{"url":"http://public2.vulnerablecode.io/api/packages/44789?format=json","purl":"pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye","type":"deb","namespace":"debian","name":"h2o","version":"2.2.5+dfsg2-7","qualifiers":{"distro":"bullseye"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/215984?format=json","vulnerability_id":"VCID-1rpy-7nfc-63ff","summary":"Use-after-free vulnerability in H2O allows remote attackers to cause a denial-of-service (DoS) or obtain server certificate private keys and possibly other information.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7835","reference_id":"","reference_type":"","scores":[{"value":"0.03157","scoring_system":"epss","scoring_elements":"0.87198","published_at":"2026-06-11T12:55:00Z"},{"value":"0.03157","scoring_system":"epss","scoring_elements":"0.87243","published_at":"2026-06-12T12:55:00Z"},{"value":"0.03157","scoring_system":"epss","scoring_elements":"0.8725","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7835"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44790?format=json","purl":"pkg:deb/debian/h2o@0?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@0%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/44791?format=json","purl":"pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-6%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/44789?format=json","purl":"pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-7%3Fdistro=bullseye"}],"aliases":["CVE-2016-7835"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1rpy-7nfc-63ff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/205608?format=json","vulnerability_id":"VCID-54vs-5ffr-57g6","summary":"Buffer overflow in H2O version 2.2.4 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0608","reference_id":"","reference_type":"","scores":[{"value":"0.02444","scoring_system":"epss","scoring_elements":"0.85512","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02444","scoring_system":"epss","scoring_elements":"0.85563","published_at":"2026-06-12T12:55:00Z"},{"value":"0.02444","scoring_system":"epss","scoring_elements":"0.85573","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0608"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44794?format=json","purl":"pkg:deb/debian/h2o@2.2.5%2Bdfsg1-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg1-1%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/44791?format=json","purl":"pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-6%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/44789?format=json","purl":"pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-7%3Fdistro=bullseye"}],"aliases":["CVE-2018-0608"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-54vs-5ffr-57g6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204734?format=json","vulnerability_id":"VCID-6veh-vxkg-pfdu","summary":"H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10868","reference_id":"","reference_type":"","scores":[{"value":"0.01218","scoring_system":"epss","scoring_elements":"0.79451","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01218","scoring_system":"epss","scoring_elements":"0.79517","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01218","scoring_system":"epss","scoring_elements":"0.79532","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10868"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44792?format=json","purl":"pkg:deb/debian/h2o@2.2.3%2Bdfsg-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.3%252Bdfsg-1%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/44791?format=json","purl":"pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-6%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/44789?format=json","purl":"pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-7%3Fdistro=bullseye"}],"aliases":["CVE-2017-10868"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6veh-vxkg-pfdu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40790?format=json","vulnerability_id":"VCID-9y7v-4yaj-vbem","summary":"h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When h2o is configured as a reverse proxy and HTTP/3 requests are cancelled by the client, h2o might crash due to an assertion failure. The crash can be exploited by an attacker to mount a Denial-of-Service attack. By default, the h2o standalone server automatically restarts, minimizing the impact. However, HTTP requests that were served concurrently will still be disrupted. The vulnerability has been addressed in commit 1ed32b2. Users may disable the use of HTTP/3 to mitigate the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45403","reference_id":"","reference_type":"","scores":[{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.5637","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56503","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56488","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45403"},{"reference_url":"https://github.com/h2o/h2o/commit/16b13eee8ad7895b4fe3fcbcabee53bd52782562","reference_id":"16b13eee8ad7895b4fe3fcbcabee53bd52782562","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T14:40:44Z/"}],"url":"https://github.com/h2o/h2o/commit/16b13eee8ad7895b4fe3fcbcabee53bd52782562"},{"reference_url":"https://github.com/h2o/h2o/commit/1ed32b23f999acf0c5029f09c8525f93eb1d354c","reference_id":"1ed32b23f999acf0c5029f09c8525f93eb1d354c","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T14:40:44Z/"}],"url":"https://github.com/h2o/h2o/commit/1ed32b23f999acf0c5029f09c8525f93eb1d354c"},{"reference_url":"https://github.com/h2o/h2o/security/advisories/GHSA-4xp5-3jhc-3m92","reference_id":"GHSA-4xp5-3jhc-3m92","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T14:40:44Z/"}],"url":"https://github.com/h2o/h2o/security/advisories/GHSA-4xp5-3jhc-3m92"},{"reference_url":"https://h2o.examp1e.net/configure/http3_directives.html","reference_id":"http3_directives.html","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T14:40:44Z/"}],"url":"https://h2o.examp1e.net/configure/http3_directives.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44790?format=json","purl":"pkg:deb/debian/h2o@0?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@0%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/44791?format=json","purl":"pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-6%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/44789?format=json","purl":"pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-7%3Fdistro=bullseye"}],"aliases":["CVE-2024-45403"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9y7v-4yaj-vbem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204735?format=json","vulnerability_id":"VCID-daqk-agmk-wfbq","summary":"Buffer overflow in H2O version 2.2.2 and earlier allows remote attackers to cause a denial-of-service in the server via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10869","reference_id":"","reference_type":"","scores":[{"value":"0.01867","scoring_system":"epss","scoring_elements":"0.83504","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01867","scoring_system":"epss","scoring_elements":"0.83563","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01867","scoring_system":"epss","scoring_elements":"0.83573","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10869"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10869","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10869"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44792?format=json","purl":"pkg:deb/debian/h2o@2.2.3%2Bdfsg-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.3%252Bdfsg-1%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/44791?format=json","purl":"pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-6%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/44789?format=json","purl":"pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-7%3Fdistro=bullseye"}],"aliases":["CVE-2017-10869"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-daqk-agmk-wfbq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204737?format=json","vulnerability_id":"VCID-gy3b-yuss-nbc3","summary":"H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10908","reference_id":"","reference_type":"","scores":[{"value":"0.01336","scoring_system":"epss","scoring_elements":"0.80403","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01336","scoring_system":"epss","scoring_elements":"0.80464","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01336","scoring_system":"epss","scoring_elements":"0.80475","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10908"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10908","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10908"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44793?format=json","purl":"pkg:deb/debian/h2o@2.2.4%2Bdfsg-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.4%252Bdfsg-1%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/44791?format=json","purl":"pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-6%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/44789?format=json","purl":"pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-7%3Fdistro=bullseye"}],"aliases":["CVE-2017-10908"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gy3b-yuss-nbc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/215981?format=json","vulnerability_id":"VCID-jmy1-n4c6-f7d6","summary":"H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service (DoS) via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4864","reference_id":"","reference_type":"","scores":[{"value":"0.01598","scoring_system":"epss","scoring_elements":"0.82101","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01598","scoring_system":"epss","scoring_elements":"0.82162","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01598","scoring_system":"epss","scoring_elements":"0.82171","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4864"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44790?format=json","purl":"pkg:deb/debian/h2o@0?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@0%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/44791?format=json","purl":"pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-6%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/44789?format=json","purl":"pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-7%3Fdistro=bullseye"}],"aliases":["CVE-2016-4864"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jmy1-n4c6-f7d6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204736?format=json","vulnerability_id":"VCID-n6nd-sakk-kbf2","summary":"H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10872","reference_id":"","reference_type":"","scores":[{"value":"0.00676","scoring_system":"epss","scoring_elements":"0.71963","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00676","scoring_system":"epss","scoring_elements":"0.72048","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00676","scoring_system":"epss","scoring_elements":"0.7206","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10872"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10872","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10872"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44793?format=json","purl":"pkg:deb/debian/h2o@2.2.4%2Bdfsg-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.4%252Bdfsg-1%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/44791?format=json","purl":"pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-6%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/44789?format=json","purl":"pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-7%3Fdistro=bullseye"}],"aliases":["CVE-2017-10872"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n6nd-sakk-kbf2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/154698?format=json","vulnerability_id":"VCID-nemt-ka8m-43hv","summary":"h2o is an open source http server. In code prior to the `8c0eca3` commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. When h2o is used as a reverse proxy, an attacker can abuse this vulnerability to send internal state of h2o to backend servers controlled by the attacker or third party. Also, if there is an HTTP endpoint that reflects the traffic sent from the client, an attacker can use that reflector to obtain internal state of h2o. This internal state includes traffic of other connections in unencrypted form and TLS session tickets. This vulnerability exists in h2o server with HTTP/3 support, between commit 93af138 and d1f0f65. None of the released versions of h2o are affected by this vulnerability. There are no known workarounds. Users of unreleased versions of h2o using HTTP/3 are advised to upgrade immediately.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43848","reference_id":"","reference_type":"","scores":[{"value":"0.133","scoring_system":"epss","scoring_elements":"0.94326","published_at":"2026-06-11T12:55:00Z"},{"value":"0.133","scoring_system":"epss","scoring_elements":"0.9435","published_at":"2026-06-13T12:55:00Z"},{"value":"0.133","scoring_system":"epss","scoring_elements":"0.94345","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43848"},{"reference_url":"https://github.com/h2o/h2o/commit/8c0eca3","reference_id":"8c0eca3","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:27Z/"}],"url":"https://github.com/h2o/h2o/commit/8c0eca3"},{"reference_url":"https://github.com/h2o/h2o/security/advisories/GHSA-f9xw-j925-m4m4","reference_id":"GHSA-f9xw-j925-m4m4","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:27Z/"}],"url":"https://github.com/h2o/h2o/security/advisories/GHSA-f9xw-j925-m4m4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44790?format=json","purl":"pkg:deb/debian/h2o@0?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@0%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/44791?format=json","purl":"pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-6%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/44789?format=json","purl":"pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-7%3Fdistro=bullseye"}],"aliases":["CVE-2021-43848"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nemt-ka8m-43hv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7359?format=json","vulnerability_id":"VCID-nuj7-mvxq-jqdx","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9515.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9515.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9515","reference_id":"","reference_type":"","scores":[{"value":"0.08892","scoring_system":"epss","scoring_elements":"0.92748","published_at":"2026-06-11T12:55:00Z"},{"value":"0.08892","scoring_system":"epss","scoring_elements":"0.92773","published_at":"2026-06-12T12:55:00Z"},{"value":"0.08892","scoring_system":"epss","scoring_elements":"0.92777","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9515"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10079"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1735745","reference_id":"1735745","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1735745"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934886","reference_id":"934886","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934886"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934887","reference_id":"934887","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2766","reference_id":"RHSA-2019:2766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2796","reference_id":"RHSA-2019:2796","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2796"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2861","reference_id":"RHSA-2019:2861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2925","reference_id":"RHSA-2019:2925","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2925"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2939","reference_id":"RHSA-2019:2939","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2939"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2955","reference_id":"RHSA-2019:2955","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2955"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3892","reference_id":"RHSA-2019:3892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4018","reference_id":"RHSA-2019:4018","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4018"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4019","reference_id":"RHSA-2019:4019","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4019"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4020","reference_id":"RHSA-2019:4020","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4020"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4021","reference_id":"RHSA-2019:4021","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4021"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4040","reference_id":"RHSA-2019:4040","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4040"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4041","reference_id":"RHSA-2019:4041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4042","reference_id":"RHSA-2019:4042","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4042"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4045","reference_id":"RHSA-2019:4045","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4045"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0727","reference_id":"RHSA-2020:0727","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0727"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0922","reference_id":"RHSA-2020:0922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0983","reference_id":"RHSA-2020:0983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1445","reference_id":"RHSA-2020:1445","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1445"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2067","reference_id":"RHSA-2020:2067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2565","reference_id":"RHSA-2020:2565","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2565"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3196","reference_id":"RHSA-2020:3196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3197","reference_id":"RHSA-2020:3197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5856","reference_id":"RHSA-2024:5856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5856"},{"reference_url":"https://usn.ubuntu.com/USN-4866-1/","reference_id":"USN-USN-4866-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4866-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44795?format=json","purl":"pkg:deb/debian/h2o@2.2.5%2Bdfsg2-3?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-3%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/44791?format=json","purl":"pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-6%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/44789?format=json","purl":"pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-7%3Fdistro=bullseye"}],"aliases":["CVE-2019-9515"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nuj7-mvxq-jqdx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/215978?format=json","vulnerability_id":"VCID-sdvp-rxr7-ayh1","summary":"lib/http2/connection.c in H2O before 1.7.3 and 2.x before 2.0.0-beta5 mishandles HTTP/2 disconnection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted packet.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4817","reference_id":"","reference_type":"","scores":[{"value":"0.07964","scoring_system":"epss","scoring_elements":"0.92256","published_at":"2026-06-11T12:55:00Z"},{"value":"0.07964","scoring_system":"epss","scoring_elements":"0.92282","published_at":"2026-06-12T12:55:00Z"},{"value":"0.07964","scoring_system":"epss","scoring_elements":"0.92288","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4817"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44790?format=json","purl":"pkg:deb/debian/h2o@0?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@0%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/44791?format=json","purl":"pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-6%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/44789?format=json","purl":"pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-7%3Fdistro=bullseye"}],"aliases":["CVE-2016-4817"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sdvp-rxr7-ayh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/215972?format=json","vulnerability_id":"VCID-uwez-hfjt-67f5","summary":"Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x before 1.5.0-beta2, when the file.dir directive is enabled, allows remote attackers to read arbitrary files via a crafted URL.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5638","reference_id":"","reference_type":"","scores":[{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.4771","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47851","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47868","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5638"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44790?format=json","purl":"pkg:deb/debian/h2o@0?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@0%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/44791?format=json","purl":"pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-6%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/44789?format=json","purl":"pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-7%3Fdistro=bullseye"}],"aliases":["CVE-2015-5638"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uwez-hfjt-67f5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7358?format=json","vulnerability_id":"VCID-v5bk-5vtj-4ud9","summary":"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4352","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:4352"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9514.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9514.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9514","reference_id":"","reference_type":"","scores":[{"value":"0.09322","scoring_system":"epss","scoring_elements":"0.92938","published_at":"2026-06-11T12:55:00Z"},{"value":"0.09322","scoring_system":"epss","scoring_elements":"0.92961","published_at":"2026-06-12T12:55:00Z"},{"value":"0.09322","scoring_system":"epss","scoring_elements":"0.92963","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9514"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10079"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518"},{"reference_url":"http://seclists.org/fulldisclosure/2019/Aug/16","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2019/Aug/16"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"},{"reference_url":"https://go.dev/cl/190137","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.dev/cl/190137"},{"reference_url":"https://go.dev/issue/33606","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.dev/issue/33606"},{"reference_url":"https://go.googlesource.com/go/+/145e193131eb486077b66009beb051aba07c52a5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.googlesource.com/go/+/145e193131eb486077b66009beb051aba07c52a5"},{"reference_url":"https://groups.google.com/g/golang-announce/c/65QixT3tcmg/m/DrFiG6vvCwAJ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/golang-announce/c/65QixT3tcmg/m/DrFiG6vvCwAJ"},{"reference_url":"https://kb.cert.org/vuls/id/605641","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://kb.cert.org/vuls/id/605641"},{"reference_url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10296","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10296"},{"reference_url":"https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9514","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9514"},{"reference_url":"https://pkg.go.dev/vuln/GO-2022-0536","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2022-0536"},{"reference_url":"https://seclists.org/bugtraq/2019/Aug/24","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Aug/24"},{"reference_url":"https://seclists.org/bugtraq/2019/Aug/31","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Aug/31"},{"reference_url":"https://seclists.org/bugtraq/2019/Aug/43","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Aug/43"},{"reference_url":"https://seclists.org/bugtraq/2019/Sep/18","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Sep/18"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190823-0001","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190823-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190823-0004","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190823-0004"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190823-0005","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190823-0005"},{"reference_url":"https://support.f5.com/csp/article/K01988340","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.f5.com/csp/article/K01988340"},{"reference_url":"https://support.f5.com/csp/article/K01988340?utm_source=f5support&utm_medium=RSS","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.f5.com/csp/article/K01988340?utm_source=f5support&utm_medium=RSS"},{"reference_url":"https://usn.ubuntu.com/4308-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4308-1"},{"reference_url":"https://www.debian.org/security/2019/dsa-4503","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4503"},{"reference_url":"https://www.debian.org/security/2019/dsa-4508","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4508"},{"reference_url":"https://www.debian.org/security/2019/dsa-4520","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4520"},{"reference_url":"https://www.debian.org/security/2020/dsa-4669","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2020/dsa-4669"},{"reference_url":"https://www.synology.com/security/advisory/Synology_SA_19_33","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.synology.com/security/advisory/Synology_SA_19_33"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/08/20/1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2019/08/20/1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062667","reference_id":"1062667","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062667"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1735744","reference_id":"1735744","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1735744"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885","reference_id":"934885","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934886","reference_id":"934886","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934886"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934887","reference_id":"934887","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934887"},{"reference_url":"https://security.archlinux.org/ASA-201908-15","reference_id":"ASA-201908-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-15"},{"reference_url":"https://security.archlinux.org/AVG-1021","reference_id":"AVG-1021","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1021"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2594","reference_id":"RHSA-2019:2594","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2594"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2661","reference_id":"RHSA-2019:2661","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2682","reference_id":"RHSA-2019:2682","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2690","reference_id":"RHSA-2019:2690","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2690"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2726","reference_id":"RHSA-2019:2726","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2726"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2766","reference_id":"RHSA-2019:2766","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2769","reference_id":"RHSA-2019:2769","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2769"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2796","reference_id":"RHSA-2019:2796","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2796"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2817","reference_id":"RHSA-2019:2817","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2817"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2861","reference_id":"RHSA-2019:2861","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2925","reference_id":"RHSA-2019:2925","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2925"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2939","reference_id":"RHSA-2019:2939","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2939"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2955","reference_id":"RHSA-2019:2955","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2955"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2966","reference_id":"RHSA-2019:2966","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2966"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3131","reference_id":"RHSA-2019:3131","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3131"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3245","reference_id":"RHSA-2019:3245","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3245"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3265","reference_id":"RHSA-2019:3265","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3265"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3892","reference_id":"RHSA-2019:3892","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3906","reference_id":"RHSA-2019:3906","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3906"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4018","reference_id":"RHSA-2019:4018","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:4018"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4019","reference_id":"RHSA-2019:4019","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:4019"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4020","reference_id":"RHSA-2019:4020","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:4020"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4021","reference_id":"RHSA-2019:4021","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:4021"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4040","reference_id":"RHSA-2019:4040","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:4040"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4041","reference_id":"RHSA-2019:4041","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:4041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4042","reference_id":"RHSA-2019:4042","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:4042"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4045","reference_id":"RHSA-2019:4045","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:4045"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4269","reference_id":"RHSA-2019:4269","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:4269"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4273","reference_id":"RHSA-2019:4273","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:4273"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0406","reference_id":"RHSA-2020:0406","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0406"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0727","reference_id":"RHSA-2020:0727","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0727"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0922","reference_id":"RHSA-2020:0922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0983","reference_id":"RHSA-2020:0983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1445","reference_id":"RHSA-2020:1445","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1445"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2067","reference_id":"RHSA-2020:2067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2565","reference_id":"RHSA-2020:2565","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2565"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3196","reference_id":"RHSA-2020:3196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3197","reference_id":"RHSA-2020:3197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5856","reference_id":"RHSA-2024:5856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5856"},{"reference_url":"https://usn.ubuntu.com/USN-4866-1/","reference_id":"USN-USN-4866-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4866-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44795?format=json","purl":"pkg:deb/debian/h2o@2.2.5%2Bdfsg2-3?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-3%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/44791?format=json","purl":"pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-6%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/44789?format=json","purl":"pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-7%3Fdistro=bullseye"}],"aliases":["CVE-2019-9514","GHSA-39qc-96h7-956f"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v5bk-5vtj-4ud9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/215975?format=json","vulnerability_id":"VCID-wfv7-n31y-6fcs","summary":"CRLF injection vulnerability in the on_req function in lib/handler/redirect.c in H2O before 1.6.2 and 1.7.x before 1.7.0-beta3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1133","reference_id":"","reference_type":"","scores":[{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.60194","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.60301","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.60312","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1133"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44790?format=json","purl":"pkg:deb/debian/h2o@0?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@0%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/44791?format=json","purl":"pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-6%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/44789?format=json","purl":"pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-7%3Fdistro=bullseye"}],"aliases":["CVE-2016-1133"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wfv7-n31y-6fcs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/129895?format=json","vulnerability_id":"VCID-wr31-gc6r-u3g6","summary":"H2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the reverse proxy handler tries to processes a certain type of invalid HTTP request, it tries to build an upstream URL by reading from uninitialized pointer. This behavior can lead to crashes or leak of information to back end HTTP servers. Pull request  number 3229 fixes the issue. The pull request has been merged to the `master` branch in commit f010336. Users should upgrade to commit f010336 or later.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30847","reference_id":"","reference_type":"","scores":[{"value":"0.0056","scoring_system":"epss","scoring_elements":"0.6874","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0056","scoring_system":"epss","scoring_elements":"0.68845","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0056","scoring_system":"epss","scoring_elements":"0.68833","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30847"},{"reference_url":"https://github.com/h2o/h2o/pull/3229","reference_id":"3229","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-30T19:51:39Z/"}],"url":"https://github.com/h2o/h2o/pull/3229"},{"reference_url":"https://github.com/h2o/h2o/commit/f010336bab162839df43d9e87570897466c97e33","reference_id":"f010336bab162839df43d9e87570897466c97e33","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-30T19:51:39Z/"}],"url":"https://github.com/h2o/h2o/commit/f010336bab162839df43d9e87570897466c97e33"},{"reference_url":"https://github.com/h2o/h2o/security/advisories/GHSA-p5hj-phwj-hrvx","reference_id":"GHSA-p5hj-phwj-hrvx","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-30T19:51:39Z/"}],"url":"https://github.com/h2o/h2o/security/advisories/GHSA-p5hj-phwj-hrvx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44790?format=json","purl":"pkg:deb/debian/h2o@0?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@0%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/44791?format=json","purl":"pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-6%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/44789?format=json","purl":"pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-7%3Fdistro=bullseye"}],"aliases":["CVE-2023-30847"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wr31-gc6r-u3g6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7356?format=json","vulnerability_id":"VCID-zf9e-85bv-kkbz","summary":"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4352","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:4352"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9512.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9512.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9512","reference_id":"","reference_type":"","scores":[{"value":"0.50822","scoring_system":"epss","scoring_elements":"0.97929","published_at":"2026-06-13T12:55:00Z"},{"value":"0.50822","scoring_system":"epss","scoring_elements":"0.97928","published_at":"2026-06-12T12:55:00Z"},{"value":"0.50822","scoring_system":"epss","scoring_elements":"0.97921","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9512"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10079"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518"},{"reference_url":"http://seclists.org/fulldisclosure/2019/Aug/16","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2019/Aug/16"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"},{"reference_url":"https://go.dev/cl/190137","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.dev/cl/190137"},{"reference_url":"https://go.dev/issue/33606","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.dev/issue/33606"},{"reference_url":"https://go.googlesource.com/go/+/145e193131eb486077b66009beb051aba07c52a5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.googlesource.com/go/+/145e193131eb486077b66009beb051aba07c52a5"},{"reference_url":"https://groups.google.com/g/golang-announce/c/65QixT3tcmg/m/DrFiG6vvCwAJ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/golang-announce/c/65QixT3tcmg/m/DrFiG6vvCwAJ"},{"reference_url":"https://kb.cert.org/vuls/id/605641","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://kb.cert.org/vuls/id/605641"},{"reference_url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10296","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10296"},{"reference_url":"https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9512","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9512"},{"reference_url":"https://pkg.go.dev/vuln/GO-2022-0536","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2022-0536"},{"reference_url":"https://seclists.org/bugtraq/2019/Aug/24","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Aug/24"},{"reference_url":"https://seclists.org/bugtraq/2019/Aug/31","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Aug/31"},{"reference_url":"https://seclists.org/bugtraq/2019/Aug/43","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Aug/43"},{"reference_url":"https://seclists.org/bugtraq/2019/Sep/18","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Sep/18"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190823-0001","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190823-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190823-0004","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190823-0004"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190823-0005","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190823-0005"},{"reference_url":"https://support.f5.com/csp/article/K98053339","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.f5.com/csp/article/K98053339"},{"reference_url":"https://support.f5.com/csp/article/K98053339?utm_source=f5support&utm_medium=RSS","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.f5.com/csp/article/K98053339?utm_source=f5support&utm_medium=RSS"},{"reference_url":"https://usn.ubuntu.com/4308-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4308-1"},{"reference_url":"https://www.debian.org/security/2019/dsa-4503","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4503"},{"reference_url":"https://www.debian.org/security/2019/dsa-4508","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4508"},{"reference_url":"https://www.debian.org/security/2019/dsa-4520","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4520"},{"reference_url":"https://www.synology.com/security/advisory/Synology_SA_19_33","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.synology.com/security/advisory/Synology_SA_19_33"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/08/20/1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2019/08/20/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1735645","reference_id":"1735645","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1735645"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934886","reference_id":"934886","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934886"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934887","reference_id":"934887","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934887"},{"reference_url":"https://security.archlinux.org/ASA-201908-15","reference_id":"ASA-201908-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-15"},{"reference_url":"https://security.archlinux.org/AVG-1021","reference_id":"AVG-1021","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1021"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2594","reference_id":"RHSA-2019:2594","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2594"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2661","reference_id":"RHSA-2019:2661","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2682","reference_id":"RHSA-2019:2682","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2690","reference_id":"RHSA-2019:2690","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2690"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2726","reference_id":"RHSA-2019:2726","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2726"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2766","reference_id":"RHSA-2019:2766","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2769","reference_id":"RHSA-2019:2769","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2769"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2796","reference_id":"RHSA-2019:2796","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2796"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2817","reference_id":"RHSA-2019:2817","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2817"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2861","reference_id":"RHSA-2019:2861","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2925","reference_id":"RHSA-2019:2925","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2925"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2939","reference_id":"RHSA-2019:2939","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2939"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2955","reference_id":"RHSA-2019:2955","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2955"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2966","reference_id":"RHSA-2019:2966","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2966"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3131","reference_id":"RHSA-2019:3131","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3131"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3245","reference_id":"RHSA-2019:3245","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3245"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3265","reference_id":"RHSA-2019:3265","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3265"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3892","reference_id":"RHSA-2019:3892","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3906","reference_id":"RHSA-2019:3906","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3906"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4018","reference_id":"RHSA-2019:4018","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:4018"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4019","reference_id":"RHSA-2019:4019","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:4019"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4020","reference_id":"RHSA-2019:4020","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:4020"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4021","reference_id":"RHSA-2019:4021","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:4021"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4040","reference_id":"RHSA-2019:4040","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:4040"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4041","reference_id":"RHSA-2019:4041","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:4041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4042","reference_id":"RHSA-2019:4042","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:4042"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4045","reference_id":"RHSA-2019:4045","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:4045"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4269","reference_id":"RHSA-2019:4269","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:4269"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4273","reference_id":"RHSA-2019:4273","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:4273"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0406","reference_id":"RHSA-2020:0406","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0406"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0727","reference_id":"RHSA-2020:0727","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0727"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0922","reference_id":"RHSA-2020:0922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0983","reference_id":"RHSA-2020:0983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1445","reference_id":"RHSA-2020:1445","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1445"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2067","reference_id":"RHSA-2020:2067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2565","reference_id":"RHSA-2020:2565","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2565"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3196","reference_id":"RHSA-2020:3196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3197","reference_id":"RHSA-2020:3197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5856","reference_id":"RHSA-2024:5856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5856"},{"reference_url":"https://usn.ubuntu.com/USN-4866-1/","reference_id":"USN-USN-4866-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4866-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44795?format=json","purl":"pkg:deb/debian/h2o@2.2.5%2Bdfsg2-3?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-3%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/44791?format=json","purl":"pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-6%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/44789?format=json","purl":"pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-7%3Fdistro=bullseye"}],"aliases":["CVE-2019-9512","GHSA-hgr8-6h9x-f7q9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zf9e-85bv-kkbz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/216009?format=json","vulnerability_id":"VCID-zp1q-6d7v-7ubb","summary":"h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack (quicly), as used by H2O up to commit 43f86e5 (in version 2.3.0-beta and prior), is susceptible to a state exhaustion attack. When H2O is serving HTTP/3, a remote attacker can exploit this vulnerability to progressively increase the memory retained by the QUIC stack. This can eventually cause H2O to abort due to memory exhaustion. The vulnerability has been resolved in commit d67e81d03be12a9d53dc8271af6530f40164cd35. HTTP/1 and HTTP/2 are not affected by this vulnerability as they do not use QUIC. Administrators looking to mitigate this issue without upgrading can disable HTTP/3 support.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50247","reference_id":"","reference_type":"","scores":[{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.688","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68894","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68907","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50247"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44790?format=json","purl":"pkg:deb/debian/h2o@0?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@0%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/44791?format=json","purl":"pkg:deb/debian/h2o@2.2.5%2Bdfsg2-6?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-6%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/44789?format=json","purl":"pkg:deb/debian/h2o@2.2.5%2Bdfsg2-7?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-7%3Fdistro=bullseye"}],"aliases":["CVE-2023-50247"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zp1q-6d7v-7ubb"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/h2o@2.2.5%252Bdfsg2-7%3Fdistro=bullseye"}