{"url":"http://public2.vulnerablecode.io/api/packages/4602?format=json","purl":"pkg:deb/debian/libxml-libxml-perl@1.58-0.3","type":"deb","namespace":"debian","name":"libxml-libxml-perl","version":"1.58-0.3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.0134+dfsg-1","latest_non_vulnerable_version":"2.0207+dfsg+really+2.0134-8","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77955?format=json","vulnerability_id":"VCID-5nmu-rws2-p7fg","summary":"The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3451.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3451.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3451","reference_id":"","reference_type":"","scores":[{"value":"0.03365","scoring_system":"epss","scoring_elements":"0.87573","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03365","scoring_system":"epss","scoring_elements":"0.87594","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03365","scoring_system":"epss","scoring_elements":"0.87592","published_at":"2026-06-08T12:55:00Z"},{"value":"0.03365","scoring_system":"epss","scoring_elements":"0.87603","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3451"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3451","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3451"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1216112","reference_id":"1216112","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1216112"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783443","reference_id":"783443","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783443"},{"reference_url":"https://usn.ubuntu.com/2592-1/","reference_id":"USN-2592-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2592-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4607?format=json","purl":"pkg:deb/debian/libxml-libxml-perl@2.0001%2Bdfsg-1%2Bdeb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nmu-rws2-p7fg"},{"vulnerability":"VCID-brs8-trgj-jbc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml-libxml-perl@2.0001%252Bdfsg-1%252Bdeb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4609?format=json","purl":"pkg:deb/debian/libxml-libxml-perl@2.0116%2Bdfsg-1%2Bdeb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nmu-rws2-p7fg"},{"vulnerability":"VCID-brs8-trgj-jbc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml-libxml-perl@2.0116%252Bdfsg-1%252Bdeb8u2"},{"url":"http://public2.vulnerablecode.io/api/packages/5111?format=json","purl":"pkg:deb/debian/libxml-libxml-perl@2.0128%2Bdfsg-1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-brs8-trgj-jbc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml-libxml-perl@2.0128%252Bdfsg-1%252Bdeb9u1"}],"aliases":["CVE-2015-3451"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5nmu-rws2-p7fg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6399?format=json","vulnerability_id":"VCID-brs8-trgj-jbc5","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-10672.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-10672.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10672","reference_id":"","reference_type":"","scores":[{"value":"0.10052","scoring_system":"epss","scoring_elements":"0.93217","published_at":"2026-06-07T12:55:00Z"},{"value":"0.10052","scoring_system":"epss","scoring_elements":"0.93209","published_at":"2026-06-04T12:55:00Z"},{"value":"0.10052","scoring_system":"epss","scoring_elements":"0.93216","published_at":"2026-06-08T12:55:00Z"},{"value":"0.10052","scoring_system":"epss","scoring_elements":"0.93223","published_at":"2026-06-09T12:55:00Z"},{"value":"0.10052","scoring_system":"epss","scoring_elements":"0.9322","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10672"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10672","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10672"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P"},{"value":"7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1470204","reference_id":"1470204","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1470204"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866676","reference_id":"866676","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866676"},{"reference_url":"https://security.archlinux.org/ASA-201801-15","reference_id":"ASA-201801-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201801-15"},{"reference_url":"https://security.archlinux.org/AVG-501","reference_id":"AVG-501","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-501"},{"reference_url":"https://usn.ubuntu.com/3494-1/","reference_id":"USN-3494-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3494-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4609?format=json","purl":"pkg:deb/debian/libxml-libxml-perl@2.0116%2Bdfsg-1%2Bdeb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nmu-rws2-p7fg"},{"vulnerability":"VCID-brs8-trgj-jbc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml-libxml-perl@2.0116%252Bdfsg-1%252Bdeb8u2"},{"url":"http://public2.vulnerablecode.io/api/packages/5111?format=json","purl":"pkg:deb/debian/libxml-libxml-perl@2.0128%2Bdfsg-1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-brs8-trgj-jbc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml-libxml-perl@2.0128%252Bdfsg-1%252Bdeb9u1"},{"url":"http://public2.vulnerablecode.io/api/packages/6453?format=json","purl":"pkg:deb/debian/libxml-libxml-perl@2.0134%2Bdfsg-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml-libxml-perl@2.0134%252Bdfsg-1"}],"aliases":["CVE-2017-10672"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-brs8-trgj-jbc5"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml-libxml-perl@1.58-0.3"}