{"url":"http://public2.vulnerablecode.io/api/packages/255282?format=json","purl":"pkg:apk/alpine/openjdk21@21.0.2_p13-r0?arch=armhf&distroversion=v3.23&reponame=community","type":"apk","namespace":"alpine","name":"openjdk21","version":"21.0.2_p13-r0","qualifiers":{"arch":"armhf","distroversion":"v3.23","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"21.0.3_p9-r0","latest_non_vulnerable_version":"21.0.11_p10-r0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18606?format=json","vulnerability_id":"VCID-h11v-vnvf-s7gy","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nUndici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but does not clear `Cookie` headers. By design, `cookie` headers are forbidden request headers, disallowing them to be set in RequestInit.headers in browser environments. Since undici handles headers more liberally than the spec, there was a disconnect from the assumptions the spec made, and undici's implementation of fetch. As such this may lead to accidental leakage of cookie to a third-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the third party site. This was patched in version 5.26.2. There are no known workarounds.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45143.json","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45143.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-45143","reference_id":"","reference_type":"","scores":[{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29997","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-45143"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/nodejs/undici","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/nodejs/undici"},{"reference_url":"https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T13:10:30Z/"}],"url":"https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76"},{"reference_url":"https://github.com/nodejs/undici/releases/tag/v5.26.2","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T13:10:30Z/"}],"url":"https://github.com/nodejs/undici/releases/tag/v5.26.2"},{"reference_url":"https://hackerone.com/reports/2166948","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T13:10:30Z/"}],"url":"https://hackerone.com/reports/2166948"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053879","reference_id":"1053879","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053879"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2244104","reference_id":"2244104","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2244104"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/","reference_id":"3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T13:10:30Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-45143","reference_id":"CVE-2023-45143","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-45143"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/","reference_id":"E72T67UPDRXHIDLO3OROR25YAMN4GGW5","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T13:10:30Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/","reference_id":"FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T13:10:30Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"},{"reference_url":"https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp","reference_id":"GHSA-q768-x9m6-m9qp","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T13:10:30Z/"}],"url":"https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp"},{"reference_url":"https://github.com/advisories/GHSA-wqq4-5wpv-mx2g","reference_id":"GHSA-wqq4-5wpv-mx2g","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wqq4-5wpv-mx2g"},{"reference_url":"https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g","reference_id":"GHSA-wqq4-5wpv-mx2g","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T13:10:30Z/"}],"url":"https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g"},{"reference_url":"https://security.gentoo.org/glsa/202505-11","reference_id":"GLSA-202505-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202505-11"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/","reference_id":"HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T13:10:30Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/","reference_id":"LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T13:10:30Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5849","reference_id":"RHSA-2023:5849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5849"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5869","reference_id":"RHSA-2023:5869","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5869"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7205","reference_id":"RHSA-2023:7205","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7205"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/","reference_id":"X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T13:10:30Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/255282?format=json","purl":"pkg:apk/alpine/openjdk21@21.0.2_p13-r0?arch=armhf&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openjdk21@21.0.2_p13-r0%3Farch=armhf&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2023-45143","GHSA-wqq4-5wpv-mx2g"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h11v-vnvf-s7gy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/246507?format=json","vulnerability_id":"VCID-mbbt-fxs2-cfdf","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-20921.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-20921.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20921","reference_id":"","reference_type":"","scores":[{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44661","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20921"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2257859","reference_id":"2257859","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2257859"},{"reference_url":"https://security.gentoo.org/glsa/202412-07","reference_id":"GLSA-202412-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0222","reference_id":"RHSA-2024:0222","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0222"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0223","reference_id":"RHSA-2024:0223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0224","reference_id":"RHSA-2024:0224","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0224"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0225","reference_id":"RHSA-2024:0225","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0225"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0226","reference_id":"RHSA-2024:0226","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0226"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0228","reference_id":"RHSA-2024:0228","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0228"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0230","reference_id":"RHSA-2024:0230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0231","reference_id":"RHSA-2024:0231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0231"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0232","reference_id":"RHSA-2024:0232","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0232"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0233","reference_id":"RHSA-2024:0233","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0233"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0234","reference_id":"RHSA-2024:0234","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0234"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0235","reference_id":"RHSA-2024:0235","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0235"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0237","reference_id":"RHSA-2024:0237","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0237"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0239","reference_id":"RHSA-2024:0239","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0239"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0240","reference_id":"RHSA-2024:0240","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0240"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0241","reference_id":"RHSA-2024:0241","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0241"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0242","reference_id":"RHSA-2024:0242","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0242"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0244","reference_id":"RHSA-2024:0244","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0244"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0246","reference_id":"RHSA-2024:0246","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0246"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0247","reference_id":"RHSA-2024:0247","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0247"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0248","reference_id":"RHSA-2024:0248","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0248"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0249","reference_id":"RHSA-2024:0249","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0249"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0250","reference_id":"RHSA-2024:0250","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0250"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0265","reference_id":"RHSA-2024:0265","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0265"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0266","reference_id":"RHSA-2024:0266","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0266"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0267","reference_id":"RHSA-2024:0267","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0267"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1481","reference_id":"RHSA-2024:1481","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1481"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1482","reference_id":"RHSA-2024:1482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1482"},{"reference_url":"https://usn.ubuntu.com/6660-1/","reference_id":"USN-6660-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6660-1/"},{"reference_url":"https://usn.ubuntu.com/6661-1/","reference_id":"USN-6661-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6661-1/"},{"reference_url":"https://usn.ubuntu.com/6662-1/","reference_id":"USN-6662-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6662-1/"},{"reference_url":"https://usn.ubuntu.com/6696-1/","reference_id":"USN-6696-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6696-1/"},{"reference_url":"https://usn.ubuntu.com/7096-1/","reference_id":"USN-7096-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7096-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/255282?format=json","purl":"pkg:apk/alpine/openjdk21@21.0.2_p13-r0?arch=armhf&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openjdk21@21.0.2_p13-r0%3Farch=armhf&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2024-20921"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mbbt-fxs2-cfdf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/246530?format=json","vulnerability_id":"VCID-pw9v-cvfa-sqgs","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-20945.json","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-20945.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20945","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14986","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20945"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2257874","reference_id":"2257874","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2257874"},{"reference_url":"https://security.gentoo.org/glsa/202412-07","reference_id":"GLSA-202412-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0222","reference_id":"RHSA-2024:0222","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0222"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0223","reference_id":"RHSA-2024:0223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0224","reference_id":"RHSA-2024:0224","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0224"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0225","reference_id":"RHSA-2024:0225","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0225"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0226","reference_id":"RHSA-2024:0226","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0226"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0228","reference_id":"RHSA-2024:0228","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0228"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0230","reference_id":"RHSA-2024:0230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0231","reference_id":"RHSA-2024:0231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0231"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0232","reference_id":"RHSA-2024:0232","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0232"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0233","reference_id":"RHSA-2024:0233","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0233"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0234","reference_id":"RHSA-2024:0234","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0234"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0235","reference_id":"RHSA-2024:0235","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0235"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0237","reference_id":"RHSA-2024:0237","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0237"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0239","reference_id":"RHSA-2024:0239","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0239"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0240","reference_id":"RHSA-2024:0240","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0240"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0241","reference_id":"RHSA-2024:0241","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0241"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0242","reference_id":"RHSA-2024:0242","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0242"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0244","reference_id":"RHSA-2024:0244","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0244"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0246","reference_id":"RHSA-2024:0246","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0246"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0247","reference_id":"RHSA-2024:0247","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0247"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0248","reference_id":"RHSA-2024:0248","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0248"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0249","reference_id":"RHSA-2024:0249","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0249"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0250","reference_id":"RHSA-2024:0250","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0250"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0265","reference_id":"RHSA-2024:0265","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0265"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0266","reference_id":"RHSA-2024:0266","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0266"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0267","reference_id":"RHSA-2024:0267","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0267"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1481","reference_id":"RHSA-2024:1481","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1481"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1482","reference_id":"RHSA-2024:1482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1482"},{"reference_url":"https://usn.ubuntu.com/6660-1/","reference_id":"USN-6660-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6660-1/"},{"reference_url":"https://usn.ubuntu.com/6661-1/","reference_id":"USN-6661-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6661-1/"},{"reference_url":"https://usn.ubuntu.com/6662-1/","reference_id":"USN-6662-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6662-1/"},{"reference_url":"https://usn.ubuntu.com/6696-1/","reference_id":"USN-6696-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6696-1/"},{"reference_url":"https://usn.ubuntu.com/7096-1/","reference_id":"USN-7096-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7096-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/255282?format=json","purl":"pkg:apk/alpine/openjdk21@21.0.2_p13-r0?arch=armhf&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openjdk21@21.0.2_p13-r0%3Farch=armhf&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2024-20945"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pw9v-cvfa-sqgs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/246504?format=json","vulnerability_id":"VCID-sehu-1b4v-vfdf","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-20918.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-20918.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20918","reference_id":"","reference_type":"","scores":[{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46573","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20918"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2257728","reference_id":"2257728","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2257728"},{"reference_url":"https://security.gentoo.org/glsa/202412-07","reference_id":"GLSA-202412-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-07"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html","reference_id":"msg00023.html","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-25T05:01:02Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240201-0002/","reference_id":"ntap-20240201-0002","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-25T05:01:02Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240201-0002/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0222","reference_id":"RHSA-2024:0222","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0222"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0223","reference_id":"RHSA-2024:0223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0224","reference_id":"RHSA-2024:0224","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0224"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0225","reference_id":"RHSA-2024:0225","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0225"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0226","reference_id":"RHSA-2024:0226","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0226"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0228","reference_id":"RHSA-2024:0228","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0228"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0230","reference_id":"RHSA-2024:0230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0231","reference_id":"RHSA-2024:0231","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0231"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0232","reference_id":"RHSA-2024:0232","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0232"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0233","reference_id":"RHSA-2024:0233","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0233"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0234","reference_id":"RHSA-2024:0234","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0234"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0235","reference_id":"RHSA-2024:0235","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0235"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0237","reference_id":"RHSA-2024:0237","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0237"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0239","reference_id":"RHSA-2024:0239","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0239"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0240","reference_id":"RHSA-2024:0240","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0240"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0241","reference_id":"RHSA-2024:0241","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0241"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0242","reference_id":"RHSA-2024:0242","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0242"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0244","reference_id":"RHSA-2024:0244","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0244"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0246","reference_id":"RHSA-2024:0246","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0246"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0247","reference_id":"RHSA-2024:0247","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0247"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0248","reference_id":"RHSA-2024:0248","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0248"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0249","reference_id":"RHSA-2024:0249","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0249"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0250","reference_id":"RHSA-2024:0250","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0250"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0265","reference_id":"RHSA-2024:0265","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0265"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0266","reference_id":"RHSA-2024:0266","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0266"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0267","reference_id":"RHSA-2024:0267","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0267"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1481","reference_id":"RHSA-2024:1481","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1481"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1482","reference_id":"RHSA-2024:1482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1482"},{"reference_url":"https://usn.ubuntu.com/6660-1/","reference_id":"USN-6660-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6660-1/"},{"reference_url":"https://usn.ubuntu.com/6661-1/","reference_id":"USN-6661-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6661-1/"},{"reference_url":"https://usn.ubuntu.com/6662-1/","reference_id":"USN-6662-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6662-1/"},{"reference_url":"https://usn.ubuntu.com/6696-1/","reference_id":"USN-6696-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6696-1/"},{"reference_url":"https://usn.ubuntu.com/7096-1/","reference_id":"USN-7096-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7096-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/255282?format=json","purl":"pkg:apk/alpine/openjdk21@21.0.2_p13-r0?arch=armhf&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openjdk21@21.0.2_p13-r0%3Farch=armhf&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2024-20918"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sehu-1b4v-vfdf"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openjdk21@21.0.2_p13-r0%3Farch=armhf&distroversion=v3.23&reponame=community"}