{"url":"http://public2.vulnerablecode.io/api/packages/45801?format=json","purl":"pkg:deb/debian/icedtea-web@1.3.2-1?distro=trixie","type":"deb","namespace":"debian","name":"icedtea-web","version":"1.3.2-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.4.2-1","latest_non_vulnerable_version":"1.8.8-4","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202763?format=json","vulnerability_id":"VCID-mcsc-aaue-fqd1","summary":"The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1926.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1926.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1926","reference_id":"","reference_type":"","scores":[{"value":"0.00883","scoring_system":"epss","scoring_elements":"0.75849","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1926"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1926","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1926"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=916774","reference_id":"916774","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=916774"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0753","reference_id":"RHSA-2013:0753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0753"},{"reference_url":"https://usn.ubuntu.com/1804-1/","reference_id":"USN-1804-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1804-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45801?format=json","purl":"pkg:deb/debian/icedtea-web@1.3.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedtea-web@1.3.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45793?format=json","purl":"pkg:deb/debian/icedtea-web@1.8.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedtea-web@1.8.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45791?format=json","purl":"pkg:deb/debian/icedtea-web@1.8.8-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedtea-web@1.8.8-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45795?format=json","purl":"pkg:deb/debian/icedtea-web@1.8.8-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedtea-web@1.8.8-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45794?format=json","purl":"pkg:deb/debian/icedtea-web@1.8.8-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedtea-web@1.8.8-4%3Fdistro=trixie"}],"aliases":["CVE-2013-1926"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mcsc-aaue-fqd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202765?format=json","vulnerability_id":"VCID-x5cx-uqwe-4bbk","summary":"The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka \"GIFAR.\"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1927.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1927.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1927","reference_id":"","reference_type":"","scores":[{"value":"0.0249","scoring_system":"epss","scoring_elements":"0.85636","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1927"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=884705","reference_id":"884705","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=884705"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0753","reference_id":"RHSA-2013:0753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0753"},{"reference_url":"https://usn.ubuntu.com/1804-1/","reference_id":"USN-1804-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1804-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45801?format=json","purl":"pkg:deb/debian/icedtea-web@1.3.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedtea-web@1.3.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45793?format=json","purl":"pkg:deb/debian/icedtea-web@1.8.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedtea-web@1.8.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45791?format=json","purl":"pkg:deb/debian/icedtea-web@1.8.8-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedtea-web@1.8.8-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45795?format=json","purl":"pkg:deb/debian/icedtea-web@1.8.8-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedtea-web@1.8.8-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/45794?format=json","purl":"pkg:deb/debian/icedtea-web@1.8.8-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedtea-web@1.8.8-4%3Fdistro=trixie"}],"aliases":["CVE-2013-1927"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x5cx-uqwe-4bbk"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedtea-web@1.3.2-1%3Fdistro=trixie"}