{"url":"http://public2.vulnerablecode.io/api/packages/516276?format=json","purl":"pkg:deb/debian/apt@1.8.2.3","type":"deb","namespace":"debian","name":"apt","version":"1.8.2.3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.2.4","latest_non_vulnerable_version":"2.2.4","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58739?format=json","vulnerability_id":"VCID-472j-1te4-hqgz","summary":"APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27350","reference_id":"","reference_type":"","scores":[{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.3603","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36124","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36133","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36093","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36051","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36064","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27350"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27350","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27350"},{"reference_url":"https://usn.ubuntu.com/4667-1/","reference_id":"USN-4667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4667-1/"},{"reference_url":"https://usn.ubuntu.com/4667-2/","reference_id":"USN-4667-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4667-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/575051?format=json","purl":"pkg:deb/debian/apt@2.2.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.2.4"}],"aliases":["CVE-2020-27350"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-472j-1te4-hqgz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58740?format=json","vulnerability_id":"VCID-pzq3-g4e4-x3du","summary":"Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-3810","reference_id":"","reference_type":"","scores":[{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60772","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60821","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60828","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60816","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60799","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60814","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-3810"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3810","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3810"},{"reference_url":"https://usn.ubuntu.com/4359-1/","reference_id":"USN-4359-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4359-1/"},{"reference_url":"https://usn.ubuntu.com/4359-2/","reference_id":"USN-4359-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4359-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/575051?format=json","purl":"pkg:deb/debian/apt@2.2.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.2.4"}],"aliases":["CVE-2020-3810"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pzq3-g4e4-x3du"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58739?format=json","vulnerability_id":"VCID-472j-1te4-hqgz","summary":"APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27350","reference_id":"","reference_type":"","scores":[{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.3603","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36124","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36133","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36093","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36051","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36064","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27350"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27350","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27350"},{"reference_url":"https://usn.ubuntu.com/4667-1/","reference_id":"USN-4667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4667-1/"},{"reference_url":"https://usn.ubuntu.com/4667-2/","reference_id":"USN-4667-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4667-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516276?format=json","purl":"pkg:deb/debian/apt@1.8.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-472j-1te4-hqgz"},{"vulnerability":"VCID-pzq3-g4e4-x3du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@1.8.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/575051?format=json","purl":"pkg:deb/debian/apt@2.2.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.2.4"}],"aliases":["CVE-2020-27350"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-472j-1te4-hqgz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58737?format=json","vulnerability_id":"VCID-gbmx-b4zw-dqdw","summary":"The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0501","reference_id":"","reference_type":"","scores":[{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32298","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.3237","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.3234","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32302","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32272","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32295","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0501"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0501","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0501"},{"reference_url":"https://usn.ubuntu.com/3746-1/","reference_id":"USN-3746-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3746-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516276?format=json","purl":"pkg:deb/debian/apt@1.8.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-472j-1te4-hqgz"},{"vulnerability":"VCID-pzq3-g4e4-x3du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@1.8.2.3"}],"aliases":["CVE-2018-0501"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gbmx-b4zw-dqdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58740?format=json","vulnerability_id":"VCID-pzq3-g4e4-x3du","summary":"Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-3810","reference_id":"","reference_type":"","scores":[{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60772","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60821","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60828","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60816","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60799","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60814","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-3810"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3810","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3810"},{"reference_url":"https://usn.ubuntu.com/4359-1/","reference_id":"USN-4359-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4359-1/"},{"reference_url":"https://usn.ubuntu.com/4359-2/","reference_id":"USN-4359-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4359-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/515712?format=json","purl":"pkg:deb/debian/apt@1.4.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-472j-1te4-hqgz"},{"vulnerability":"VCID-gbmx-b4zw-dqdw"},{"vulnerability":"VCID-pzq3-g4e4-x3du"},{"vulnerability":"VCID-zrna-pseg-nfcq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@1.4.10"},{"url":"http://public2.vulnerablecode.io/api/packages/516276?format=json","purl":"pkg:deb/debian/apt@1.8.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-472j-1te4-hqgz"},{"vulnerability":"VCID-pzq3-g4e4-x3du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@1.8.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/575051?format=json","purl":"pkg:deb/debian/apt@2.2.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@2.2.4"}],"aliases":["CVE-2020-3810"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pzq3-g4e4-x3du"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58738?format=json","vulnerability_id":"VCID-zrna-pseg-nfcq","summary":"Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3462","reference_id":"","reference_type":"","scores":[{"value":"0.12679","scoring_system":"epss","scoring_elements":"0.94113","published_at":"2026-06-04T12:55:00Z"},{"value":"0.12679","scoring_system":"epss","scoring_elements":"0.94121","published_at":"2026-06-05T12:55:00Z"},{"value":"0.12679","scoring_system":"epss","scoring_elements":"0.9412","published_at":"2026-06-06T12:55:00Z"},{"value":"0.12679","scoring_system":"epss","scoring_elements":"0.94122","published_at":"2026-06-07T12:55:00Z"},{"value":"0.21851","scoring_system":"epss","scoring_elements":"0.9587","published_at":"2026-06-08T12:55:00Z"},{"value":"0.21851","scoring_system":"epss","scoring_elements":"0.95875","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3462"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3462","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3462"},{"reference_url":"https://usn.ubuntu.com/3863-1/","reference_id":"USN-3863-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3863-1/"},{"reference_url":"https://usn.ubuntu.com/3863-2/","reference_id":"USN-3863-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3863-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/515712?format=json","purl":"pkg:deb/debian/apt@1.4.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-472j-1te4-hqgz"},{"vulnerability":"VCID-gbmx-b4zw-dqdw"},{"vulnerability":"VCID-pzq3-g4e4-x3du"},{"vulnerability":"VCID-zrna-pseg-nfcq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@1.4.10"},{"url":"http://public2.vulnerablecode.io/api/packages/516276?format=json","purl":"pkg:deb/debian/apt@1.8.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-472j-1te4-hqgz"},{"vulnerability":"VCID-pzq3-g4e4-x3du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@1.8.2.3"}],"aliases":["CVE-2019-3462"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zrna-pseg-nfcq"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apt@1.8.2.3"}