{"url":"http://public2.vulnerablecode.io/api/packages/333669?format=json","purl":"pkg:rpm/redhat/eap7-apache-cxf@3.1.16-3.SP1_redhat_00001.1.ep7?arch=el7","type":"rpm","namespace":"redhat","name":"eap7-apache-cxf","version":"3.1.16-3.SP1_redhat_00001.1.ep7","qualifiers":{"arch":"el7"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8743?format=json","vulnerability_id":"VCID-bmk5-nrs8-p7h8","summary":"","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0497","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0567","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0567"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0601","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0601"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0605","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0605"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0606","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0804","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0804"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0805","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0805"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0806","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0806"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0811","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0811"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7238.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7238.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7238","reference_id":"","reference_type":"","scores":[{"value":"0.01498","scoring_system":"epss","scoring_elements":"0.81583","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01498","scoring_system":"epss","scoring_elements":"0.81523","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7238"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20444","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20444"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20445","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20445"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11612","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11612"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7238","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7238"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21409","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21409"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/jdordonezn/CVE-2020-72381/issues/1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jdordonezn/CVE-2020-72381/issues/1"},{"reference_url":"https://github.com/netty/netty/issues/9861","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/netty/netty/issues/9861"},{"reference_url":"https://github.com/netty/netty/pull/9865","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/netty/netty/pull/9865"},{"reference_url":"https://lists.apache.org/thread.html/r131e572d003914843552fa45c4398b9903fb74144986e8b107c0a3a7@%3Ccommits.cassandra.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r131e572d003914843552fa45c4398b9903fb74144986e8b107c0a3a7@%3Ccommits.cassandra.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc8d554aad889d12b140d9fd7d2d6fc2e8716e9792f6f4e4b2cdc2d05@%3Ccommits.cassandra.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc8d554aad889d12b140d9fd7d2d6fc2e8716e9792f6f4e4b2cdc2d05@%3Ccommits.cassandra.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/02/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/02/msg00017.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/"},{"reference_url":"https://netty.io/news","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://netty.io/news"},{"reference_url":"https://netty.io/news/","reference_id":"","reference_type":"","scores":[],"url":"https://netty.io/news/"},{"reference_url":"https://netty.io/news/2019/12/18/4-1-44-Final.html","reference_id":"","reference_type":"","scores":[],"url":"https://netty.io/news/2019/12/18/4-1-44-Final.html"},{"reference_url":"https://www.debian.org/security/2021/dsa-4885","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4885"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1796225","reference_id":"1796225","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1796225"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950967","reference_id":"950967","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950967"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7238","reference_id":"CVE-2020-7238","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7238"},{"reference_url":"https://github.com/advisories/GHSA-ff2w-cq2g-wv5f","reference_id":"GHSA-ff2w-cq2g-wv5f","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ff2w-cq2g-wv5f"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0922","reference_id":"RHSA-2020:0922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0939","reference_id":"RHSA-2020:0939","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0939"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0951","reference_id":"RHSA-2020:0951","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0951"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1445","reference_id":"RHSA-2020:1445","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1445"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2067","reference_id":"RHSA-2020:2067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2321","reference_id":"RHSA-2020:2321","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2321"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2333","reference_id":"RHSA-2020:2333","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2333"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3192","reference_id":"RHSA-2020:3192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3196","reference_id":"RHSA-2020:3196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3197","reference_id":"RHSA-2020:3197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4366","reference_id":"RHSA-2020:4366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10208","reference_id":"RHSA-2024:10208","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10208"},{"reference_url":"https://usn.ubuntu.com/4600-1/","reference_id":"USN-4600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4600-1/"}],"fixed_packages":[],"aliases":["CVE-2020-7238","GHSA-ff2w-cq2g-wv5f"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bmk5-nrs8-p7h8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/139640?format=json","vulnerability_id":"VCID-jc1j-ejq3-skf3","summary":"When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.\n\nThis issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2.  Users should update to apache-avro version 1.11.3 which addresses this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39410.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39410.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39410","reference_id":"","reference_type":"","scores":[{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21649","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21837","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39410"},{"reference_url":"https://github.com/apache/avro","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/avro"},{"reference_url":"https://github.com/apache/avro/commit/a12a7e44ddbe060c3dc731863cad5c15f9267828","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/avro/commit/a12a7e44ddbe060c3dc731863cad5c15f9267828"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/avro/PYSEC-2023-188.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/avro/PYSEC-2023-188.yaml"},{"reference_url":"https://issues.apache.org/jira/browse/AVRO-3819","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/AVRO-3819"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39410","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39410"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240621-0006","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240621-0006"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/29/6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2023/09/29/6"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2242521","reference_id":"2242521","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2242521"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/09/29/6","reference_id":"6","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:07:20Z/"}],"url":"https://www.openwall.com/lists/oss-security/2023/09/29/6"},{"reference_url":"https://github.com/advisories/GHSA-rhrv-645h-fjfh","reference_id":"GHSA-rhrv-645h-fjfh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rhrv-645h-fjfh"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240621-0006/","reference_id":"ntap-20240621-0006","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:07:20Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240621-0006/"},{"reference_url":"https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds","reference_id":"q142wj99cwdd0jo5lvdoxzoymlqyjdds","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:07:20Z/"}],"url":"https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7247","reference_id":"RHSA-2023:7247","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7247"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7612","reference_id":"RHSA-2023:7612","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7612"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7617","reference_id":"RHSA-2023:7617","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7617"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7637","reference_id":"RHSA-2023:7637","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7637"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7638","reference_id":"RHSA-2023:7638","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7638"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7639","reference_id":"RHSA-2023:7639","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7639"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7641","reference_id":"RHSA-2023:7641","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7641"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7700","reference_id":"RHSA-2023:7700","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7700"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10207","reference_id":"RHSA-2024:10207","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10208","reference_id":"RHSA-2024:10208","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10208"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3354","reference_id":"RHSA-2024:3354","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3354"}],"fixed_packages":[],"aliases":["CVE-2023-39410","GHSA-rhrv-645h-fjfh","PYSEC-2023-188"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jc1j-ejq3-skf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57989?format=json","vulnerability_id":"VCID-k1kv-hpyq-uycd","summary":"Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.\nUsers are recommended to upgrade to version 1.11.4  or 1.12.0, which fix this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47561.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47561.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47561","reference_id":"","reference_type":"","scores":[{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73525","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73599","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47561"},{"reference_url":"https://github.com/apache/avro","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/avro"},{"reference_url":"https://github.com/apache/avro/commit/8f89868d29272e3afea2ff8de8c85cb81a57d900","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/avro/commit/8f89868d29272e3afea2ff8de8c85cb81a57d900"},{"reference_url":"https://github.com/apache/avro/commit/f6b3bd7e50e6e09fedddb98c61558c022ba31285","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/avro/commit/f6b3bd7e50e6e09fedddb98c61558c022ba31285"},{"reference_url":"https://github.com/apache/avro/pull/2934","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/avro/pull/2934"},{"reference_url":"https://github.com/apache/avro/pull/2980","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/avro/pull/2980"},{"reference_url":"https://issues.apache.org/jira/browse/AVRO-3985","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/AVRO-3985"},{"reference_url":"https://security.netapp.com/advisory/ntap-20241011-0003","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20241011-0003"},{"reference_url":"https://thehackernews.com/2024/10/critical-apache-avro-sdk-flaw-allows.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://thehackernews.com/2024/10/critical-apache-avro-sdk-flaw-allows.html"},{"reference_url":"https://www.openwall.com/lists/oss-security/2024/10/03/1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2024/10/03/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/10/03/1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/10/03/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2316116","reference_id":"2316116","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2316116"},{"reference_url":"https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x","reference_id":"c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T18:53:44Z/"}],"url":"https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47561","reference_id":"CVE-2024-47561","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47561"},{"reference_url":"https://github.com/advisories/GHSA-r7pg-v2c8-mfg3","reference_id":"GHSA-r7pg-v2c8-mfg3","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r7pg-v2c8-mfg3"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10207","reference_id":"RHSA-2024:10207","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10208","reference_id":"RHSA-2024:10208","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10208"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10933","reference_id":"RHSA-2024:10933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7670","reference_id":"RHSA-2024:7670","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7670"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7676","reference_id":"RHSA-2024:7676","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7676"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7811","reference_id":"RHSA-2024:7811","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7811"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7812","reference_id":"RHSA-2024:7812","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7812"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7861","reference_id":"RHSA-2024:7861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7972","reference_id":"RHSA-2024:7972","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7972"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8064","reference_id":"RHSA-2024:8064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8064"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8093","reference_id":"RHSA-2024:8093","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8093"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8339","reference_id":"RHSA-2024:8339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8339"}],"fixed_packages":[],"aliases":["CVE-2024-47561","GHSA-r7pg-v2c8-mfg3"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k1kv-hpyq-uycd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/135909?format=json","vulnerability_id":"VCID-pct3-6zts-7qfu","summary":"** UNSUPPORTED WHEN ASSIGNED **\n\nWhen using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) \nhashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized.\n\nThis issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26464.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26464.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26464","reference_id":"","reference_type":"","scores":[{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31505","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31311","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26464"},{"reference_url":"https://github.com/apache/logging-log4j2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/logging-log4j2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26464","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26464"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230505-0008","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20230505-0008"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2182864","reference_id":"2182864","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2182864"},{"reference_url":"https://github.com/advisories/GHSA-vp98-w2p3-mv35","reference_id":"GHSA-vp98-w2p3-mv35","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vp98-w2p3-mv35"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230505-0008/","reference_id":"ntap-20230505-0008","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T16:39:52Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230505-0008/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3663","reference_id":"RHSA-2023:3663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5484","reference_id":"RHSA-2023:5484","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5484"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5485","reference_id":"RHSA-2023:5485","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5486","reference_id":"RHSA-2023:5486","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5486"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5488","reference_id":"RHSA-2023:5488","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5488"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10207","reference_id":"RHSA-2024:10207","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10208","reference_id":"RHSA-2024:10208","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10208"},{"reference_url":"https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t","reference_id":"wkx6grrcjkh86crr49p4blc1v1nflj3t","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T16:39:52Z/"}],"url":"https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t"}],"fixed_packages":[],"aliases":["CVE-2023-26464","GHSA-vp98-w2p3-mv35"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pct3-6zts-7qfu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39645?format=json","vulnerability_id":"VCID-rq89-b4v2-jqa3","summary":"A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28752.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28752.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28752","reference_id":"","reference_type":"","scores":[{"value":"0.46602","scoring_system":"epss","scoring_elements":"0.97743","published_at":"2026-06-12T12:55:00Z"},{"value":"0.50829","scoring_system":"epss","scoring_elements":"0.97922","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28752"},{"reference_url":"https://github.com/apache/cxf","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/cxf"},{"reference_url":"https://github.com/apache/cxf/commit/d0baeb3ee64c6d7c883bd2f5c4cb0de6b0b5f463","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/cxf/commit/d0baeb3ee64c6d7c883bd2f5c4cb0de6b0b5f463"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240517-0001","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240517-0001"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2270732","reference_id":"2270732","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2270732"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/03/14/3","reference_id":"3","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-20T03:55:33Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/03/14/3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28752","reference_id":"CVE-2024-28752","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28752"},{"reference_url":"https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt","reference_id":"CVE-2024-28752.txt","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-20T03:55:33Z/"}],"url":"https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt"},{"reference_url":"https://github.com/advisories/GHSA-qmgx-j96g-4428","reference_id":"GHSA-qmgx-j96g-4428","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qmgx-j96g-4428"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240517-0001/","reference_id":"ntap-20240517-0001","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-20T03:55:33Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240517-0001/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10207","reference_id":"RHSA-2024:10207","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10208","reference_id":"RHSA-2024:10208","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10208"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2834","reference_id":"RHSA-2024:2834","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2834"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2852","reference_id":"RHSA-2024:2852","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2852"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3354","reference_id":"RHSA-2024:3354","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3354"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3559","reference_id":"RHSA-2024:3559","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3559"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3560","reference_id":"RHSA-2024:3560","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3561","reference_id":"RHSA-2024:3561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3561"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3563","reference_id":"RHSA-2024:3563","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3563"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3708","reference_id":"RHSA-2024:3708","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3708"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5479","reference_id":"RHSA-2024:5479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5481","reference_id":"RHSA-2024:5481","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5481"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5482","reference_id":"RHSA-2024:5482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8339","reference_id":"RHSA-2024:8339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8339"}],"fixed_packages":[],"aliases":["CVE-2024-28752","GHSA-qmgx-j96g-4428"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rq89-b4v2-jqa3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/133585?format=json","vulnerability_id":"VCID-sr16-fbnj-ryhr","summary":"A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5685.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5685.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5685","reference_id":"","reference_type":"","scores":[{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.65327","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.65226","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5685"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5685","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5685"},{"reference_url":"https://github.com/xnio/xnio","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xnio/xnio"},{"reference_url":"https://github.com/xnio/xnio/blob/3.8.13.Final/api/src/main/java/org/xnio/AbstractIoFuture.java#L249","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xnio/xnio/blob/3.8.13.Final/api/src/main/java/org/xnio/AbstractIoFuture.java#L249"},{"reference_url":"https://github.com/xnio/xnio/commit/ffabdcdda508ef87aeadad5ca3f854e274d60ec1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xnio/xnio/commit/ffabdcdda508ef87aeadad5ca3f854e274d60ec1"},{"reference_url":"https://issues.redhat.com/browse/XNIO-423","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/XNIO-423"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065847","reference_id":"1065847","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065847"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4","reference_id":"cpe:/a:redhat:apache_camel_hawtio:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache-camel-spring-boot:4.4.0","reference_id":"cpe:/a:redhat:apache-camel-spring-boot:4.4.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache-camel-spring-boot:4.4.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:3","reference_id":"cpe:/a:redhat:camel_spring_boot:3","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:3"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1","reference_id":"cpe:/a:redhat:integration:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7","reference_id":"cpe:/a:redhat:jboss_data_grid:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8","reference_id":"cpe:/a:redhat:jboss_data_grid:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7.4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse_service_works:6","reference_id":"cpe:/a:redhat:jboss_fuse_service_works:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse_service_works:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-5685","reference_id":"CVE-2023-5685","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:12:35Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-5685"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5685","reference_id":"CVE-2023-5685","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5685"},{"reference_url":"https://github.com/advisories/GHSA-7f88-5hhx-67m2","reference_id":"GHSA-7f88-5hhx-67m2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7f88-5hhx-67m2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7637","reference_id":"RHSA-2023:7637","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:12:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7637"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7638","reference_id":"RHSA-2023:7638","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:12:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7638"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7639","reference_id":"RHSA-2023:7639","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:12:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7639"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7641","reference_id":"RHSA-2023:7641","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:12:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7641"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10207","reference_id":"RHSA-2024:10207","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:12:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:10207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10208","reference_id":"RHSA-2024:10208","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:12:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:10208"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2707","reference_id":"RHSA-2024:2707","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:12:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2707"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241822","reference_id":"show_bug.cgi?id=2241822","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:12:35Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241822"}],"fixed_packages":[],"aliases":["CVE-2023-5685","GHSA-7f88-5hhx-67m2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sr16-fbnj-ryhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12120?format=json","vulnerability_id":"VCID-thwj-67p8-tbae","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34169.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34169.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34169","reference_id":"","reference_type":"","scores":[{"value":"0.10953","scoring_system":"epss","scoring_elements":"0.93598","published_at":"2026-06-12T12:55:00Z"},{"value":"0.10953","scoring_system":"epss","scoring_elements":"0.93577","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21540","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21540"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21549","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21549"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34169"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitbox.apache.org/repos/asf?p=xalan-java.git","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitbox.apache.org/repos/asf?p=xalan-java.git"},{"reference_url":"https://gitbox.apache.org/repos/asf?p=xalan-java.git;a=commit;h=2e60d0a9a5b822c4abf9051857973b1c6babfe81","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitbox.apache.org/repos/asf?p=xalan-java.git;a=commit;h=2e60d0a9a5b822c4abf9051857973b1c6babfe81"},{"reference_url":"https://gitbox.apache.org/repos/asf?p=xalan-java.git;a=commit;h=ab57211e5d2e97cbed06786f919fa9b749c83573","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitbox.apache.org/repos/asf?p=xalan-java.git;a=commit;h=ab57211e5d2e97cbed06786f919fa9b749c83573"},{"reference_url":"https://gitbox.apache.org/repos/asf?p=xalan-java.git;a=commit;h=da3e0d06b467247643ce04e88d3346739d119f21","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitbox.apache.org/repos/asf?p=xalan-java.git;a=commit;h=da3e0d06b467247643ce04e88d3346739d119f21"},{"reference_url":"https://lists.apache.org/thread/x3f7xv3p1g32qj2hlg8wd57pwcpld471","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/x3f7xv3p1g32qj2hlg8wd57pwcpld471"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220729-0009","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220729-0009"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240621-0006","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240621-0006"},{"reference_url":"https://xalan.apache.org","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://xalan.apache.org"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015860","reference_id":"1015860","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015860"},{"reference_url":"https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw","reference_id":"12pxy4phsry6c34x2ol4fft6xlho4kyw","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:24:49Z/"}],"url":"https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/07/20/2","reference_id":"2","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:24:49Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/07/20/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/10/18/2","reference_id":"2","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:24:49Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/10/18/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/07/2","reference_id":"2","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:24:49Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/11/07/2"},{"reference_url":"https://security.gentoo.org/glsa/202401-25","reference_id":"202401-25","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:24:49Z/"}],"url":"https://security.gentoo.org/glsa/202401-25"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2108554","reference_id":"2108554","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2108554"},{"reference_url":"https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8","reference_id":"2qvl7r43wb4t8p9dd9om1bnkssk07sn8","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:24:49Z/"}],"url":"https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/07/20/3","reference_id":"3","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:24:49Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/07/20/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/07/19/5","reference_id":"5","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:24:49Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/07/19/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/07/19/6","reference_id":"6","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:24:49Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/07/19/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/04/8","reference_id":"8","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:24:49Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/11/04/8"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"cpujul2022.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:24:49Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-34169","reference_id":"CVE-2022-34169","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-34169"},{"reference_url":"https://www.debian.org/security/2022/dsa-5188","reference_id":"dsa-5188","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:24:49Z/"}],"url":"https://www.debian.org/security/2022/dsa-5188"},{"reference_url":"https://www.debian.org/security/2022/dsa-5192","reference_id":"dsa-5192","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:24:49Z/"}],"url":"https://www.debian.org/security/2022/dsa-5192"},{"reference_url":"https://www.debian.org/security/2022/dsa-5256","reference_id":"dsa-5256","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:24:49Z/"}],"url":"https://www.debian.org/security/2022/dsa-5256"},{"reference_url":"https://github.com/advisories/GHSA-9339-86wc-4qgf","reference_id":"GHSA-9339-86wc-4qgf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9339-86wc-4qgf"},{"reference_url":"https://security.gentoo.org/glsa/202405-16","reference_id":"GLSA-202405-16","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-16"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/","reference_id":"H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:24:49Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/","reference_id":"I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:24:49Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/","reference_id":"JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:24:49Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/","reference_id":"KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:24:49Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/","reference_id":"L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:24:49Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html","reference_id":"msg00024.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:24:49Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220729-0009/","reference_id":"ntap-20220729-0009","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:24:49Z/"}],"url":"https://security.netapp.com/advisory/ntap-20220729-0009/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240621-0006/","reference_id":"ntap-20240621-0006","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:24:49Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240621-0006/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5681","reference_id":"RHSA-2022:5681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5683","reference_id":"RHSA-2022:5683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5684","reference_id":"RHSA-2022:5684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5685","reference_id":"RHSA-2022:5685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5685"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5687","reference_id":"RHSA-2022:5687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5695","reference_id":"RHSA-2022:5695","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5695"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5696","reference_id":"RHSA-2022:5696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5696"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5697","reference_id":"RHSA-2022:5697","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5697"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5698","reference_id":"RHSA-2022:5698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5700","reference_id":"RHSA-2022:5700","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5700"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5701","reference_id":"RHSA-2022:5701","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5701"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5709","reference_id":"RHSA-2022:5709","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5709"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5726","reference_id":"RHSA-2022:5726","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5726"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5736","reference_id":"RHSA-2022:5736","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5736"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5753","reference_id":"RHSA-2022:5753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5754","reference_id":"RHSA-2022:5754","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5754"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5755","reference_id":"RHSA-2022:5755","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5755"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5756","reference_id":"RHSA-2022:5756","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5756"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5757","reference_id":"RHSA-2022:5757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5758","reference_id":"RHSA-2022:5758","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5758"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10207","reference_id":"RHSA-2024:10207","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10208","reference_id":"RHSA-2024:10208","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10208"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3708","reference_id":"RHSA-2024:3708","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3708"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8075","reference_id":"RHSA-2024:8075","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8075"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8076","reference_id":"RHSA-2024:8076","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8076"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8077","reference_id":"RHSA-2024:8077","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8077"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8080","reference_id":"RHSA-2024:8080","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8080"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8823","reference_id":"RHSA-2024:8823","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8823"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8824","reference_id":"RHSA-2024:8824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8824"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8826","reference_id":"RHSA-2024:8826","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8826"},{"reference_url":"https://usn.ubuntu.com/5546-1/","reference_id":"USN-5546-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5546-1/"},{"reference_url":"https://usn.ubuntu.com/5546-2/","reference_id":"USN-5546-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5546-2/"},{"reference_url":"http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html","reference_id":"Xalan-J-XSLTC-Integer-Truncation.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:24:49Z/"}],"url":"http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/","reference_id":"YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:24:49Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/"}],"fixed_packages":[],"aliases":["CVE-2022-34169","GHSA-9339-86wc-4qgf"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-thwj-67p8-tbae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12441?format=json","vulnerability_id":"VCID-wdvr-ddjy-27as","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41853.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41853.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41853","reference_id":"","reference_type":"","scores":[{"value":"0.70144","scoring_system":"epss","scoring_elements":"0.98699","published_at":"2026-06-11T12:55:00Z"},{"value":"0.70144","scoring_system":"epss","scoring_elements":"0.98703","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41853"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41853","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41853"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://sourceforge.net/projects/hsqldb","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://sourceforge.net/projects/hsqldb"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023573","reference_id":"1023573","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023573"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2136141","reference_id":"2136141","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2136141"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41853","reference_id":"CVE-2022-41853","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41853"},{"reference_url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50212#c7","reference_id":"detail?id=50212#c7","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-21T13:37:02Z/"}],"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50212#c7"},{"reference_url":"https://www.debian.org/security/2023/dsa-5313","reference_id":"dsa-5313","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-21T13:37:02Z/"}],"url":"https://www.debian.org/security/2023/dsa-5313"},{"reference_url":"https://github.com/advisories/GHSA-77xx-rxvh-q682","reference_id":"GHSA-77xx-rxvh-q682","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-77xx-rxvh-q682"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00020.html","reference_id":"msg00020.html","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-21T13:37:02Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00020.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8559","reference_id":"RHSA-2022:8559","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8559"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8560","reference_id":"RHSA-2022:8560","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8652","reference_id":"RHSA-2022:8652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1512","reference_id":"RHSA-2023:1512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1513","reference_id":"RHSA-2023:1513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1514","reference_id":"RHSA-2023:1514","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1514"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1516","reference_id":"RHSA-2023:1516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2100","reference_id":"RHSA-2023:2100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2100"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10207","reference_id":"RHSA-2024:10207","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10208","reference_id":"RHSA-2024:10208","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10208"},{"reference_url":"http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control","reference_id":"sqlroutines-chapt.html#src_jrt_access_control","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-21T13:37:02Z/"}],"url":"http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control"}],"fixed_packages":[],"aliases":["CVE-2022-41853","GHSA-77xx-rxvh-q682"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wdvr-ddjy-27as"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/356361?format=json","vulnerability_id":"VCID-xa51-6y7r-7uf4","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3171.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3171.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3171","reference_id":"","reference_type":"","scores":[{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39439","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39609","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3171"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2213639","reference_id":"2213639","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2213639"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5484","reference_id":"RHSA-2023:5484","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5484"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5485","reference_id":"RHSA-2023:5485","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5486","reference_id":"RHSA-2023:5486","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5486"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5488","reference_id":"RHSA-2023:5488","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5488"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10207","reference_id":"RHSA-2024:10207","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10208","reference_id":"RHSA-2024:10208","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10208"}],"fixed_packages":[],"aliases":["CVE-2023-3171"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xa51-6y7r-7uf4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/165021?format=json","vulnerability_id":"VCID-yb9d-mbgp-dfam","summary":"A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46364.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46364.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-46364","reference_id":"","reference_type":"","scores":[{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27895","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27693","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-46364"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-46364","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-46364"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2155682","reference_id":"2155682","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2155682"},{"reference_url":"https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2","reference_id":"CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-22T02:48:12Z/"}],"url":"https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2"},{"reference_url":"https://github.com/advisories/GHSA-x3x3-qwjq-8gj4","reference_id":"GHSA-x3x3-qwjq-8gj4","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x3x3-qwjq-8gj4"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0163","reference_id":"RHSA-2023:0163","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0163"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0164","reference_id":"RHSA-2023:0164","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0164"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0483","reference_id":"RHSA-2023:0483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0483"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0544","reference_id":"RHSA-2023:0544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0556","reference_id":"RHSA-2023:0556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0556"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1043","reference_id":"RHSA-2023:1043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1044","reference_id":"RHSA-2023:1044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1045","reference_id":"RHSA-2023:1045","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1045"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1047","reference_id":"RHSA-2023:1047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1049","reference_id":"RHSA-2023:1049","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1049"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1285","reference_id":"RHSA-2023:1285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1286","reference_id":"RHSA-2023:1286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2041","reference_id":"RHSA-2023:2041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2135","reference_id":"RHSA-2023:2135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3641","reference_id":"RHSA-2023:3641","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3641"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3954","reference_id":"RHSA-2023:3954","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3954"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10207","reference_id":"RHSA-2024:10207","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10208","reference_id":"RHSA-2024:10208","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10208"}],"fixed_packages":[],"aliases":["CVE-2022-46364","GHSA-x3x3-qwjq-8gj4"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yb9d-mbgp-dfam"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-apache-cxf@3.1.16-3.SP1_redhat_00001.1.ep7%3Farch=el7"}