{"url":"http://public2.vulnerablecode.io/api/packages/223632?format=json","purl":"pkg:apk/alpine/flatpak@1.14.10-r0?arch=ppc64le&distroversion=edge&reponame=community","type":"apk","namespace":"alpine","name":"flatpak","version":"1.14.10-r0","qualifiers":{"arch":"ppc64le","distroversion":"edge","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.16.4-r0","latest_non_vulnerable_version":"1.16.4-r0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29952?format=json","vulnerability_id":"VCID-grbh-sqmt-93e3","summary":"flatpak: Access to files outside sandbox for apps using persistent= (--persist)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42472.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42472.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42472","reference_id":"","reference_type":"","scores":[{"value":"0.06541","scoring_system":"epss","scoring_elements":"0.91271","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42472"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082927","reference_id":"1082927","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082927"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2305202","reference_id":"2305202","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2305202"},{"reference_url":"https://github.com/flatpak/flatpak/commit/2cdd1e1e5ae90d7c3a4b60ce2e36e4d609e44e72","reference_id":"2cdd1e1e5ae90d7c3a4b60ce2e36e4d609e44e72","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-15T20:04:27Z/"}],"url":"https://github.com/flatpak/flatpak/commit/2cdd1e1e5ae90d7c3a4b60ce2e36e4d609e44e72"},{"reference_url":"https://github.com/flatpak/flatpak/commit/3caeb16c31a3ed62d744e2aaf01d684f7991051a","reference_id":"3caeb16c31a3ed62d744e2aaf01d684f7991051a","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-15T20:04:27Z/"}],"url":"https://github.com/flatpak/flatpak/commit/3caeb16c31a3ed62d744e2aaf01d684f7991051a"},{"reference_url":"https://github.com/containers/bubblewrap/commit/68e75c3091c87583c28a439b45c45627a94d622c","reference_id":"68e75c3091c87583c28a439b45c45627a94d622c","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-15T20:04:27Z/"}],"url":"https://github.com/containers/bubblewrap/commit/68e75c3091c87583c28a439b45c45627a94d622c"},{"reference_url":"https://github.com/flatpak/flatpak/commit/6bd603f6836e9b38b9b937d3b78f3fbf36e7ff75","reference_id":"6bd603f6836e9b38b9b937d3b78f3fbf36e7ff75","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-15T20:04:27Z/"}],"url":"https://github.com/flatpak/flatpak/commit/6bd603f6836e9b38b9b937d3b78f3fbf36e7ff75"},{"reference_url":"https://github.com/flatpak/flatpak/commit/7c63e53bb2af0aae9097fd2edfd6a9ba9d453e97","reference_id":"7c63e53bb2af0aae9097fd2edfd6a9ba9d453e97","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-15T20:04:27Z/"}],"url":"https://github.com/flatpak/flatpak/commit/7c63e53bb2af0aae9097fd2edfd6a9ba9d453e97"},{"reference_url":"https://github.com/flatpak/flatpak/commit/8a18137d7e80f0575e8defabf677d81e5cc3a788","reference_id":"8a18137d7e80f0575e8defabf677d81e5cc3a788","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-15T20:04:27Z/"}],"url":"https://github.com/flatpak/flatpak/commit/8a18137d7e80f0575e8defabf677d81e5cc3a788"},{"reference_url":"https://github.com/containers/bubblewrap/commit/a253257cd298892da43e15201d83f9a02c9b58b5","reference_id":"a253257cd298892da43e15201d83f9a02c9b58b5","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-15T20:04:27Z/"}],"url":"https://github.com/containers/bubblewrap/commit/a253257cd298892da43e15201d83f9a02c9b58b5"},{"reference_url":"https://github.com/flatpak/flatpak/commit/db3a785241fda63bf53f0ec12bb519aa5210de19","reference_id":"db3a785241fda63bf53f0ec12bb519aa5210de19","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-15T20:04:27Z/"}],"url":"https://github.com/flatpak/flatpak/commit/db3a785241fda63bf53f0ec12bb519aa5210de19"},{"reference_url":"https://github.com/flatpak/flatpak/security/advisories/GHSA-7hgv-f2j8-xw87","reference_id":"GHSA-7hgv-f2j8-xw87","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-15T20:04:27Z/"}],"url":"https://github.com/flatpak/flatpak/security/advisories/GHSA-7hgv-f2j8-xw87"},{"reference_url":"https://security.gentoo.org/glsa/202411-02","reference_id":"GLSA-202411-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202411-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6355","reference_id":"RHSA-2024:6355","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6355"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6356","reference_id":"RHSA-2024:6356","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6356"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6357","reference_id":"RHSA-2024:6357","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6357"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6417","reference_id":"RHSA-2024:6417","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6417"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6418","reference_id":"RHSA-2024:6418","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6418"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6419","reference_id":"RHSA-2024:6419","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6419"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6420","reference_id":"RHSA-2024:6420","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6420"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6421","reference_id":"RHSA-2024:6421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6422","reference_id":"RHSA-2024:6422","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6422"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:9449","reference_id":"RHSA-2024:9449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:9449"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/223632?format=json","purl":"pkg:apk/alpine/flatpak@1.14.10-r0?arch=ppc64le&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/flatpak@1.14.10-r0%3Farch=ppc64le&distroversion=edge&reponame=community"}],"aliases":["CVE-2024-42472"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-grbh-sqmt-93e3"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/flatpak@1.14.10-r0%3Farch=ppc64le&distroversion=edge&reponame=community"}