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r2g9-c896-rkge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65680?format=json","vulnerability_id":"VCID-raxd-4nxj-gkhp","summary":"libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like `:` to the target buffer, while this was recently changed to `: ` (a space was added after the colon) but the following math wasn't updated correspondingly. When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to client write. This could lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back or uses the trailers for something.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000005.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000005.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000005","reference_id":"","reference_type":"","scores":[{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58816","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000005"},{"reference_url":"https://curl.se/docs/CVE-2018-1000005.html","reference_id":"","reference_type":"","scores":[{"value":"Low","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2018-1000005.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1536013","reference_id":"1536013","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1536013"},{"reference_url":"https://security.archlinux.org/ASA-201801-20","reference_id":"ASA-201801-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201801-20"},{"reference_url":"https://security.archlinux.org/ASA-201801-22","reference_id":"ASA-201801-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201801-22"},{"reference_url":"https://security.archlinux.org/ASA-201801-23","reference_id":"ASA-201801-23","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201801-23"},{"reference_url":"https://security.archlinux.org/ASA-201801-24","reference_id":"ASA-201801-24","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201801-24"},{"reference_url":"https://security.archlinux.org/ASA-201801-25","reference_id":"ASA-201801-25","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201801-25"},{"reference_url":"https://security.archlinux.org/ASA-201801-26","reference_id":"ASA-201801-26","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201801-26"},{"reference_url":"https://security.archlinux.org/AVG-593","reference_id":"AVG-593","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-593"},{"reference_url":"https://security.archlinux.org/AVG-594","reference_id":"AVG-594","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-594"},{"reference_url":"https://security.archlinux.org/AVG-595","reference_id":"AVG-595","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-595"},{"reference_url":"https://security.archlinux.org/AVG-596","reference_id":"AVG-596","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-596"},{"reference_url":"https://security.archlinux.org/AVG-597","reference_id":"AVG-597","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-597"},{"reference_url":"https://security.archlinux.org/AVG-598","reference_id":"AVG-598","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-598"},{"reference_url":"https://security.gentoo.org/glsa/201804-04","reference_id":"GLSA-201804-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201804-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137903?format=json","purl":"pkg:generic/curl.se/curl@7.58.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1kpz-55f1-f7dj"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3ws4-1sak-r3ck"},{"vulnerability":"VCID-4hha-2z31-2bf8"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5ujs-47hf-g7gj"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6745-tyba-33fa"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bb6v-z8yg-6fe3"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kae8-wmf2-2kf1"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-p7mn-a632-c3ag"},{"vulnerability":"VCID-p8vk-yf66-wbb7"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-qrnc-7ywu-37cz"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-tcxd-z7f3-kkes"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-tn33-re3r-yfhw"},{"vulnerability":"VCID-uj78-2cgz-zbdb"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wbwx-5vg3-uqcd"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"},{"vulnerability":"VCID-zg98-v6dj-s7gv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.58.0"}],"aliases":["CVE-2018-1000005"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-raxd-4nxj-gkhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65681?format=json","vulnerability_id":"VCID-rt5e-saz2-j7c9","summary":"libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000007.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000007.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000007","reference_id":"","reference_type":"","scores":[{"value":"0.03854","scoring_system":"epss","scoring_elements":"0.88416","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000007"},{"reference_url":"https://curl.se/docs/CVE-2018-1000007.html","reference_id":"","reference_type":"","scores":[{"value":"Low","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2018-1000007.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000007","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000007"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1537125","reference_id":"1537125","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1537125"},{"reference_url":"https://security.archlinux.org/ASA-201801-20","reference_id":"ASA-201801-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201801-20"},{"reference_url":"https://security.archlinux.org/ASA-201801-22","reference_id":"ASA-201801-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201801-22"},{"reference_url":"https://security.archlinux.org/ASA-201801-23","reference_id":"ASA-201801-23","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201801-23"},{"reference_url":"https://security.archlinux.org/ASA-201801-24","reference_id":"ASA-201801-24","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201801-24"},{"reference_url":"https://security.archlinux.org/ASA-201801-25","reference_id":"ASA-201801-25","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201801-25"},{"reference_url":"https://security.archlinux.org/ASA-201801-26","reference_id":"ASA-201801-26","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201801-26"},{"reference_url":"https://security.archlinux.org/AVG-593","reference_id":"AVG-593","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-593"},{"reference_url":"https://security.archlinux.org/AVG-594","reference_id":"AVG-594","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-594"},{"reference_url":"https://security.archlinux.org/AVG-595","reference_id":"AVG-595","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-595"},{"reference_url":"https://security.archlinux.org/AVG-596","reference_id":"AVG-596","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-596"},{"reference_url":"https://security.archlinux.org/AVG-597","reference_id":"AVG-597","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-597"},{"reference_url":"https://security.archlinux.org/AVG-598","reference_id":"AVG-598","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-598"},{"reference_url":"https://security.gentoo.org/glsa/201804-04","reference_id":"GLSA-201804-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201804-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137903?format=json","purl":"pkg:generic/curl.se/curl@7.58.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1kpz-55f1-f7dj"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3ws4-1sak-r3ck"},{"vulnerability":"VCID-4hha-2z31-2bf8"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5ujs-47hf-g7gj"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6745-tyba-33fa"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bb6v-z8yg-6fe3"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kae8-wmf2-2kf1"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-p7mn-a632-c3ag"},{"vulnerability":"VCID-p8vk-yf66-wbb7"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-qrnc-7ywu-37cz"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-tcxd-z7f3-kkes"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-tn33-re3r-yfhw"},{"vulnerability":"VCID-uj78-2cgz-zbdb"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wbwx-5vg3-uqcd"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"},{"vulnerability":"VCID-zg98-v6dj-s7gv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.58.0"}],"aliases":["CVE-2018-1000007"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rt5e-saz2-j7c9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65665?format=json","vulnerability_id":"VCID-s2gu-8jpq-mub9","summary":"Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7167.json","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7167.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7167","reference_id":"","reference_type":"","scores":[{"value":"0.02257","scoring_system":"epss","scoring_elements":"0.8491","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7167"},{"reference_url":"https://curl.se/docs/CVE-2016-7167.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2016-7167.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1375906","reference_id":"1375906","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1375906"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837945","reference_id":"837945","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837945"},{"reference_url":"https://security.archlinux.org/ASA-201609-18","reference_id":"ASA-201609-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201609-18"},{"reference_url":"https://security.archlinux.org/ASA-201609-19","reference_id":"ASA-201609-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201609-19"},{"reference_url":"https://security.archlinux.org/AVG-20","reference_id":"AVG-20","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-20"},{"reference_url":"https://security.archlinux.org/AVG-21","reference_id":"AVG-21","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-21"},{"reference_url":"https://security.gentoo.org/glsa/201701-47","reference_id":"GLSA-201701-47","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-47"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2016","reference_id":"RHSA-2017:2016","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2016"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137888?format=json","purl":"pkg:generic/curl.se/curl@7.50.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1b5g-9trz-7ufb"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1kpz-55f1-f7dj"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1y6d-7vfu-ybb3"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3ws4-1sak-r3ck"},{"vulnerability":"VCID-4hha-2z31-2bf8"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-51ac-1jc2-vfed"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5svr-3vv9-mqea"},{"vulnerability":"VCID-5ujs-47hf-g7gj"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-5xjw-u8ad-n3g5"},{"vulnerability":"VCID-6745-tyba-33fa"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7jrx-ykk8-h3gp"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-av4f-gxku-qbhp"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bb6v-z8yg-6fe3"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f8vu-23bb-5ue7"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jf17-h97b-6bak"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-mh96-gkf1-9uek"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-naac-snjw-qbad"},{"vulnerability":"VCID-p8vk-yf66-wbb7"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8ja-keyk-fyfb"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-qe9z-wuze-tucq"},{"vulnerability":"VCID-qrnc-7ywu-37cz"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-raxd-4nxj-gkhp"},{"vulnerability":"VCID-rt5e-saz2-j7c9"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sesh-938m-x3f8"},{"vulnerability":"VCID-snsg-c2up-b7cn"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-swmn-7ns9-ekg1"},{"vulnerability":"VCID-tcxd-z7f3-kkes"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-tn33-re3r-yfhw"},{"vulnerability":"VCID-vfc1-yy11-bycp"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-xyze-msxs-1qem"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"},{"vulnerability":"VCID-z8ex-47nd-47cm"},{"vulnerability":"VCID-zg98-v6dj-s7gv"},{"vulnerability":"VCID-zqyj-7rr3-fqew"},{"vulnerability":"VCID-zv25-wupq-bqfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.50.3"}],"aliases":["CVE-2016-7167"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s2gu-8jpq-mub9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61673?format=json","vulnerability_id":"VCID-secz-78pt-dben","summary":"curl: curl: Proxy credential disclosure via redirects to unauthenticated proxies","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6253.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6253.json"},{"reference_url":"https://curl.se/docs/CVE-2026-6253.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:42:30Z/"}],"url":"https://curl.se/docs/CVE-2026-6253.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/3669637","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:42:30Z/"}],"url":"https://hackerone.com/reports/3669637"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461202","reference_id":"2461202","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461202"},{"reference_url":"https://curl.se/docs/CVE-2026-6253.json","reference_id":"CVE-2026-6253.json","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:42:30Z/"}],"url":"https://curl.se/docs/CVE-2026-6253.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12916","reference_id":"RHSA-2026:12916","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12916"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137980?format=json","purl":"pkg:generic/curl.se/curl@8.20.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.20.0"}],"aliases":["CVE-2026-6253"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-secz-78pt-dben"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6744?format=json","vulnerability_id":"VCID-sesh-938m-x3f8","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8618.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8618.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8618","reference_id":"","reference_type":"","scores":[{"value":"0.01811","scoring_system":"epss","scoring_elements":"0.83176","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8618"},{"reference_url":"https://curl.se/docs/CVE-2016-8618.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2016-8618.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388378","reference_id":"1388378","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388378"},{"reference_url":"https://security.archlinux.org/ASA-201611-10","reference_id":"ASA-201611-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-10"},{"reference_url":"https://security.archlinux.org/ASA-201611-4","reference_id":"ASA-201611-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-4"},{"reference_url":"https://security.archlinux.org/ASA-201611-5","reference_id":"ASA-201611-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-5"},{"reference_url":"https://security.archlinux.org/AVG-61","reference_id":"AVG-61","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-61"},{"reference_url":"https://security.archlinux.org/AVG-63","reference_id":"AVG-63","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-63"},{"reference_url":"https://security.archlinux.org/AVG-66","reference_id":"AVG-66","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-66"},{"reference_url":"https://security.gentoo.org/glsa/201701-47","reference_id":"GLSA-201701-47","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-47"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137889?format=json","purl":"pkg:generic/curl.se/curl@7.51.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1b5g-9trz-7ufb"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1kpz-55f1-f7dj"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3ws4-1sak-r3ck"},{"vulnerability":"VCID-4hha-2z31-2bf8"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5svr-3vv9-mqea"},{"vulnerability":"VCID-5ujs-47hf-g7gj"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6745-tyba-33fa"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7jrx-ykk8-h3gp"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bb6v-z8yg-6fe3"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f8vu-23bb-5ue7"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jf17-h97b-6bak"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-mh96-gkf1-9uek"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-naac-snjw-qbad"},{"vulnerability":"VCID-p8vk-yf66-wbb7"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-qrnc-7ywu-37cz"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-raxd-4nxj-gkhp"},{"vulnerability":"VCID-rt5e-saz2-j7c9"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-swmn-7ns9-ekg1"},{"vulnerability":"VCID-tcxd-z7f3-kkes"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-tn33-re3r-yfhw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"},{"vulnerability":"VCID-z8ex-47nd-47cm"},{"vulnerability":"VCID-zg98-v6dj-s7gv"},{"vulnerability":"VCID-zqyj-7rr3-fqew"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.51.0"}],"aliases":["CVE-2016-8618"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sesh-938m-x3f8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6741?format=json","vulnerability_id":"VCID-snsg-c2up-b7cn","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8623.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8623.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8623","reference_id":"","reference_type":"","scores":[{"value":"0.01171","scoring_system":"epss","scoring_elements":"0.79018","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8623"},{"reference_url":"https://curl.se/docs/CVE-2016-8623.html","reference_id":"","reference_type":"","scores":[{"value":"High","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2016-8623.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securitytracker.com/id/1037192","reference_id":"1037192","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:46:38Z/"}],"url":"http://www.securitytracker.com/id/1037192"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388388","reference_id":"1388388","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388388"},{"reference_url":"http://www.securityfocus.com/bid/94106","reference_id":"94106","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:46:38Z/"}],"url":"http://www.securityfocus.com/bid/94106"},{"reference_url":"https://curl.haxx.se/docs/adv_20161102I.html","reference_id":"adv_20161102I.html","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:46:38Z/"}],"url":"https://curl.haxx.se/docs/adv_20161102I.html"},{"reference_url":"https://security.archlinux.org/ASA-201611-10","reference_id":"ASA-201611-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-10"},{"reference_url":"https://security.archlinux.org/ASA-201611-4","reference_id":"ASA-201611-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-4"},{"reference_url":"https://security.archlinux.org/ASA-201611-5","reference_id":"ASA-201611-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-5"},{"reference_url":"https://security.archlinux.org/ASA-201611-7","reference_id":"ASA-201611-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-7"},{"reference_url":"https://security.archlinux.org/ASA-201611-8","reference_id":"ASA-201611-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-8"},{"reference_url":"https://security.archlinux.org/ASA-201611-9","reference_id":"ASA-201611-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-9"},{"reference_url":"https://security.archlinux.org/AVG-60","reference_id":"AVG-60","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-60"},{"reference_url":"https://security.archlinux.org/AVG-61","reference_id":"AVG-61","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-61"},{"reference_url":"https://security.archlinux.org/AVG-62","reference_id":"AVG-62","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-62"},{"reference_url":"https://security.archlinux.org/AVG-63","reference_id":"AVG-63","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-63"},{"reference_url":"https://security.archlinux.org/AVG-65","reference_id":"AVG-65","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-65"},{"reference_url":"https://security.archlinux.org/AVG-66","reference_id":"AVG-66","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-66"},{"reference_url":"https://curl.haxx.se/CVE-2016-8623.patch","reference_id":"CVE-2016-8623.patch","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:46:38Z/"}],"url":"https://curl.haxx.se/CVE-2016-8623.patch"},{"reference_url":"https://security.gentoo.org/glsa/201701-47","reference_id":"GLSA-201701-47","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:46:38Z/"}],"url":"https://security.gentoo.org/glsa/201701-47"},{"reference_url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","reference_id":"r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:46:38Z/"}],"url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","reference_id":"rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:46:38Z/"}],"url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8623","reference_id":"show_bug.cgi?id=CVE-2016-8623","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:46:38Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8623"},{"reference_url":"https://www.tenable.com/security/tns-2016-21","reference_id":"tns-2016-21","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:46:38Z/"}],"url":"https://www.tenable.com/security/tns-2016-21"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137889?format=json","purl":"pkg:generic/curl.se/curl@7.51.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1b5g-9trz-7ufb"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1kpz-55f1-f7dj"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3ws4-1sak-r3ck"},{"vulnerability":"VCID-4hha-2z31-2bf8"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5svr-3vv9-mqea"},{"vulnerability":"VCID-5ujs-47hf-g7gj"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6745-tyba-33fa"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7jrx-ykk8-h3gp"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bb6v-z8yg-6fe3"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f8vu-23bb-5ue7"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jf17-h97b-6bak"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-mh96-gkf1-9uek"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-naac-snjw-qbad"},{"vulnerability":"VCID-p8vk-yf66-wbb7"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-qrnc-7ywu-37cz"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-raxd-4nxj-gkhp"},{"vulnerability":"VCID-rt5e-saz2-j7c9"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-swmn-7ns9-ekg1"},{"vulnerability":"VCID-tcxd-z7f3-kkes"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-tn33-re3r-yfhw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"},{"vulnerability":"VCID-z8ex-47nd-47cm"},{"vulnerability":"VCID-zg98-v6dj-s7gv"},{"vulnerability":"VCID-zqyj-7rr3-fqew"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.51.0"}],"aliases":["CVE-2016-8623"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-snsg-c2up-b7cn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65706?format=json","vulnerability_id":"VCID-sutv-qt2x-2yc7","summary":"An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28322.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28322.json"},{"reference_url":"https://curl.se/docs/CVE-2023-28322.html","reference_id":"","reference_type":"","scores":[{"value":"Low","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2023-28322.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1954658","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/"}],"url":"https://hackerone.com/reports/1954658"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239","reference_id":"1036239","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2196793","reference_id":"2196793","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2196793"},{"reference_url":"http://seclists.org/fulldisclosure/2023/Jul/47","reference_id":"47","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/"}],"url":"http://seclists.org/fulldisclosure/2023/Jul/47"},{"reference_url":"http://seclists.org/fulldisclosure/2023/Jul/48","reference_id":"48","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/"}],"url":"http://seclists.org/fulldisclosure/2023/Jul/48"},{"reference_url":"http://seclists.org/fulldisclosure/2023/Jul/52","reference_id":"52","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/"}],"url":"http://seclists.org/fulldisclosure/2023/Jul/52"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/","reference_id":"F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/"},{"reference_url":"https://security.gentoo.org/glsa/202310-12","reference_id":"GLSA-202310-12","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/"}],"url":"https://security.gentoo.org/glsa/202310-12"},{"reference_url":"https://support.apple.com/kb/HT213843","reference_id":"HT213843","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/"}],"url":"https://support.apple.com/kb/HT213843"},{"reference_url":"https://support.apple.com/kb/HT213844","reference_id":"HT213844","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/"}],"url":"https://support.apple.com/kb/HT213844"},{"reference_url":"https://support.apple.com/kb/HT213845","reference_id":"HT213845","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/"}],"url":"https://support.apple.com/kb/HT213845"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html","reference_id":"msg00015.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230609-0009/","reference_id":"ntap-20230609-0009","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230609-0009/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4354","reference_id":"RHSA-2023:4354","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4354"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4628","reference_id":"RHSA-2023:4628","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4628"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4629","reference_id":"RHSA-2023:4629","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4629"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5598","reference_id":"RHSA-2023:5598","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5598"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0428","reference_id":"RHSA-2024:0428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0585","reference_id":"RHSA-2024:0585","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0585"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1601","reference_id":"RHSA-2024:1601","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1601"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2092","reference_id":"RHSA-2024:2092","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2092"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2093","reference_id":"RHSA-2024:2093","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2093"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/","reference_id":"Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137952?format=json","purl":"pkg:generic/curl.se/curl@8.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3p2z-61gq-muhs"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6ggz-pa5t-77c4"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-85qb-zec7-subc"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-ffmg-djmk-57hn"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gux4-dncg-h7a6"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-k3nv-gf9b-5ua2"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-p155-gbtu-abg1"},{"vulnerability":"VCID-razg-yr7y-ukgd"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-u1p8-s8vm-3yer"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wgur-psum-pbck"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.1.0"}],"aliases":["CVE-2023-28322"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sutv-qt2x-2yc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65674?format=json","vulnerability_id":"VCID-swmn-7ns9-ekg1","summary":"An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl's deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000257.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000257.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000257","reference_id":"","reference_type":"","scores":[{"value":"0.00863","scoring_system":"epss","scoring_elements":"0.75438","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000257"},{"reference_url":"https://curl.se/docs/CVE-2017-1000257.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2017-1000257.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000257","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000257"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:P/A:P"},{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securityfocus.com/bid/101519","reference_id":"101519","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-15T21:02:33Z/"}],"url":"http://www.securityfocus.com/bid/101519"},{"reference_url":"http://www.securitytracker.com/id/1039644","reference_id":"1039644","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-15T21:02:33Z/"}],"url":"http://www.securitytracker.com/id/1039644"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1503705","reference_id":"1503705","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1503705"},{"reference_url":"https://curl.haxx.se/docs/adv_20171023.html","reference_id":"adv_20171023.html","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-15T21:02:33Z/"}],"url":"https://curl.haxx.se/docs/adv_20171023.html"},{"reference_url":"https://security.archlinux.org/ASA-201711-10","reference_id":"ASA-201711-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-10"},{"reference_url":"https://security.archlinux.org/ASA-201711-11","reference_id":"ASA-201711-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-11"},{"reference_url":"https://security.archlinux.org/ASA-201711-6","reference_id":"ASA-201711-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-6"},{"reference_url":"https://security.archlinux.org/ASA-201711-7","reference_id":"ASA-201711-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-7"},{"reference_url":"https://security.archlinux.org/ASA-201711-8","reference_id":"ASA-201711-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-8"},{"reference_url":"https://security.archlinux.org/ASA-201711-9","reference_id":"ASA-201711-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-9"},{"reference_url":"https://security.archlinux.org/AVG-462","reference_id":"AVG-462","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-462"},{"reference_url":"https://security.archlinux.org/AVG-463","reference_id":"AVG-463","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-463"},{"reference_url":"https://security.archlinux.org/AVG-464","reference_id":"AVG-464","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-464"},{"reference_url":"https://security.archlinux.org/AVG-465","reference_id":"AVG-465","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-465"},{"reference_url":"https://security.archlinux.org/AVG-466","reference_id":"AVG-466","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-466"},{"reference_url":"https://security.archlinux.org/AVG-467","reference_id":"AVG-467","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-467"},{"reference_url":"http://www.debian.org/security/2017/dsa-4007","reference_id":"dsa-4007","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-15T21:02:33Z/"}],"url":"http://www.debian.org/security/2017/dsa-4007"},{"reference_url":"https://security.gentoo.org/glsa/201712-04","reference_id":"GLSA-201712-04","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-15T21:02:33Z/"}],"url":"https://security.gentoo.org/glsa/201712-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3263","reference_id":"RHSA-2017:3263","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-15T21:02:33Z/"}],"url":"https://access.redhat.com/errata/RHSA-2017:3263"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137900?format=json","purl":"pkg:generic/curl.se/curl@7.56.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1kpz-55f1-f7dj"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3ws4-1sak-r3ck"},{"vulnerability":"VCID-4hha-2z31-2bf8"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5ujs-47hf-g7gj"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6745-tyba-33fa"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7jrx-ykk8-h3gp"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bb6v-z8yg-6fe3"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-dj48-3dkt-dbdh"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f8vu-23bb-5ue7"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kae8-wmf2-2kf1"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-p7mn-a632-c3ag"},{"vulnerability":"VCID-p8vk-yf66-wbb7"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-qrnc-7ywu-37cz"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-raxd-4nxj-gkhp"},{"vulnerability":"VCID-rt5e-saz2-j7c9"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-tcxd-z7f3-kkes"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-tn33-re3r-yfhw"},{"vulnerability":"VCID-uj78-2cgz-zbdb"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"},{"vulnerability":"VCID-zg98-v6dj-s7gv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.56.1"}],"aliases":["CVE-2017-1000257"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-swmn-7ns9-ekg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6089?format=json","vulnerability_id":"VCID-tcxd-z7f3-kkes","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5436.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5436.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5436","reference_id":"","reference_type":"","scores":[{"value":"0.15484","scoring_system":"epss","scoring_elements":"0.94788","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5436"},{"reference_url":"https://curl.se/docs/CVE-2019-5436.html","reference_id":"","reference_type":"","scores":[{"value":"Low","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2019-5436.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/550696","reference_id":"","reference_type":"","scores":[],"url":"https://hackerone.com/reports/550696"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1710620","reference_id":"1710620","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1710620"},{"reference_url":"https://seclists.org/bugtraq/2020/Feb/36","reference_id":"36","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:51:08Z/"}],"url":"https://seclists.org/bugtraq/2020/Feb/36"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/09/11/6","reference_id":"6","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:51:08Z/"}],"url":"http://www.openwall.com/lists/oss-security/2019/09/11/6"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929351","reference_id":"929351","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929351"},{"reference_url":"https://security.archlinux.org/ASA-201905-11","reference_id":"ASA-201905-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201905-11"},{"reference_url":"https://security.archlinux.org/ASA-201905-12","reference_id":"ASA-201905-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201905-12"},{"reference_url":"https://security.archlinux.org/ASA-201905-13","reference_id":"ASA-201905-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201905-13"},{"reference_url":"https://security.archlinux.org/ASA-201905-14","reference_id":"ASA-201905-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201905-14"},{"reference_url":"https://security.archlinux.org/ASA-201905-15","reference_id":"ASA-201905-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201905-15"},{"reference_url":"https://security.archlinux.org/ASA-201905-16","reference_id":"ASA-201905-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201905-16"},{"reference_url":"https://security.archlinux.org/AVG-959","reference_id":"AVG-959","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-959"},{"reference_url":"https://security.archlinux.org/AVG-960","reference_id":"AVG-960","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-960"},{"reference_url":"https://security.archlinux.org/AVG-961","reference_id":"AVG-961","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-961"},{"reference_url":"https://security.archlinux.org/AVG-962","reference_id":"AVG-962","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-962"},{"reference_url":"https://security.archlinux.org/AVG-963","reference_id":"AVG-963","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-963"},{"reference_url":"https://security.archlinux.org/AVG-964","reference_id":"AVG-964","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-964"},{"reference_url":"https://curl.haxx.se/docs/CVE-2019-5436.html","reference_id":"CVE-2019-5436.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:51:08Z/"}],"url":"https://curl.haxx.se/docs/CVE-2019-5436.html"},{"reference_url":"https://www.debian.org/security/2020/dsa-4633","reference_id":"dsa-4633","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:51:08Z/"}],"url":"https://www.debian.org/security/2020/dsa-4633"},{"reference_url":"https://security.gentoo.org/glsa/202003-29","reference_id":"GLSA-202003-29","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:51:08Z/"}],"url":"https://security.gentoo.org/glsa/202003-29"},{"reference_url":"https://support.f5.com/csp/article/K55133295","reference_id":"K55133295","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:51:08Z/"}],"url":"https://support.f5.com/csp/article/K55133295"},{"reference_url":"https://support.f5.com/csp/article/K55133295?utm_source=f5support&amp%3Butm_medium=RSS","reference_id":"K55133295?utm_source=f5support&amp%3Butm_medium=RSS","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:51:08Z/"}],"url":"https://support.f5.com/csp/article/K55133295?utm_source=f5support&amp%3Butm_medium=RSS"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html","reference_id":"msg00008.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:51:08Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html","reference_id":"msg00017.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:51:08Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190606-0004/","reference_id":"ntap-20190606-0004","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:51:08Z/"}],"url":"https://security.netapp.com/advisory/ntap-20190606-0004/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1020","reference_id":"RHSA-2020:1020","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1020"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1792","reference_id":"RHSA-2020:1792","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1792"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2505","reference_id":"RHSA-2020:2505","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2505"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/","reference_id":"SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T20:51:08Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137913?format=json","purl":"pkg:generic/curl.se/curl@7.65.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-byzw-xw9s-pkga"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-fp66-fzqt-6yg7"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kn6z-caj8-bbc9"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-uj78-2cgz-zbdb"},{"vulnerability":"VCID-urgp-rqyc-sqer"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wbwx-5vg3-uqcd"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.65.0"}],"aliases":["CVE-2019-5436"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tcxd-z7f3-kkes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7241?format=json","vulnerability_id":"VCID-td39-d3tf-vkhc","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22924.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22924.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22924","reference_id":"","reference_type":"","scores":[{"value":"0.0056","scoring_system":"epss","scoring_elements":"0.68641","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22924"},{"reference_url":"https://curl.se/docs/CVE-2021-22924.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2021-22924.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1223565","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-27T19:35:55Z/"}],"url":"https://hackerone.com/reports/1223565"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1981460","reference_id":"1981460","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1981460"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991492","reference_id":"991492","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991492"},{"reference_url":"https://security.archlinux.org/ASA-202107-59","reference_id":"ASA-202107-59","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-59"},{"reference_url":"https://security.archlinux.org/ASA-202107-60","reference_id":"ASA-202107-60","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-60"},{"reference_url":"https://security.archlinux.org/ASA-202107-61","reference_id":"ASA-202107-61","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-61"},{"reference_url":"https://security.archlinux.org/ASA-202107-62","reference_id":"ASA-202107-62","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-62"},{"reference_url":"https://security.archlinux.org/ASA-202107-63","reference_id":"ASA-202107-63","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-63"},{"reference_url":"https://security.archlinux.org/ASA-202107-64","reference_id":"ASA-202107-64","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-64"},{"reference_url":"https://security.archlinux.org/AVG-2194","reference_id":"AVG-2194","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2194"},{"reference_url":"https://security.archlinux.org/AVG-2195","reference_id":"AVG-2195","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2195"},{"reference_url":"https://security.archlinux.org/AVG-2196","reference_id":"AVG-2196","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2196"},{"reference_url":"https://security.archlinux.org/AVG-2197","reference_id":"AVG-2197","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2197"},{"reference_url":"https://security.archlinux.org/AVG-2198","reference_id":"AVG-2198","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2198"},{"reference_url":"https://security.archlinux.org/AVG-2199","reference_id":"AVG-2199","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2199"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22924","reference_id":"CVE-2021-22924","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22924"},{"reference_url":"https://www.debian.org/security/2022/dsa-5197","reference_id":"dsa-5197","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-27T19:35:55Z/"}],"url":"https://www.debian.org/security/2022/dsa-5197"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/","reference_id":"FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-27T19:35:55Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html","reference_id":"msg00017.html","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-27T19:35:55Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html","reference_id":"msg00017.html","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-27T19:35:55Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210902-0003/","reference_id":"ntap-20210902-0003","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-27T19:35:55Z/"}],"url":"https://security.netapp.com/advisory/ntap-20210902-0003/"},{"reference_url":"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E","reference_id":"r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-27T19:35:55Z/"}],"url":"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E","reference_id":"r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-27T19:35:55Z/"}],"url":"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E","reference_id":"rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-27T19:35:55Z/"}],"url":"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E","reference_id":"rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-27T19:35:55Z/"}],"url":"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3582","reference_id":"RHSA-2021:3582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3582"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1354","reference_id":"RHSA-2022:1354","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1354"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf","reference_id":"ssa-484086.pdf","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-27T19:35:55Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf","reference_id":"ssa-732250.pdf","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-27T19:35:55Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137934?format=json","purl":"pkg:generic/curl.se/curl@7.78.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-287k-bzqy-n7ag"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3p2z-61gq-muhs"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6ggz-pa5t-77c4"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-7z3h-9pk3-rqct"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-cjyz-fdnv-b3g4"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h4nw-va5b-23ef"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-k5vr-1fmp-sqbw"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-ns58-vmsz-5ued"},{"vulnerability":"VCID-nwvb-d466-4uaa"},{"vulnerability":"VCID-p155-gbtu-abg1"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-razg-yr7y-ukgd"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-tzs5-qzhn-rqbk"},{"vulnerability":"VCID-u1p8-s8vm-3yer"},{"vulnerability":"VCID-urgp-rqyc-sqer"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wbwx-5vg3-uqcd"},{"vulnerability":"VCID-wgur-psum-pbck"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.78.0"}],"aliases":["CVE-2021-22924"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-td39-d3tf-vkhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43999?format=json","vulnerability_id":"VCID-tn33-re3r-yfhw","summary":"Out-of-bounds Write\nA buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.","references":[{"reference_url":"https://access.redhat.com/errata/RHBA-2019:0327","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2019:0327"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3157","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3157"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3558","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3558"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1543","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:1543"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0544","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0594","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0594"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000120.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000120.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000120","reference_id":"","reference_type":"","scores":[{"value":"0.01298","scoring_system":"epss","scoring_elements":"0.80056","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000120"},{"reference_url":"https://curl.haxx.se/docs/adv_2018-9cd6.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://curl.haxx.se/docs/adv_2018-9cd6.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000120","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000120"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000121","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000121"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000122"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/coapp-packages/curl","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/coapp-packages/curl"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/03/msg00012.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/03/msg00012.html"},{"reference_url":"https://usn.ubuntu.com/3598-1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3598-1"},{"reference_url":"https://usn.ubuntu.com/3598-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3598-1/"},{"reference_url":"https://usn.ubuntu.com/3598-2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3598-2"},{"reference_url":"https://usn.ubuntu.com/3598-2/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3598-2/"},{"reference_url":"https://web.archive.org/web/20201220134105/http://www.securitytracker.com/id/1040531","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201220134105/http://www.securitytracker.com/id/1040531"},{"reference_url":"https://web.archive.org/web/20201220134609/http://www.securityfocus.com/bid/103414","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201220134609/http://www.securityfocus.com/bid/103414"},{"reference_url":"https://www.debian.org/security/2018/dsa-4136","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4136"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1552628","reference_id":"1552628","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1552628"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893546","reference_id":"893546","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893546"},{"reference_url":"https://security.archlinux.org/ASA-201803-15","reference_id":"ASA-201803-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-15"},{"reference_url":"https://security.archlinux.org/ASA-201803-16","reference_id":"ASA-201803-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-16"},{"reference_url":"https://security.archlinux.org/ASA-201803-17","reference_id":"ASA-201803-17","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-17"},{"reference_url":"https://security.archlinux.org/ASA-201803-18","reference_id":"ASA-201803-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-18"},{"reference_url":"https://security.archlinux.org/ASA-201803-19","reference_id":"ASA-201803-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-19"},{"reference_url":"https://security.archlinux.org/ASA-201803-20","reference_id":"ASA-201803-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-20"},{"reference_url":"https://security.archlinux.org/AVG-653","reference_id":"AVG-653","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-653"},{"reference_url":"https://security.archlinux.org/AVG-654","reference_id":"AVG-654","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-654"},{"reference_url":"https://security.archlinux.org/AVG-655","reference_id":"AVG-655","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-655"},{"reference_url":"https://security.archlinux.org/AVG-656","reference_id":"AVG-656","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-656"},{"reference_url":"https://security.archlinux.org/AVG-660","reference_id":"AVG-660","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-660"},{"reference_url":"https://security.archlinux.org/AVG-661","reference_id":"AVG-661","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-661"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000120","reference_id":"CVE-2018-1000120","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000120"},{"reference_url":"https://curl.se/docs/CVE-2018-1000120.html","reference_id":"CVE-2018-1000120.HTML","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"High","scoring_system":"cvssv3.1","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2018-1000120.html"},{"reference_url":"https://github.com/advisories/GHSA-674j-7m97-j2p9","reference_id":"GHSA-674j-7m97-j2p9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-674j-7m97-j2p9"},{"reference_url":"https://security.gentoo.org/glsa/201804-04","reference_id":"GLSA-201804-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201804-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137904?format=json","purl":"pkg:generic/curl.se/curl@7.59.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1kpz-55f1-f7dj"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3ws4-1sak-r3ck"},{"vulnerability":"VCID-4hha-2z31-2bf8"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6745-tyba-33fa"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bb6v-z8yg-6fe3"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kae8-wmf2-2kf1"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-p7mn-a632-c3ag"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-qrnc-7ywu-37cz"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-tcxd-z7f3-kkes"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-ubnn-z97k-47gw"},{"vulnerability":"VCID-uj78-2cgz-zbdb"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wbwx-5vg3-uqcd"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"},{"vulnerability":"VCID-zg98-v6dj-s7gv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.59.0"}],"aliases":["CVE-2018-1000120","GHSA-674j-7m97-j2p9"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tn33-re3r-yfhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65664?format=json","vulnerability_id":"VCID-ugrr-z2zv-6qgp","summary":"curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7141.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7141.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7141","reference_id":"","reference_type":"","scores":[{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.67282","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7141"},{"reference_url":"https://curl.se/docs/CVE-2016-7141.html","reference_id":"","reference_type":"","scores":[{"value":"High","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2016-7141.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1373229","reference_id":"1373229","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1373229"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836918","reference_id":"836918","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836918"},{"reference_url":"https://security.gentoo.org/glsa/201701-47","reference_id":"GLSA-201701-47","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-47"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2575","reference_id":"RHSA-2016:2575","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2575"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2957","reference_id":"RHSA-2016:2957","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2957"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137887?format=json","purl":"pkg:generic/curl.se/curl@7.50.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1b5g-9trz-7ufb"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1kpz-55f1-f7dj"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1y6d-7vfu-ybb3"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3ws4-1sak-r3ck"},{"vulnerability":"VCID-4hha-2z31-2bf8"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-51ac-1jc2-vfed"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5svr-3vv9-mqea"},{"vulnerability":"VCID-5ujs-47hf-g7gj"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-5xjw-u8ad-n3g5"},{"vulnerability":"VCID-6745-tyba-33fa"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7jrx-ykk8-h3gp"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-av4f-gxku-qbhp"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bb6v-z8yg-6fe3"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f8vu-23bb-5ue7"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jf17-h97b-6bak"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-mh96-gkf1-9uek"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-naac-snjw-qbad"},{"vulnerability":"VCID-p8vk-yf66-wbb7"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8ja-keyk-fyfb"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-qe9z-wuze-tucq"},{"vulnerability":"VCID-qrnc-7ywu-37cz"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-raxd-4nxj-gkhp"},{"vulnerability":"VCID-rt5e-saz2-j7c9"},{"vulnerability":"VCID-s2gu-8jpq-mub9"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sesh-938m-x3f8"},{"vulnerability":"VCID-snsg-c2up-b7cn"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-swmn-7ns9-ekg1"},{"vulnerability":"VCID-tcxd-z7f3-kkes"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-tn33-re3r-yfhw"},{"vulnerability":"VCID-vfc1-yy11-bycp"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-xyze-msxs-1qem"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"},{"vulnerability":"VCID-z8ex-47nd-47cm"},{"vulnerability":"VCID-zg98-v6dj-s7gv"},{"vulnerability":"VCID-zqyj-7rr3-fqew"},{"vulnerability":"VCID-zv25-wupq-bqfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.50.2"}],"aliases":["CVE-2016-7141"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ugrr-z2zv-6qgp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6743?format=json","vulnerability_id":"VCID-vfc1-yy11-bycp","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8619.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8619.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8619","reference_id":"","reference_type":"","scores":[{"value":"0.03314","scoring_system":"epss","scoring_elements":"0.87485","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8619"},{"reference_url":"https://curl.se/docs/CVE-2016-8619.html","reference_id":"","reference_type":"","scores":[{"value":"High","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2016-8619.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388379","reference_id":"1388379","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388379"},{"reference_url":"https://security.archlinux.org/ASA-201611-10","reference_id":"ASA-201611-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-10"},{"reference_url":"https://security.archlinux.org/ASA-201611-4","reference_id":"ASA-201611-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-4"},{"reference_url":"https://security.archlinux.org/ASA-201611-5","reference_id":"ASA-201611-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-5"},{"reference_url":"https://security.archlinux.org/ASA-201611-7","reference_id":"ASA-201611-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-7"},{"reference_url":"https://security.archlinux.org/ASA-201611-8","reference_id":"ASA-201611-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-8"},{"reference_url":"https://security.archlinux.org/ASA-201611-9","reference_id":"ASA-201611-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-9"},{"reference_url":"https://security.archlinux.org/AVG-60","reference_id":"AVG-60","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-60"},{"reference_url":"https://security.archlinux.org/AVG-61","reference_id":"AVG-61","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-61"},{"reference_url":"https://security.archlinux.org/AVG-62","reference_id":"AVG-62","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-62"},{"reference_url":"https://security.archlinux.org/AVG-63","reference_id":"AVG-63","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-63"},{"reference_url":"https://security.archlinux.org/AVG-65","reference_id":"AVG-65","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-65"},{"reference_url":"https://security.archlinux.org/AVG-66","reference_id":"AVG-66","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-66"},{"reference_url":"https://security.gentoo.org/glsa/201701-47","reference_id":"GLSA-201701-47","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-47"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137889?format=json","purl":"pkg:generic/curl.se/curl@7.51.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1b5g-9trz-7ufb"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1kpz-55f1-f7dj"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3ws4-1sak-r3ck"},{"vulnerability":"VCID-4hha-2z31-2bf8"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5svr-3vv9-mqea"},{"vulnerability":"VCID-5ujs-47hf-g7gj"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6745-tyba-33fa"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7jrx-ykk8-h3gp"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bb6v-z8yg-6fe3"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f8vu-23bb-5ue7"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jf17-h97b-6bak"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-mh96-gkf1-9uek"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-naac-snjw-qbad"},{"vulnerability":"VCID-p8vk-yf66-wbb7"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-qrnc-7ywu-37cz"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-raxd-4nxj-gkhp"},{"vulnerability":"VCID-rt5e-saz2-j7c9"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-swmn-7ns9-ekg1"},{"vulnerability":"VCID-tcxd-z7f3-kkes"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-tn33-re3r-yfhw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"},{"vulnerability":"VCID-z8ex-47nd-47cm"},{"vulnerability":"VCID-zg98-v6dj-s7gv"},{"vulnerability":"VCID-zqyj-7rr3-fqew"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.51.0"}],"aliases":["CVE-2016-8619"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vfc1-yy11-bycp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6850?format=json","vulnerability_id":"VCID-vpkr-9akj-hbf6","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27782.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27782.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-27782","reference_id":"","reference_type":"","scores":[{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64872","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-27782"},{"reference_url":"https://curl.se/docs/CVE-2022-27782.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2022-27782.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1555796","reference_id":"","reference_type":"","scores":[],"url":"https://hackerone.com/reports/1555796"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2082215","reference_id":"2082215","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2082215"},{"reference_url":"https://security.archlinux.org/AVG-2706","reference_id":"AVG-2706","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2706"},{"reference_url":"https://security.gentoo.org/glsa/202212-01","reference_id":"GLSA-202212-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202212-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5245","reference_id":"RHSA-2022:5245","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5245"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5313","reference_id":"RHSA-2022:5313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5313"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137942?format=json","purl":"pkg:generic/curl.se/curl@7.83.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-287k-bzqy-n7ag"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3p2z-61gq-muhs"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6en5-etsd-2bce"},{"vulnerability":"VCID-6ggz-pa5t-77c4"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7z3h-9pk3-rqct"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h4nw-va5b-23ef"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-k5vr-1fmp-sqbw"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-ns58-vmsz-5ued"},{"vulnerability":"VCID-nwvb-d466-4uaa"},{"vulnerability":"VCID-p155-gbtu-abg1"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-razg-yr7y-ukgd"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-tzs5-qzhn-rqbk"},{"vulnerability":"VCID-u1p8-s8vm-3yer"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wbwx-5vg3-uqcd"},{"vulnerability":"VCID-wgur-psum-pbck"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.83.1"}],"aliases":["CVE-2022-27782"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vpkr-9akj-hbf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4858?format=json","vulnerability_id":"VCID-w472-84ep-fkdx","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38546.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38546.json"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/2148242","reference_id":"","reference_type":"","scores":[],"url":"https://hackerone.com/reports/2148242"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241938","reference_id":"2241938","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241938"},{"reference_url":"http://seclists.org/fulldisclosure/2024/Jan/34","reference_id":"34","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/"}],"url":"http://seclists.org/fulldisclosure/2024/Jan/34"},{"reference_url":"http://seclists.org/fulldisclosure/2024/Jan/37","reference_id":"37","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/"}],"url":"http://seclists.org/fulldisclosure/2024/Jan/37"},{"reference_url":"http://seclists.org/fulldisclosure/2024/Jan/38","reference_id":"38","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/"}],"url":"http://seclists.org/fulldisclosure/2024/Jan/38"},{"reference_url":"https://security.archlinux.org/AVG-2845","reference_id":"AVG-2845","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2845"},{"reference_url":"https://security.archlinux.org/AVG-2846","reference_id":"AVG-2846","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2846"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38546","reference_id":"CVE-2023-38546","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38546"},{"reference_url":"https://curl.se/docs/CVE-2023-38546.html","reference_id":"CVE-2023-38546.HTML","reference_type":"","scores":[{"value":"Low","scoring_system":"cvssv3.1","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/"}],"url":"https://curl.se/docs/CVE-2023-38546.html"},{"reference_url":"https://security.gentoo.org/glsa/202310-12","reference_id":"GLSA-202310-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202310-12"},{"reference_url":"https://support.apple.com/kb/HT214036","reference_id":"HT214036","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/"}],"url":"https://support.apple.com/kb/HT214036"},{"reference_url":"https://support.apple.com/kb/HT214057","reference_id":"HT214057","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/"}],"url":"https://support.apple.com/kb/HT214057"},{"reference_url":"https://support.apple.com/kb/HT214058","reference_id":"HT214058","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/"}],"url":"https://support.apple.com/kb/HT214058"},{"reference_url":"https://support.apple.com/kb/HT214063","reference_id":"HT214063","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/"}],"url":"https://support.apple.com/kb/HT214063"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/","reference_id":"OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5700","reference_id":"RHSA-2023:5700","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5700"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5763","reference_id":"RHSA-2023:5763","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5763"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6292","reference_id":"RHSA-2023:6292","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6292"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6745","reference_id":"RHSA-2023:6745","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6745"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7540","reference_id":"RHSA-2023:7540","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7540"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7625","reference_id":"RHSA-2023:7625","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7625"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7626","reference_id":"RHSA-2023:7626","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7626"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1601","reference_id":"RHSA-2024:1601","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1601"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2092","reference_id":"RHSA-2024:2092","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2092"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2093","reference_id":"RHSA-2024:2093","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2093"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2101","reference_id":"RHSA-2024:2101","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2101"},{"reference_url":"https://forum.vmssoftware.com/viewtopic.php?f=8&t=8868","reference_id":"viewtopic.php?f=8&t=8868","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/"}],"url":"https://forum.vmssoftware.com/viewtopic.php?f=8&t=8868"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137958?format=json","purl":"pkg:generic/curl.se/curl@8.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3p2z-61gq-muhs"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6ggz-pa5t-77c4"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-85qb-zec7-subc"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-ffmg-djmk-57hn"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gux4-dncg-h7a6"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-p155-gbtu-abg1"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-u1p8-s8vm-3yer"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wgur-psum-pbck"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.4.0"}],"aliases":["CVE-2023-38546"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w472-84ep-fkdx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61670?format=json","vulnerability_id":"VCID-w8ff-vxga-8qcz","summary":"curl: curl: Information disclosure due to incorrect TLS connection reuse","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4873.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4873.json"},{"reference_url":"https://curl.se/docs/CVE-2026-4873.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Low","scoring_system":"cvssv3.1","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T19:29:14Z/"}],"url":"https://curl.se/docs/CVE-2026-4873.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/3621851","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T19:29:14Z/"}],"url":"https://hackerone.com/reports/3621851"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461200","reference_id":"2461200","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461200"},{"reference_url":"https://curl.se/docs/CVE-2026-4873.json","reference_id":"CVE-2026-4873.json","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T19:29:14Z/"}],"url":"https://curl.se/docs/CVE-2026-4873.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12916","reference_id":"RHSA-2026:12916","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12916"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137980?format=json","purl":"pkg:generic/curl.se/curl@8.20.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.20.0"}],"aliases":["CVE-2026-4873"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w8ff-vxga-8qcz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65708?format=json","vulnerability_id":"VCID-wmam-qmmg-6uay","summary":"This flaw allows a malicious HTTP server to set \"super cookies\" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains.  It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46218.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46218.json"},{"reference_url":"https://curl.se/docs/CVE-2023-46218.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T16:38:08Z/"}],"url":"https://curl.se/docs/CVE-2023-46218.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/2212193","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T16:38:08Z/"}],"url":"https://hackerone.com/reports/2212193"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057646","reference_id":"1057646","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057646"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2252030","reference_id":"2252030","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2252030"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ZX3VW67N4ACRAPMV2QS2LVYGD7H2MVE/","reference_id":"3ZX3VW67N4ACRAPMV2QS2LVYGD7H2MVE","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T16:38:08Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ZX3VW67N4ACRAPMV2QS2LVYGD7H2MVE/"},{"reference_url":"https://www.debian.org/security/2023/dsa-5587","reference_id":"dsa-5587","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T16:38:08Z/"}],"url":"https://www.debian.org/security/2023/dsa-5587"},{"reference_url":"https://security.gentoo.org/glsa/202409-20","reference_id":"GLSA-202409-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-20"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html","reference_id":"msg00015.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T16:38:08Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240125-0007/","reference_id":"ntap-20240125-0007","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T16:38:08Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240125-0007/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0428","reference_id":"RHSA-2024:0428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0434","reference_id":"RHSA-2024:0434","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0434"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0452","reference_id":"RHSA-2024:0452","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0452"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0585","reference_id":"RHSA-2024:0585","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0585"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1129","reference_id":"RHSA-2024:1129","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1129"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1316","reference_id":"RHSA-2024:1316","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1316"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1317","reference_id":"RHSA-2024:1317","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1317"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1383","reference_id":"RHSA-2024:1383","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1383"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1601","reference_id":"RHSA-2024:1601","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1601"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2092","reference_id":"RHSA-2024:2092","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2092"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2093","reference_id":"RHSA-2024:2093","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2093"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2094","reference_id":"RHSA-2024:2094","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2094"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/","reference_id":"UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T16:38:08Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137959?format=json","purl":"pkg:generic/curl.se/curl@8.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3p2z-61gq-muhs"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6ggz-pa5t-77c4"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bp56-gy66-mqae"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-ffmg-djmk-57hn"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gux4-dncg-h7a6"},{"vulnerability":"VCID-h7v8-bg58-mkhu"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-ke97-b9rb-5bfd"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-p155-gbtu-abg1"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-u1p8-s8vm-3yer"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wgur-psum-pbck"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.5.0"}],"aliases":["CVE-2023-46218"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wmam-qmmg-6uay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3552?format=json","vulnerability_id":"VCID-xgj8-zrta-kub9","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32208.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32208.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-32208","reference_id":"","reference_type":"","scores":[{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36635","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-32208"},{"reference_url":"https://curl.se/docs/CVE-2022-32208.html","reference_id":"","reference_type":"","scores":[{"value":"Low","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2022-32208.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1590071","reference_id":"","reference_type":"","scores":[],"url":"https://hackerone.com/reports/1590071"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2099306","reference_id":"2099306","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2099306"},{"reference_url":"https://security.archlinux.org/AVG-2817","reference_id":"AVG-2817","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2817"},{"reference_url":"https://security.gentoo.org/glsa/202212-01","reference_id":"GLSA-202212-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202212-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6157","reference_id":"RHSA-2022:6157","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6157"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6159","reference_id":"RHSA-2022:6159","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6159"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8840","reference_id":"RHSA-2022:8840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8841","reference_id":"RHSA-2022:8841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8841"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137943?format=json","purl":"pkg:generic/curl.se/curl@7.84.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-287k-bzqy-n7ag"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3p2z-61gq-muhs"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6en5-etsd-2bce"},{"vulnerability":"VCID-6ggz-pa5t-77c4"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-85qb-zec7-subc"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h4nw-va5b-23ef"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-k3nv-gf9b-5ua2"},{"vulnerability":"VCID-k5vr-1fmp-sqbw"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-mpuf-pp6z-q3d6"},{"vulnerability":"VCID-ns58-vmsz-5ued"},{"vulnerability":"VCID-nwvb-d466-4uaa"},{"vulnerability":"VCID-p155-gbtu-abg1"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-razg-yr7y-ukgd"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-u1p8-s8vm-3yer"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wgur-psum-pbck"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.84.0"}],"aliases":["CVE-2022-32208"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xgj8-zrta-kub9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6745?format=json","vulnerability_id":"VCID-xyze-msxs-1qem","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8617.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8617.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8617","reference_id":"","reference_type":"","scores":[{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24672","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8617"},{"reference_url":"https://curl.se/docs/CVE-2016-8617.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2016-8617.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securitytracker.com/id/1037192","reference_id":"1037192","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:31:30Z/"}],"url":"http://www.securitytracker.com/id/1037192"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388377","reference_id":"1388377","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388377"},{"reference_url":"http://www.securityfocus.com/bid/94097","reference_id":"94097","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:31:30Z/"}],"url":"http://www.securityfocus.com/bid/94097"},{"reference_url":"https://curl.haxx.se/docs/adv_20161102C.html","reference_id":"adv_20161102C.html","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:31:30Z/"}],"url":"https://curl.haxx.se/docs/adv_20161102C.html"},{"reference_url":"https://security.archlinux.org/ASA-201611-10","reference_id":"ASA-201611-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-10"},{"reference_url":"https://security.archlinux.org/ASA-201611-4","reference_id":"ASA-201611-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-4"},{"reference_url":"https://security.archlinux.org/ASA-201611-5","reference_id":"ASA-201611-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-5"},{"reference_url":"https://security.archlinux.org/ASA-201611-7","reference_id":"ASA-201611-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-7"},{"reference_url":"https://security.archlinux.org/ASA-201611-8","reference_id":"ASA-201611-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-8"},{"reference_url":"https://security.archlinux.org/ASA-201611-9","reference_id":"ASA-201611-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-9"},{"reference_url":"https://security.archlinux.org/AVG-60","reference_id":"AVG-60","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-60"},{"reference_url":"https://security.archlinux.org/AVG-61","reference_id":"AVG-61","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-61"},{"reference_url":"https://security.archlinux.org/AVG-62","reference_id":"AVG-62","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-62"},{"reference_url":"https://security.archlinux.org/AVG-63","reference_id":"AVG-63","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-63"},{"reference_url":"https://security.archlinux.org/AVG-65","reference_id":"AVG-65","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-65"},{"reference_url":"https://security.archlinux.org/AVG-66","reference_id":"AVG-66","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-66"},{"reference_url":"https://curl.haxx.se/CVE-2016-8617.patch","reference_id":"CVE-2016-8617.patch","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:31:30Z/"}],"url":"https://curl.haxx.se/CVE-2016-8617.patch"},{"reference_url":"https://security.gentoo.org/glsa/201701-47","reference_id":"GLSA-201701-47","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:31:30Z/"}],"url":"https://security.gentoo.org/glsa/201701-47"},{"reference_url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","reference_id":"r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:31:30Z/"}],"url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","reference_id":"rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:31:30Z/"}],"url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8617","reference_id":"show_bug.cgi?id=CVE-2016-8617","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:31:30Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8617"},{"reference_url":"https://www.tenable.com/security/tns-2016-21","reference_id":"tns-2016-21","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:31:30Z/"}],"url":"https://www.tenable.com/security/tns-2016-21"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137889?format=json","purl":"pkg:generic/curl.se/curl@7.51.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1b5g-9trz-7ufb"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1kpz-55f1-f7dj"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3ws4-1sak-r3ck"},{"vulnerability":"VCID-4hha-2z31-2bf8"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5svr-3vv9-mqea"},{"vulnerability":"VCID-5ujs-47hf-g7gj"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6745-tyba-33fa"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7jrx-ykk8-h3gp"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bb6v-z8yg-6fe3"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f8vu-23bb-5ue7"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jf17-h97b-6bak"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-mh96-gkf1-9uek"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-naac-snjw-qbad"},{"vulnerability":"VCID-p8vk-yf66-wbb7"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-qrnc-7ywu-37cz"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-raxd-4nxj-gkhp"},{"vulnerability":"VCID-rt5e-saz2-j7c9"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-swmn-7ns9-ekg1"},{"vulnerability":"VCID-tcxd-z7f3-kkes"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-tn33-re3r-yfhw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"},{"vulnerability":"VCID-z8ex-47nd-47cm"},{"vulnerability":"VCID-zg98-v6dj-s7gv"},{"vulnerability":"VCID-zqyj-7rr3-fqew"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.51.0"}],"aliases":["CVE-2016-8617"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xyze-msxs-1qem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65719?format=json","vulnerability_id":"VCID-y41p-tgpa-m7cs","summary":"When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine.  If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8096.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8096.json"},{"reference_url":"https://curl.se/docs/CVE-2024-8096.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T13:42:47Z/"}],"url":"https://curl.se/docs/CVE-2024-8096.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/2669852","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T13:42:47Z/"}],"url":"https://hackerone.com/reports/2669852"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2310519","reference_id":"2310519","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2310519"},{"reference_url":"https://curl.se/docs/CVE-2024-8096.json","reference_id":"CVE-2024-8096.json","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T13:42:47Z/"}],"url":"https://curl.se/docs/CVE-2024-8096.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137966?format=json","purl":"pkg:generic/curl.se/curl@8.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3p2z-61gq-muhs"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6ggz-pa5t-77c4"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bp56-gy66-mqae"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gux4-dncg-h7a6"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-ns6z-wp2x-fkdq"},{"vulnerability":"VCID-p155-gbtu-abg1"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-t45k-skv6-cfg2"},{"vulnerability":"VCID-u1p8-s8vm-3yer"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wgur-psum-pbck"},{"vulnerability":"VCID-y44u-23he-aya8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.10.0"}],"aliases":["CVE-2024-8096"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y41p-tgpa-m7cs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65103?format=json","vulnerability_id":"VCID-y44u-23he-aya8","summary":"curl: curl: Unauthorized access due to improper HTTP proxy connection reuse","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3784.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3784.json"},{"reference_url":"https://curl.se/docs/CVE-2026-3784.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Low","scoring_system":"cvssv3.1","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:48:38Z/"}],"url":"https://curl.se/docs/CVE-2026-3784.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/3584903","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:48:38Z/"}],"url":"https://hackerone.com/reports/3584903"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2446449","reference_id":"2446449","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2446449"},{"reference_url":"https://curl.se/docs/CVE-2026-3784.json","reference_id":"CVE-2026-3784.json","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:48:38Z/"}],"url":"https://curl.se/docs/CVE-2026-3784.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6893","reference_id":"RHSA-2026:6893","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6893"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137979?format=json","purl":"pkg:generic/curl.se/curl@8.19.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-9vbs-w124-q3au"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wgur-psum-pbck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.19.0"}],"aliases":["CVE-2026-3784"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y44u-23he-aya8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6851?format=json","vulnerability_id":"VCID-yjtj-ydsg-u7ca","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27781.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27781.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-27781","reference_id":"","reference_type":"","scores":[{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23073","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-27781"},{"reference_url":"https://curl.se/docs/CVE-2022-27781.html","reference_id":"","reference_type":"","scores":[{"value":"Low","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2022-27781.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1555441","reference_id":"","reference_type":"","scores":[],"url":"https://hackerone.com/reports/1555441"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2082204","reference_id":"2082204","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2082204"},{"reference_url":"https://security.archlinux.org/AVG-2706","reference_id":"AVG-2706","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2706"},{"reference_url":"https://security.gentoo.org/glsa/202212-01","reference_id":"GLSA-202212-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202212-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8840","reference_id":"RHSA-2022:8840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8841","reference_id":"RHSA-2022:8841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8841"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137942?format=json","purl":"pkg:generic/curl.se/curl@7.83.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-287k-bzqy-n7ag"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3p2z-61gq-muhs"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6en5-etsd-2bce"},{"vulnerability":"VCID-6ggz-pa5t-77c4"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7z3h-9pk3-rqct"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h4nw-va5b-23ef"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-k5vr-1fmp-sqbw"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-ns58-vmsz-5ued"},{"vulnerability":"VCID-nwvb-d466-4uaa"},{"vulnerability":"VCID-p155-gbtu-abg1"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-razg-yr7y-ukgd"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-tzs5-qzhn-rqbk"},{"vulnerability":"VCID-u1p8-s8vm-3yer"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wbwx-5vg3-uqcd"},{"vulnerability":"VCID-wgur-psum-pbck"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.83.1"}],"aliases":["CVE-2022-27781"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yjtj-ydsg-u7ca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65669?format=json","vulnerability_id":"VCID-z8ex-47nd-47cm","summary":"The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly have unspecified other impact via a wildcard certificate name, which triggers an out-of-bounds read.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9953","reference_id":"","reference_type":"","scores":[{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.68534","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9953"},{"reference_url":"https://curl.se/docs/CVE-2016-9953.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2016-9953.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137890?format=json","purl":"pkg:generic/curl.se/curl@7.52.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1kpz-55f1-f7dj"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3ws4-1sak-r3ck"},{"vulnerability":"VCID-4hha-2z31-2bf8"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-53st-1j3z-h7by"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5svr-3vv9-mqea"},{"vulnerability":"VCID-5ujs-47hf-g7gj"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6745-tyba-33fa"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7jrx-ykk8-h3gp"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bb6v-z8yg-6fe3"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f8vu-23bb-5ue7"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-k79t-tesa-jfck"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-mh96-gkf1-9uek"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-naac-snjw-qbad"},{"vulnerability":"VCID-p8vk-yf66-wbb7"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-qrnc-7ywu-37cz"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-raxd-4nxj-gkhp"},{"vulnerability":"VCID-rt5e-saz2-j7c9"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-swmn-7ns9-ekg1"},{"vulnerability":"VCID-tcxd-z7f3-kkes"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-tn33-re3r-yfhw"},{"vulnerability":"VCID-uj78-2cgz-zbdb"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w63e-dku9-mqe9"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"},{"vulnerability":"VCID-zg98-v6dj-s7gv"},{"vulnerability":"VCID-zqyj-7rr3-fqew"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.52.0"}],"aliases":["CVE-2016-9953"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z8ex-47nd-47cm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6218?format=json","vulnerability_id":"VCID-zg98-v6dj-s7gv","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16842.json","reference_id":"","reference_type":"","scores":[{"value":"3.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16842.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16842","reference_id":"","reference_type":"","scores":[{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.36852","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16842"},{"reference_url":"https://curl.se/docs/CVE-2018-16842.html","reference_id":"","reference_type":"","scores":[{"value":"Low","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2018-16842.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16839"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securitytracker.com/id/1042014","reference_id":"1042014","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:56:25Z/"}],"url":"http://www.securitytracker.com/id/1042014"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644124","reference_id":"1644124","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644124"},{"reference_url":"https://usn.ubuntu.com/3805-1/","reference_id":"3805-1","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:56:25Z/"}],"url":"https://usn.ubuntu.com/3805-1/"},{"reference_url":"https://usn.ubuntu.com/3805-2/","reference_id":"3805-2","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:56:25Z/"}],"url":"https://usn.ubuntu.com/3805-2/"},{"reference_url":"https://security.archlinux.org/ASA-201811-4","reference_id":"ASA-201811-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201811-4"},{"reference_url":"https://security.archlinux.org/AVG-795","reference_id":"AVG-795","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-795"},{"reference_url":"https://curl.haxx.se/docs/CVE-2018-16842.html","reference_id":"CVE-2018-16842.html","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:56:25Z/"}],"url":"https://curl.haxx.se/docs/CVE-2018-16842.html"},{"reference_url":"https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211","reference_id":"d530e92f59ae9bb2d47066c3c460b25d2ffeb211","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:56:25Z/"}],"url":"https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211"},{"reference_url":"https://www.debian.org/security/2018/dsa-4331","reference_id":"dsa-4331","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:56:25Z/"}],"url":"https://www.debian.org/security/2018/dsa-4331"},{"reference_url":"https://security.gentoo.org/glsa/201903-03","reference_id":"GLSA-201903-03","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:56:25Z/"}],"url":"https://security.gentoo.org/glsa/201903-03"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html","reference_id":"msg00005.html","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:56:25Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2181","reference_id":"RHSA-2019:2181","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:56:25Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:2181"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842","reference_id":"show_bug.cgi?id=CVE-2018-16842","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T20:56:25Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137908?format=json","purl":"pkg:generic/curl.se/curl@7.62.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3ws4-1sak-r3ck"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bb6v-z8yg-6fe3"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-byzw-xw9s-pkga"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-cfry-nx5h-kudv"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fcb7-8163-muf4"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-fp66-fzqt-6yg7"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-qrnc-7ywu-37cz"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-tcxd-z7f3-kkes"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-uj78-2cgz-zbdb"},{"vulnerability":"VCID-v82t-s9e1-2fbw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wbwx-5vg3-uqcd"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xc5k-47n9-43d6"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.62.0"}],"aliases":["CVE-2018-16842"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zg98-v6dj-s7gv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65677?format=json","vulnerability_id":"VCID-zqyj-7rr3-fqew","summary":"The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7407.json","reference_id":"","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7407.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7407","reference_id":"","reference_type":"","scores":[{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42076","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7407"},{"reference_url":"https://curl.se/docs/CVE-2017-7407.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2017-7407.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:P/I:N/A:N"},{"value":"2.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1439190","reference_id":"1439190","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1439190"},{"reference_url":"https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13","reference_id":"1890d59905414ab84a35892b2e45833654aa5c13","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:44:34Z/"}],"url":"https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859500","reference_id":"859500","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859500"},{"reference_url":"https://security.gentoo.org/glsa/201709-14","reference_id":"GLSA-201709-14","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:44:34Z/"}],"url":"https://security.gentoo.org/glsa/201709-14"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137895?format=json","purl":"pkg:generic/curl.se/curl@7.54.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15sy-wmte-h3ae"},{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1kpz-55f1-f7dj"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3ws4-1sak-r3ck"},{"vulnerability":"VCID-4hha-2z31-2bf8"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5svr-3vv9-mqea"},{"vulnerability":"VCID-5ujs-47hf-g7gj"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6745-tyba-33fa"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7jrx-ykk8-h3gp"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bb6v-z8yg-6fe3"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f8vu-23bb-5ue7"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-mh96-gkf1-9uek"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-naac-snjw-qbad"},{"vulnerability":"VCID-p8vk-yf66-wbb7"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-qrnc-7ywu-37cz"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-raxd-4nxj-gkhp"},{"vulnerability":"VCID-rt5e-saz2-j7c9"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-swmn-7ns9-ekg1"},{"vulnerability":"VCID-tcxd-z7f3-kkes"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-tn33-re3r-yfhw"},{"vulnerability":"VCID-uj78-2cgz-zbdb"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"},{"vulnerability":"VCID-zg98-v6dj-s7gv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.54.0"}],"aliases":["CVE-2017-7407"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zqyj-7rr3-fqew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6742?format=json","vulnerability_id":"VCID-zv25-wupq-bqfk","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8621.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8621.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8621","reference_id":"","reference_type":"","scores":[{"value":"0.03165","scoring_system":"epss","scoring_elements":"0.87167","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8621"},{"reference_url":"https://curl.se/docs/CVE-2016-8621.html","reference_id":"","reference_type":"","scores":[{"value":"Medium","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2016-8621.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securitytracker.com/id/1037192","reference_id":"1037192","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:33:21Z/"}],"url":"http://www.securitytracker.com/id/1037192"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388385","reference_id":"1388385","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388385"},{"reference_url":"http://www.securityfocus.com/bid/94101","reference_id":"94101","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:33:21Z/"}],"url":"http://www.securityfocus.com/bid/94101"},{"reference_url":"https://curl.haxx.se/docs/adv_20161102G.html","reference_id":"adv_20161102G.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:33:21Z/"}],"url":"https://curl.haxx.se/docs/adv_20161102G.html"},{"reference_url":"https://security.archlinux.org/ASA-201611-10","reference_id":"ASA-201611-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-10"},{"reference_url":"https://security.archlinux.org/ASA-201611-4","reference_id":"ASA-201611-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-4"},{"reference_url":"https://security.archlinux.org/ASA-201611-5","reference_id":"ASA-201611-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-5"},{"reference_url":"https://security.archlinux.org/ASA-201611-7","reference_id":"ASA-201611-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-7"},{"reference_url":"https://security.archlinux.org/ASA-201611-8","reference_id":"ASA-201611-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-8"},{"reference_url":"https://security.archlinux.org/ASA-201611-9","reference_id":"ASA-201611-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-9"},{"reference_url":"https://security.archlinux.org/AVG-60","reference_id":"AVG-60","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-60"},{"reference_url":"https://security.archlinux.org/AVG-61","reference_id":"AVG-61","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-61"},{"reference_url":"https://security.archlinux.org/AVG-62","reference_id":"AVG-62","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-62"},{"reference_url":"https://security.archlinux.org/AVG-63","reference_id":"AVG-63","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-63"},{"reference_url":"https://security.archlinux.org/AVG-65","reference_id":"AVG-65","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-65"},{"reference_url":"https://security.archlinux.org/AVG-66","reference_id":"AVG-66","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-66"},{"reference_url":"https://curl.haxx.se/CVE-2016-8621.patch","reference_id":"CVE-2016-8621.patch","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:33:21Z/"}],"url":"https://curl.haxx.se/CVE-2016-8621.patch"},{"reference_url":"https://security.gentoo.org/glsa/201701-47","reference_id":"GLSA-201701-47","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:33:21Z/"}],"url":"https://security.gentoo.org/glsa/201701-47"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8621","reference_id":"show_bug.cgi?id=CVE-2016-8621","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:33:21Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8621"},{"reference_url":"https://www.tenable.com/security/tns-2016-21","reference_id":"tns-2016-21","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T13:33:21Z/"}],"url":"https://www.tenable.com/security/tns-2016-21"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137889?format=json","purl":"pkg:generic/curl.se/curl@7.51.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1b5g-9trz-7ufb"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1kpz-55f1-f7dj"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3ws4-1sak-r3ck"},{"vulnerability":"VCID-4hha-2z31-2bf8"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5svr-3vv9-mqea"},{"vulnerability":"VCID-5ujs-47hf-g7gj"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-6745-tyba-33fa"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7jrx-ykk8-h3gp"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bb6v-z8yg-6fe3"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f8vu-23bb-5ue7"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jf17-h97b-6bak"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-mh96-gkf1-9uek"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-naac-snjw-qbad"},{"vulnerability":"VCID-p8vk-yf66-wbb7"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-qrnc-7ywu-37cz"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-raxd-4nxj-gkhp"},{"vulnerability":"VCID-rt5e-saz2-j7c9"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-swmn-7ns9-ekg1"},{"vulnerability":"VCID-tcxd-z7f3-kkes"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-tn33-re3r-yfhw"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"},{"vulnerability":"VCID-z8ex-47nd-47cm"},{"vulnerability":"VCID-zg98-v6dj-s7gv"},{"vulnerability":"VCID-zqyj-7rr3-fqew"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.51.0"}],"aliases":["CVE-2016-8621"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zv25-wupq-bqfk"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65660?format=json","vulnerability_id":"VCID-rfdp-gsgs-eubq","summary":"Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4802","reference_id":"","reference_type":"","scores":[{"value":"0.00612","scoring_system":"epss","scoring_elements":"0.70194","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4802"},{"reference_url":"https://curl.se/docs/CVE-2016-4802.html","reference_id":"","reference_type":"","scores":[{"value":"High","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2016-4802.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/137883?format=json","purl":"pkg:generic/curl.se/curl@7.49.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18p4-rvxz-pkeu"},{"vulnerability":"VCID-1a1k-d4ez-ybdu"},{"vulnerability":"VCID-1b5g-9trz-7ufb"},{"vulnerability":"VCID-1dw3-33ju-jkbs"},{"vulnerability":"VCID-1kpz-55f1-f7dj"},{"vulnerability":"VCID-1m1w-rayk-sffe"},{"vulnerability":"VCID-1y6d-7vfu-ybb3"},{"vulnerability":"VCID-1zsv-4jdy-63en"},{"vulnerability":"VCID-21ff-tazv-9ud3"},{"vulnerability":"VCID-27bv-f11z-myak"},{"vulnerability":"VCID-39qh-jayw-g3dh"},{"vulnerability":"VCID-3ws4-1sak-r3ck"},{"vulnerability":"VCID-4hha-2z31-2bf8"},{"vulnerability":"VCID-4zcd-rbx3-qye5"},{"vulnerability":"VCID-51ac-1jc2-vfed"},{"vulnerability":"VCID-58p5-pfy3-xug1"},{"vulnerability":"VCID-5svr-3vv9-mqea"},{"vulnerability":"VCID-5ujs-47hf-g7gj"},{"vulnerability":"VCID-5un8-xymy-37bt"},{"vulnerability":"VCID-5xjw-u8ad-n3g5"},{"vulnerability":"VCID-6745-tyba-33fa"},{"vulnerability":"VCID-6rk4-vb5u-bkg6"},{"vulnerability":"VCID-738z-myg9-37hr"},{"vulnerability":"VCID-7jrx-ykk8-h3gp"},{"vulnerability":"VCID-7wqd-99h2-e7hk"},{"vulnerability":"VCID-7yvu-s3p2-sfhc"},{"vulnerability":"VCID-a58z-fu87-9ybs"},{"vulnerability":"VCID-a8z6-bswu-jue8"},{"vulnerability":"VCID-am31-t2h3-zbgw"},{"vulnerability":"VCID-av4f-gxku-qbhp"},{"vulnerability":"VCID-azcz-b8f2-63be"},{"vulnerability":"VCID-bb6v-z8yg-6fe3"},{"vulnerability":"VCID-bcuq-n4vb-k7f3"},{"vulnerability":"VCID-bx2m-n5ft-3be8"},{"vulnerability":"VCID-cdzf-3ydt-8bdk"},{"vulnerability":"VCID-dndt-tapy-23d2"},{"vulnerability":"VCID-f7n8-zzhz-fuc8"},{"vulnerability":"VCID-f8vu-23bb-5ue7"},{"vulnerability":"VCID-f9nm-d5ax-qkcb"},{"vulnerability":"VCID-fhc8-r8gv-bugj"},{"vulnerability":"VCID-g4n9-kg3s-pfcr"},{"vulnerability":"VCID-g7ux-4vz2-ckfg"},{"vulnerability":"VCID-gud1-yg9u-zyfp"},{"vulnerability":"VCID-gueb-wzpx-ufb2"},{"vulnerability":"VCID-h6xj-mys4-pucf"},{"vulnerability":"VCID-hhms-2hg6-nke9"},{"vulnerability":"VCID-j688-cyfg-p7gu"},{"vulnerability":"VCID-jf17-h97b-6bak"},{"vulnerability":"VCID-jnq1-hk6d-b3a3"},{"vulnerability":"VCID-kkrm-dj79-4ucj"},{"vulnerability":"VCID-kq38-7s5x-nqaz"},{"vulnerability":"VCID-mh96-gkf1-9uek"},{"vulnerability":"VCID-mq44-5pmp-2qhh"},{"vulnerability":"VCID-msd2-35g9-nyd2"},{"vulnerability":"VCID-naac-snjw-qbad"},{"vulnerability":"VCID-p8vk-yf66-wbb7"},{"vulnerability":"VCID-p97a-kjpp-f3d8"},{"vulnerability":"VCID-q46r-7nct-s3bw"},{"vulnerability":"VCID-q8ja-keyk-fyfb"},{"vulnerability":"VCID-q8tg-prj1-y7b8"},{"vulnerability":"VCID-qe9z-wuze-tucq"},{"vulnerability":"VCID-qrnc-7ywu-37cz"},{"vulnerability":"VCID-r2g9-c896-rkge"},{"vulnerability":"VCID-raxd-4nxj-gkhp"},{"vulnerability":"VCID-rt5e-saz2-j7c9"},{"vulnerability":"VCID-s2gu-8jpq-mub9"},{"vulnerability":"VCID-secz-78pt-dben"},{"vulnerability":"VCID-sesh-938m-x3f8"},{"vulnerability":"VCID-snsg-c2up-b7cn"},{"vulnerability":"VCID-sutv-qt2x-2yc7"},{"vulnerability":"VCID-swmn-7ns9-ekg1"},{"vulnerability":"VCID-tcxd-z7f3-kkes"},{"vulnerability":"VCID-td39-d3tf-vkhc"},{"vulnerability":"VCID-tn33-re3r-yfhw"},{"vulnerability":"VCID-ugrr-z2zv-6qgp"},{"vulnerability":"VCID-vfc1-yy11-bycp"},{"vulnerability":"VCID-vpkr-9akj-hbf6"},{"vulnerability":"VCID-w472-84ep-fkdx"},{"vulnerability":"VCID-w8ff-vxga-8qcz"},{"vulnerability":"VCID-wmam-qmmg-6uay"},{"vulnerability":"VCID-xgj8-zrta-kub9"},{"vulnerability":"VCID-xyze-msxs-1qem"},{"vulnerability":"VCID-y41p-tgpa-m7cs"},{"vulnerability":"VCID-y44u-23he-aya8"},{"vulnerability":"VCID-yjtj-ydsg-u7ca"},{"vulnerability":"VCID-z8ex-47nd-47cm"},{"vulnerability":"VCID-zg98-v6dj-s7gv"},{"vulnerability":"VCID-zqyj-7rr3-fqew"},{"vulnerability":"VCID-zv25-wupq-bqfk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.49.1"}],"aliases":["CVE-2016-4802"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rfdp-gsgs-eubq"}],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.49.1"}