{"url":"http://public2.vulnerablecode.io/api/packages/582522?format=json","purl":"pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u3","type":"deb","namespace":"debian","name":"erlang","version":"1:25.2.3+dfsg-1+deb12u3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1:25.2.3+dfsg-1+deb12u4","latest_non_vulnerable_version":"1:27.3.4.11+dfsg-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68017?format=json","vulnerability_id":"VCID-1283-nvxm-r7cw","summary":"erlang: Erlang Excessive Use of System Resources","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48038.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48038.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48038","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31553","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31511","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35077","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35472","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.3542","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35184","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35162","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35082","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.3496","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35032","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35062","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.34967","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.34993","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35061","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36443","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.364","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36463","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36422","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36451","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36471","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36479","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48038","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48038"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/erlang/otp/pull/10156","reference_id":"10156","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:56Z/"}],"url":"https://github.com/erlang/otp/pull/10156"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115093","reference_id":"1115093","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115093"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2394522","reference_id":"2394522","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2394522"},{"reference_url":"https://github.com/erlang/otp/commit/4e3bf86777ab3db7220c11d8ddabf15970ddd10a","reference_id":"4e3bf86777ab3db7220c11d8ddabf15970ddd10a","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:56Z/"}],"url":"https://github.com/erlang/otp/commit/4e3bf86777ab3db7220c11d8ddabf15970ddd10a"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"},{"reference_url":"https://cna.erlef.org/cves/CVE-2025-48038.html","reference_id":"CVE-2025-48038.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:56Z/"}],"url":"https://cna.erlef.org/cves/CVE-2025-48038.html"},{"reference_url":"https://osv.dev/vulnerability/EEF-CVE-2025-48038","reference_id":"EEF-CVE-2025-48038","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:56Z/"}],"url":"https://osv.dev/vulnerability/EEF-CVE-2025-48038"},{"reference_url":"https://github.com/erlang/otp/commit/f09e0201ff701993dc24a08f15e524daf72db42f","reference_id":"f09e0201ff701993dc24a08f15e524daf72db42f","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:56Z/"}],"url":"https://github.com/erlang/otp/commit/f09e0201ff701993dc24a08f15e524daf72db42f"},{"reference_url":"https://github.com/erlang/otp/security/advisories/GHSA-pvj7-9652-7h9r","reference_id":"GHSA-pvj7-9652-7h9r","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:56Z/"}],"url":"https://github.com/erlang/otp/security/advisories/GHSA-pvj7-9652-7h9r"},{"reference_url":"https://usn.ubuntu.com/7831-1/","reference_id":"USN-7831-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7831-1/"},{"reference_url":"https://www.erlang.org/doc/system/versions.html#order-of-versions","reference_id":"versions.html#order-of-versions","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:56Z/"}],"url":"https://www.erlang.org/doc/system/versions.html#order-of-versions"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089394?format=json","purl":"pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4"},{"url":"http://public2.vulnerablecode.io/api/packages/582523?format=json","purl":"pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c47m-8h7d-afaz"},{"vulnerability":"VCID-gcn7-ak4r-eba3"},{"vulnerability":"VCID-h1k4-x8vr-5bch"},{"vulnerability":"VCID-j7t3-nrjj-pfgp"},{"vulnerability":"VCID-s9qn-9qdm-j7ej"},{"vulnerability":"VCID-w9yj-xg82-kyac"},{"vulnerability":"VCID-wwcj-hwqc-f3g7"},{"vulnerability":"VCID-zegc-rj1x-ryau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u1"}],"aliases":["CVE-2025-48038"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1283-nvxm-r7cw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68015?format=json","vulnerability_id":"VCID-28fj-t5hy-x3gn","summary":"erlang: Erlang Excessive Resource Consumption","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48040.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48040.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48040","reference_id":"","reference_type":"","scores":[{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31723","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31679","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35261","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35658","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35607","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35369","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35348","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35267","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35149","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35219","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35247","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35153","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35176","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35245","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36607","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36564","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36629","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36583","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36615","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36634","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36641","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48040"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/erlang/otp/pull/10162","reference_id":"10162","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:33Z/"}],"url":"https://github.com/erlang/otp/pull/10162"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115091","reference_id":"1115091","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115091"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2394521","reference_id":"2394521","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2394521"},{"reference_url":"https://github.com/erlang/otp/commit/548f1295d86d0803da884db8685cc16d461d0d5a","reference_id":"548f1295d86d0803da884db8685cc16d461d0d5a","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:33Z/"}],"url":"https://github.com/erlang/otp/commit/548f1295d86d0803da884db8685cc16d461d0d5a"},{"reference_url":"https://github.com/erlang/otp/commit/7cd7abb7e19e16b027eaee6a54e1f6fbbe21181a","reference_id":"7cd7abb7e19e16b027eaee6a54e1f6fbbe21181a","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:33Z/"}],"url":"https://github.com/erlang/otp/commit/7cd7abb7e19e16b027eaee6a54e1f6fbbe21181a"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"},{"reference_url":"https://cna.erlef.org/cves/CVE-2025-48040.html","reference_id":"CVE-2025-48040.html","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:33Z/"}],"url":"https://cna.erlef.org/cves/CVE-2025-48040.html"},{"reference_url":"https://osv.dev/vulnerability/EEF-CVE-2025-48040","reference_id":"EEF-CVE-2025-48040","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:33Z/"}],"url":"https://osv.dev/vulnerability/EEF-CVE-2025-48040"},{"reference_url":"https://github.com/erlang/otp/security/advisories/GHSA-h7rg-6rjg-4cph","reference_id":"GHSA-h7rg-6rjg-4cph","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:33Z/"}],"url":"https://github.com/erlang/otp/security/advisories/GHSA-h7rg-6rjg-4cph"},{"reference_url":"https://usn.ubuntu.com/7831-1/","reference_id":"USN-7831-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7831-1/"},{"reference_url":"https://www.erlang.org/doc/system/versions.html#order-of-versions","reference_id":"versions.html#order-of-versions","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:33Z/"}],"url":"https://www.erlang.org/doc/system/versions.html#order-of-versions"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089394?format=json","purl":"pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4"},{"url":"http://public2.vulnerablecode.io/api/packages/582523?format=json","purl":"pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c47m-8h7d-afaz"},{"vulnerability":"VCID-gcn7-ak4r-eba3"},{"vulnerability":"VCID-h1k4-x8vr-5bch"},{"vulnerability":"VCID-j7t3-nrjj-pfgp"},{"vulnerability":"VCID-s9qn-9qdm-j7ej"},{"vulnerability":"VCID-w9yj-xg82-kyac"},{"vulnerability":"VCID-wwcj-hwqc-f3g7"},{"vulnerability":"VCID-zegc-rj1x-ryau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u1"}],"aliases":["CVE-2025-48040"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-28fj-t5hy-x3gn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68016?format=json","vulnerability_id":"VCID-c3vm-u9jn-83cs","summary":"erlang: Erlang Excessive Use of System Resources","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48039.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48039.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48039","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31553","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31511","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35077","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35472","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.3542","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35184","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35162","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35082","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.3496","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35032","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35062","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.34967","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.34993","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35061","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36443","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.364","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36463","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36422","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36451","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36471","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36479","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48039"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/erlang/otp/commit/043ee3c943e2977c1acdd740ad13992fd60b6bf0","reference_id":"043ee3c943e2977c1acdd740ad13992fd60b6bf0","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:44Z/"}],"url":"https://github.com/erlang/otp/commit/043ee3c943e2977c1acdd740ad13992fd60b6bf0"},{"reference_url":"https://github.com/erlang/otp/pull/10155","reference_id":"10155","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:44Z/"}],"url":"https://github.com/erlang/otp/pull/10155"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115092","reference_id":"1115092","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115092"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2394523","reference_id":"2394523","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2394523"},{"reference_url":"https://github.com/erlang/otp/commit/c242e6458967e9514bea351814151695807a54ac","reference_id":"c242e6458967e9514bea351814151695807a54ac","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:44Z/"}],"url":"https://github.com/erlang/otp/commit/c242e6458967e9514bea351814151695807a54ac"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"},{"reference_url":"https://cna.erlef.org/cves/CVE-2025-48039.html","reference_id":"CVE-2025-48039.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:44Z/"}],"url":"https://cna.erlef.org/cves/CVE-2025-48039.html"},{"reference_url":"https://osv.dev/vulnerability/EEF-CVE-2025-48039","reference_id":"EEF-CVE-2025-48039","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:44Z/"}],"url":"https://osv.dev/vulnerability/EEF-CVE-2025-48039"},{"reference_url":"https://github.com/erlang/otp/security/advisories/GHSA-rr5p-6856-j7h8","reference_id":"GHSA-rr5p-6856-j7h8","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:44Z/"}],"url":"https://github.com/erlang/otp/security/advisories/GHSA-rr5p-6856-j7h8"},{"reference_url":"https://usn.ubuntu.com/7831-1/","reference_id":"USN-7831-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7831-1/"},{"reference_url":"https://www.erlang.org/doc/system/versions.html#order-of-versions","reference_id":"versions.html#order-of-versions","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:44Z/"}],"url":"https://www.erlang.org/doc/system/versions.html#order-of-versions"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089394?format=json","purl":"pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4"},{"url":"http://public2.vulnerablecode.io/api/packages/582523?format=json","purl":"pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c47m-8h7d-afaz"},{"vulnerability":"VCID-gcn7-ak4r-eba3"},{"vulnerability":"VCID-h1k4-x8vr-5bch"},{"vulnerability":"VCID-j7t3-nrjj-pfgp"},{"vulnerability":"VCID-s9qn-9qdm-j7ej"},{"vulnerability":"VCID-w9yj-xg82-kyac"},{"vulnerability":"VCID-wwcj-hwqc-f3g7"},{"vulnerability":"VCID-zegc-rj1x-ryau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u1"}],"aliases":["CVE-2025-48039"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c3vm-u9jn-83cs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353335?format=json","vulnerability_id":"VCID-c47m-8h7d-afaz","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32147","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04012","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03999","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04017","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05118","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05024","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05117","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05119","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05113","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05065","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05016","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32147"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32147","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32147"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/erlang/otp/commit/28c5d5a6c5f873dc701b597276271763e7d1c004","reference_id":"28c5d5a6c5f873dc701b597276271763e7d1c004","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:11:06Z/"}],"url":"https://github.com/erlang/otp/commit/28c5d5a6c5f873dc701b597276271763e7d1c004"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"},{"reference_url":"https://cna.erlef.org/cves/CVE-2026-32147.html","reference_id":"CVE-2026-32147.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:11:06Z/"}],"url":"https://cna.erlef.org/cves/CVE-2026-32147.html"},{"reference_url":"https://osv.dev/vulnerability/EEF-CVE-2026-32147","reference_id":"EEF-CVE-2026-32147","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:11:06Z/"}],"url":"https://osv.dev/vulnerability/EEF-CVE-2026-32147"},{"reference_url":"https://github.com/erlang/otp/security/advisories/GHSA-28jg-mw9x-hpm5","reference_id":"GHSA-28jg-mw9x-hpm5","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:11:06Z/"}],"url":"https://github.com/erlang/otp/security/advisories/GHSA-28jg-mw9x-hpm5"},{"reference_url":"https://www.erlang.org/doc/system/versions.html#order-of-versions","reference_id":"versions.html#order-of-versions","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:11:06Z/"}],"url":"https://www.erlang.org/doc/system/versions.html#order-of-versions"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089394?format=json","purl":"pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1089441?format=json","purl":"pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1076516?format=json","purl":"pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-1"}],"aliases":["CVE-2026-32147"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c47m-8h7d-afaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/350402?format=json","vulnerability_id":"VCID-gcn7-ak4r-eba3","summary":"Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unauthenticated access to CGI scripts protected by directory rules when served via script_alias.\n\nWhen script_alias maps a URL prefix to a directory outside DocumentRoot, mod_auth evaluates directory-based access controls against the DocumentRoot-relative path while mod_cgi executes the script at the ScriptAlias-resolved path. This path mismatch allows unauthenticated access to CGI scripts that directory rules were meant to protect.\n\nThis vulnerability is associated with program files lib/inets/src/http_server/mod_alias.erl, lib/inets/src/http_server/mod_auth.erl, and lib/inets/src/http_server/mod_cgi.erl.\n\nThis issue affects OTP from OTP 17.0 until OTP 28.4.2, 27.3.4.10 and 26.2.5.19 corresponding to inets from 5.10 until 9.6.2, 9.3.2.4 and 9.1.0.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28808.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28808.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-28808","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05678","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09602","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09687","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09729","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09763","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09767","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10921","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10869","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10825","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10842","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10919","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15189","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15168","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.1522","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15151","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20002","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19983","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19986","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-28808"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28808","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28808"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455909","reference_id":"2455909","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455909"},{"reference_url":"https://github.com/erlang/otp/commit/8fc71ac6af4fbcc54103bec2983ef22e82942688","reference_id":"8fc71ac6af4fbcc54103bec2983ef22e82942688","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T13:14:10Z/"}],"url":"https://github.com/erlang/otp/commit/8fc71ac6af4fbcc54103bec2983ef22e82942688"},{"reference_url":"https://github.com/erlang/otp/commit/9dfa0c51eac97866078e808dec2183cb7871ff7c","reference_id":"9dfa0c51eac97866078e808dec2183cb7871ff7c","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T13:14:10Z/"}],"url":"https://github.com/erlang/otp/commit/9dfa0c51eac97866078e808dec2183cb7871ff7c"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"},{"reference_url":"https://cna.erlef.org/cves/CVE-2026-28808.html","reference_id":"CVE-2026-28808.html","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T13:14:10Z/"}],"url":"https://cna.erlef.org/cves/CVE-2026-28808.html"},{"reference_url":"https://osv.dev/vulnerability/EEF-CVE-2026-28808","reference_id":"EEF-CVE-2026-28808","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T13:14:10Z/"}],"url":"https://osv.dev/vulnerability/EEF-CVE-2026-28808"},{"reference_url":"https://github.com/erlang/otp/security/advisories/GHSA-3vhp-h532-mc3f","reference_id":"GHSA-3vhp-h532-mc3f","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T13:14:10Z/"}],"url":"https://github.com/erlang/otp/security/advisories/GHSA-3vhp-h532-mc3f"},{"reference_url":"https://www.erlang.org/doc/system/versions.html#order-of-versions","reference_id":"versions.html#order-of-versions","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T13:14:10Z/"}],"url":"https://www.erlang.org/doc/system/versions.html#order-of-versions"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089394?format=json","purl":"pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1089441?format=json","purl":"pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1059948?format=json","purl":"pkg:deb/debian/erlang@1:27.3.4.10%2Bdfsg-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c47m-8h7d-afaz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.10%252Bdfsg-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1076516?format=json","purl":"pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-1"}],"aliases":["CVE-2026-28808"],"risk_score":3.8,"exploitability":"0.5","weighted_severity":"7.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gcn7-ak4r-eba3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97019?format=json","vulnerability_id":"VCID-h1k4-x8vr-5bch","summary":"Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of Service via Resource Depletion.  The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication without any size limit, enabling reliable memory exhaustion DoS.  Two compression algorithms are affected:  * zlib: Activates immediately after key exchange, enabling unauthenticated attacks * zlib@openssh.com: Activates post-authentication, enabling authenticated attacks  Each SSH packet can decompress ~255 MB from 256 KB of wire data (1029:1 amplification ratio). Multiple packets can rapidly exhaust available memory, causing OOM kills in memory-constrained environments.  This vulnerability is associated with program files lib/ssh/src/ssh_transport.erl and program routines ssh_transport:decompress/2, ssh_transport:handle_packet_part/4.  This issue affects OTP from OTP 17.0 until OTP 28.4.1, 27.3.4.9 and 26.2.5.18 corresponding to ssh from 3.0.1 until 5.5.1, 5.2.11.6 and 5.1.4.14.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23943","reference_id":"","reference_type":"","scores":[{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16609","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16546","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22048","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22029","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.21948","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.21925","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.21955","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.21878","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.21805","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.21896","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.21908","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.2192","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31181","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31128","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31212","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31217","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31173","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31129","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32746","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32717","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.3277","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23943"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23943","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23943"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/erlang/otp/commit/0c1c04b191f6ab940e8fcfabce39eb5a8a6440a4","reference_id":"0c1c04b191f6ab940e8fcfabce39eb5a8a6440a4","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:01:40Z/"}],"url":"https://github.com/erlang/otp/commit/0c1c04b191f6ab940e8fcfabce39eb5a8a6440a4"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130912","reference_id":"1130912","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130912"},{"reference_url":"https://github.com/erlang/otp/commit/43a87b949bdff12d629a8c34146711d9da93b1b1","reference_id":"43a87b949bdff12d629a8c34146711d9da93b1b1","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:01:40Z/"}],"url":"https://github.com/erlang/otp/commit/43a87b949bdff12d629a8c34146711d9da93b1b1"},{"reference_url":"https://github.com/erlang/otp/commit/93073c3bd338c60cd2bae715ce6a1d4ffc1a8fd3","reference_id":"93073c3bd338c60cd2bae715ce6a1d4ffc1a8fd3","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:01:40Z/"}],"url":"https://github.com/erlang/otp/commit/93073c3bd338c60cd2bae715ce6a1d4ffc1a8fd3"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"},{"reference_url":"https://cna.erlef.org/cves/CVE-2026-23943.html","reference_id":"CVE-2026-23943.html","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:01:40Z/"}],"url":"https://cna.erlef.org/cves/CVE-2026-23943.html"},{"reference_url":"https://osv.dev/vulnerability/EEF-CVE-2026-23943","reference_id":"EEF-CVE-2026-23943","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:01:40Z/"}],"url":"https://osv.dev/vulnerability/EEF-CVE-2026-23943"},{"reference_url":"https://github.com/erlang/otp/security/advisories/GHSA-c836-qprm-jw9r","reference_id":"GHSA-c836-qprm-jw9r","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:01:40Z/"}],"url":"https://github.com/erlang/otp/security/advisories/GHSA-c836-qprm-jw9r"},{"reference_url":"https://www.erlang.org/doc/system/versions.html#order-of-versions","reference_id":"versions.html#order-of-versions","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:01:40Z/"}],"url":"https://www.erlang.org/doc/system/versions.html#order-of-versions"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089394?format=json","purl":"pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1089441?format=json","purl":"pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2"},{"url":"http://public2.vulnerablecode.io/api/packages/584098?format=json","purl":"pkg:deb/debian/erlang@1:27.3.4.9%2Bdfsg-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gcn7-ak4r-eba3"},{"vulnerability":"VCID-j7t3-nrjj-pfgp"},{"vulnerability":"VCID-zegc-rj1x-ryau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.9%252Bdfsg-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1059948?format=json","purl":"pkg:deb/debian/erlang@1:27.3.4.10%2Bdfsg-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c47m-8h7d-afaz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.10%252Bdfsg-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1076516?format=json","purl":"pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-1"}],"aliases":["CVE-2026-23943"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h1k4-x8vr-5bch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/350156?format=json","vulnerability_id":"VCID-j7t3-nrjj-pfgp","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28810.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28810.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-28810","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13069","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12849","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12933","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13037","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.1436","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14483","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14479","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14396","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14354","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15668","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15583","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15727","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15695","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1566","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20496","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20499","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.2051","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20501","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-28810"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28810","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28810"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455868","reference_id":"2455868","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455868"},{"reference_url":"https://github.com/erlang/otp/commit/36f23c9d2cc54afe83671dd7343596d7972839a5","reference_id":"36f23c9d2cc54afe83671dd7343596d7972839a5","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T16:27:52Z/"}],"url":"https://github.com/erlang/otp/commit/36f23c9d2cc54afe83671dd7343596d7972839a5"},{"reference_url":"https://github.com/erlang/otp/commit/b057a9d995017b1be50d6dc02edd52382f3231b8","reference_id":"b057a9d995017b1be50d6dc02edd52382f3231b8","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T16:27:52Z/"}],"url":"https://github.com/erlang/otp/commit/b057a9d995017b1be50d6dc02edd52382f3231b8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"},{"reference_url":"https://cna.erlef.org/cves/CVE-2026-28810.html","reference_id":"CVE-2026-28810.html","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T16:27:52Z/"}],"url":"https://cna.erlef.org/cves/CVE-2026-28810.html"},{"reference_url":"https://github.com/erlang/otp/commit/dd15e8eb03548c5e55e9915f0e91389ec6bad9fd","reference_id":"dd15e8eb03548c5e55e9915f0e91389ec6bad9fd","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T16:27:52Z/"}],"url":"https://github.com/erlang/otp/commit/dd15e8eb03548c5e55e9915f0e91389ec6bad9fd"},{"reference_url":"https://osv.dev/vulnerability/EEF-CVE-2026-28810","reference_id":"EEF-CVE-2026-28810","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T16:27:52Z/"}],"url":"https://osv.dev/vulnerability/EEF-CVE-2026-28810"},{"reference_url":"https://github.com/erlang/otp/security/advisories/GHSA-v884-5jg5-whj8","reference_id":"GHSA-v884-5jg5-whj8","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T16:27:52Z/"}],"url":"https://github.com/erlang/otp/security/advisories/GHSA-v884-5jg5-whj8"},{"reference_url":"https://www.erlang.org/doc/system/versions.html#order-of-versions","reference_id":"versions.html#order-of-versions","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T16:27:52Z/"}],"url":"https://www.erlang.org/doc/system/versions.html#order-of-versions"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089394?format=json","purl":"pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1089441?format=json","purl":"pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1059948?format=json","purl":"pkg:deb/debian/erlang@1:27.3.4.10%2Bdfsg-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c47m-8h7d-afaz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.10%252Bdfsg-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1076516?format=json","purl":"pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-1"}],"aliases":["CVE-2026-28810"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j7t3-nrjj-pfgp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68014?format=json","vulnerability_id":"VCID-jxzt-8wru-6yhk","summary":"erlang: Erlang Exhaustion of File Handles","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48041.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48041.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48041","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31553","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31511","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35077","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35472","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.3542","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35184","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35162","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35082","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.3496","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35032","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35062","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.34967","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.34993","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35061","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36443","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.364","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36463","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36422","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36451","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36471","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36479","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48041"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/erlang/otp/pull/10157","reference_id":"10157","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:20Z/"}],"url":"https://github.com/erlang/otp/pull/10157"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115090","reference_id":"1115090","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115090"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2394520","reference_id":"2394520","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2394520"},{"reference_url":"https://github.com/erlang/otp/commit/5f9af63eec4657a37663828d206517828cb9f288","reference_id":"5f9af63eec4657a37663828d206517828cb9f288","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:20Z/"}],"url":"https://github.com/erlang/otp/commit/5f9af63eec4657a37663828d206517828cb9f288"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"},{"reference_url":"https://cna.erlef.org/cves/CVE-2025-48041.html","reference_id":"CVE-2025-48041.html","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:20Z/"}],"url":"https://cna.erlef.org/cves/CVE-2025-48041.html"},{"reference_url":"https://github.com/erlang/otp/commit/d49efa2d4fa9e6f7ee658719cd76ffe7a33c2401","reference_id":"d49efa2d4fa9e6f7ee658719cd76ffe7a33c2401","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:20Z/"}],"url":"https://github.com/erlang/otp/commit/d49efa2d4fa9e6f7ee658719cd76ffe7a33c2401"},{"reference_url":"https://osv.dev/vulnerability/EEF-CVE-2025-48041","reference_id":"EEF-CVE-2025-48041","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:20Z/"}],"url":"https://osv.dev/vulnerability/EEF-CVE-2025-48041"},{"reference_url":"https://github.com/erlang/otp/security/advisories/GHSA-79c4-cvv7-4qm3","reference_id":"GHSA-79c4-cvv7-4qm3","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:20Z/"}],"url":"https://github.com/erlang/otp/security/advisories/GHSA-79c4-cvv7-4qm3"},{"reference_url":"https://usn.ubuntu.com/7831-1/","reference_id":"USN-7831-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7831-1/"},{"reference_url":"https://www.erlang.org/doc/system/versions.html#order-of-versions","reference_id":"versions.html#order-of-versions","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:20Z/"}],"url":"https://www.erlang.org/doc/system/versions.html#order-of-versions"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089394?format=json","purl":"pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4"},{"url":"http://public2.vulnerablecode.io/api/packages/582523?format=json","purl":"pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c47m-8h7d-afaz"},{"vulnerability":"VCID-gcn7-ak4r-eba3"},{"vulnerability":"VCID-h1k4-x8vr-5bch"},{"vulnerability":"VCID-j7t3-nrjj-pfgp"},{"vulnerability":"VCID-s9qn-9qdm-j7ej"},{"vulnerability":"VCID-w9yj-xg82-kyac"},{"vulnerability":"VCID-wwcj-hwqc-f3g7"},{"vulnerability":"VCID-zegc-rj1x-ryau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u1"}],"aliases":["CVE-2025-48041"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jxzt-8wru-6yhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97017?format=json","vulnerability_id":"VCID-s9qn-9qdm-j7ej","summary":"Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Request Smuggling.  This vulnerability is associated with program files lib/inets/src/http_server/httpd_request.erl and program routines httpd_request:parse_headers/7.  The server does not reject or normalize duplicate Content-Length headers. The earliest Content-Length in the request is used for body parsing while common reverse proxies (nginx, Apache httpd, Envoy) honor the last Content-Length value. This violates RFC 9112 Section 6.3 and allows front-end/back-end desynchronization, leaving attacker-controlled bytes queued as the start of the next request.  This issue affects OTP from OTP 17.0 until OTP 28.4.1, OTP 27.3.4.9 and OTP 26.2.5.18, corresponding to inets from 5.10 until 9.6.1, 9.3.2.3 and 9.1.0.5.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23941","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05607","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05569","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06244","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06254","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06259","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06269","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06231","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06188","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07294","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06944","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06928","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07062","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07047","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.0705","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07011","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.0703","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07178","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07269","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07249","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07264","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07293","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23941"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23941","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23941"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130912","reference_id":"1130912","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130912"},{"reference_url":"https://github.com/erlang/otp/commit/a4b46336fd25aa100ac602eb9a627aaead7eda18","reference_id":"a4b46336fd25aa100ac602eb9a627aaead7eda18","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:00:50Z/"}],"url":"https://github.com/erlang/otp/commit/a4b46336fd25aa100ac602eb9a627aaead7eda18"},{"reference_url":"https://github.com/erlang/otp/commit/a761d391d8d08316cbd7d4a86733ba932b73c45b","reference_id":"a761d391d8d08316cbd7d4a86733ba932b73c45b","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:00:50Z/"}],"url":"https://github.com/erlang/otp/commit/a761d391d8d08316cbd7d4a86733ba932b73c45b"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"},{"reference_url":"https://cna.erlef.org/cves/CVE-2026-23941.html","reference_id":"CVE-2026-23941.html","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:00:50Z/"}],"url":"https://cna.erlef.org/cves/CVE-2026-23941.html"},{"reference_url":"https://github.com/erlang/otp/commit/e775a332f623851385ab6ddb866d9b150612ddf6","reference_id":"e775a332f623851385ab6ddb866d9b150612ddf6","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:00:50Z/"}],"url":"https://github.com/erlang/otp/commit/e775a332f623851385ab6ddb866d9b150612ddf6"},{"reference_url":"https://osv.dev/vulnerability/EEF-CVE-2026-23941","reference_id":"EEF-CVE-2026-23941","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:00:50Z/"}],"url":"https://osv.dev/vulnerability/EEF-CVE-2026-23941"},{"reference_url":"https://github.com/erlang/otp/security/advisories/GHSA-w4jc-9wpv-pqh7","reference_id":"GHSA-w4jc-9wpv-pqh7","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:00:50Z/"}],"url":"https://github.com/erlang/otp/security/advisories/GHSA-w4jc-9wpv-pqh7"},{"reference_url":"https://www.erlang.org/doc/system/versions.html#order-of-versions","reference_id":"versions.html#order-of-versions","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:00:50Z/"}],"url":"https://www.erlang.org/doc/system/versions.html#order-of-versions"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089394?format=json","purl":"pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1089441?format=json","purl":"pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2"},{"url":"http://public2.vulnerablecode.io/api/packages/584098?format=json","purl":"pkg:deb/debian/erlang@1:27.3.4.9%2Bdfsg-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gcn7-ak4r-eba3"},{"vulnerability":"VCID-j7t3-nrjj-pfgp"},{"vulnerability":"VCID-zegc-rj1x-ryau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.9%252Bdfsg-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1059948?format=json","purl":"pkg:deb/debian/erlang@1:27.3.4.10%2Bdfsg-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c47m-8h7d-afaz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.10%252Bdfsg-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1076516?format=json","purl":"pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-1"}],"aliases":["CVE-2026-23941"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s9qn-9qdm-j7ej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64457?format=json","vulnerability_id":"VCID-w9yj-xg82-kyac","summary":"erlang: Erlang OTP tftp_file modules: Information disclosure via relative path traversal","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21620.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21620.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21620","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07646","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07724","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07705","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07678","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.077","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07756","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07604","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07616","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07691","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07706","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07721","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.0787","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07919","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.0931","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09097","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09011","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09176","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09247","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.0921","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09234","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21620"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21620","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21620"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/erlang/otp/pull/10706","reference_id":"10706","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T13:36:03Z/"}],"url":"https://github.com/erlang/otp/pull/10706"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128651","reference_id":"1128651","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128651"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441326","reference_id":"2441326","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441326"},{"reference_url":"https://github.com/erlang/otp/commit/3970738f687325138eb75f798054fa8960ac354e","reference_id":"3970738f687325138eb75f798054fa8960ac354e","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T13:36:03Z/"}],"url":"https://github.com/erlang/otp/commit/3970738f687325138eb75f798054fa8960ac354e"},{"reference_url":"https://github.com/erlang/otp/commit/655fb95725ba2fb811740b57e106873833824344","reference_id":"655fb95725ba2fb811740b57e106873833824344","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T13:36:03Z/"}],"url":"https://github.com/erlang/otp/commit/655fb95725ba2fb811740b57e106873833824344"},{"reference_url":"https://github.com/erlang/otp/commit/696fdec922661d4a3cc528fc34bc24fae8d4ad8a","reference_id":"696fdec922661d4a3cc528fc34bc24fae8d4ad8a","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T13:36:03Z/"}],"url":"https://github.com/erlang/otp/commit/696fdec922661d4a3cc528fc34bc24fae8d4ad8a"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"},{"reference_url":"https://cna.erlef.org/cves/CVE-2026-21620.html","reference_id":"CVE-2026-21620.html","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T13:36:03Z/"}],"url":"https://cna.erlef.org/cves/CVE-2026-21620.html"},{"reference_url":"https://osv.dev/vulnerability/EEF-CVE-2026-21620","reference_id":"EEF-CVE-2026-21620","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T13:36:03Z/"}],"url":"https://osv.dev/vulnerability/EEF-CVE-2026-21620"},{"reference_url":"https://github.com/erlang/otp/security/advisories/GHSA-hmrc-prh3-rpvp","reference_id":"GHSA-hmrc-prh3-rpvp","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T13:36:03Z/"}],"url":"https://github.com/erlang/otp/security/advisories/GHSA-hmrc-prh3-rpvp"},{"reference_url":"https://www.erlang.org/doc/system/versions.html#order-of-versions","reference_id":"versions.html#order-of-versions","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-20T13:36:03Z/"}],"url":"https://www.erlang.org/doc/system/versions.html#order-of-versions"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089394?format=json","purl":"pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1089441?format=json","purl":"pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2"},{"url":"http://public2.vulnerablecode.io/api/packages/584098?format=json","purl":"pkg:deb/debian/erlang@1:27.3.4.9%2Bdfsg-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gcn7-ak4r-eba3"},{"vulnerability":"VCID-j7t3-nrjj-pfgp"},{"vulnerability":"VCID-zegc-rj1x-ryau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.9%252Bdfsg-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1059948?format=json","purl":"pkg:deb/debian/erlang@1:27.3.4.10%2Bdfsg-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c47m-8h7d-afaz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.10%252Bdfsg-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1076516?format=json","purl":"pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-1"}],"aliases":["CVE-2026-21620"],"risk_score":2.0,"exploitability":"0.5","weighted_severity":"4.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w9yj-xg82-kyac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97018?format=json","vulnerability_id":"VCID-wwcj-hwqc-f3g7","summary":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path Traversal.  This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl and program routines ssh_sftpd:is_within_root/2.  The SFTP server uses string prefix matching via lists:prefix/2 rather than proper path component validation when checking if a path is within the configured root directory. This allows authenticated users to access sibling directories that share a common name prefix with the configured root directory. For example, if root is set to /home/user1, paths like /home/user10 or /home/user1_backup would incorrectly be considered within the root.  This issue affects OTP from OTP 17.0 until OTP 28.4.1, OTP 27.3.4.9 and OTP 26.2.5.18, corresponding to ssh from 3.0.1 until 5.5.1, 5.2.11.6 and 5.1.4.14.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23942","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05493","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05459","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.0612","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06128","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06132","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06141","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06101","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06061","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07539","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07214","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07209","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07335","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07293","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.073","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07268","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07279","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07434","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07505","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07488","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07504","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.0754","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23942"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130912","reference_id":"1130912","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130912"},{"reference_url":"https://github.com/erlang/otp/commit/27688a824f753d4c16371dc70e88753fb410590b","reference_id":"27688a824f753d4c16371dc70e88753fb410590b","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:02:31Z/"}],"url":"https://github.com/erlang/otp/commit/27688a824f753d4c16371dc70e88753fb410590b"},{"reference_url":"https://github.com/erlang/otp/commit/5ed603a1211b83b8be2d1fc06d3f3bf30c3c9759","reference_id":"5ed603a1211b83b8be2d1fc06d3f3bf30c3c9759","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:02:31Z/"}],"url":"https://github.com/erlang/otp/commit/5ed603a1211b83b8be2d1fc06d3f3bf30c3c9759"},{"reference_url":"https://github.com/erlang/otp/commit/9e0ac85d3485e7898e0da88a14be0ee2310a3b28","reference_id":"9e0ac85d3485e7898e0da88a14be0ee2310a3b28","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:02:31Z/"}],"url":"https://github.com/erlang/otp/commit/9e0ac85d3485e7898e0da88a14be0ee2310a3b28"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"},{"reference_url":"https://cna.erlef.org/cves/CVE-2026-23942.html","reference_id":"CVE-2026-23942.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:02:31Z/"}],"url":"https://cna.erlef.org/cves/CVE-2026-23942.html"},{"reference_url":"https://osv.dev/vulnerability/EEF-CVE-2026-23942","reference_id":"EEF-CVE-2026-23942","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:02:31Z/"}],"url":"https://osv.dev/vulnerability/EEF-CVE-2026-23942"},{"reference_url":"https://github.com/erlang/otp/security/advisories/GHSA-4749-w85x-hw9h","reference_id":"GHSA-4749-w85x-hw9h","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:02:31Z/"}],"url":"https://github.com/erlang/otp/security/advisories/GHSA-4749-w85x-hw9h"},{"reference_url":"https://www.erlang.org/doc/system/versions.html#order-of-versions","reference_id":"versions.html#order-of-versions","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T16:02:31Z/"}],"url":"https://www.erlang.org/doc/system/versions.html#order-of-versions"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089394?format=json","purl":"pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1089441?format=json","purl":"pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u2"},{"url":"http://public2.vulnerablecode.io/api/packages/584098?format=json","purl":"pkg:deb/debian/erlang@1:27.3.4.9%2Bdfsg-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gcn7-ak4r-eba3"},{"vulnerability":"VCID-j7t3-nrjj-pfgp"},{"vulnerability":"VCID-zegc-rj1x-ryau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.9%252Bdfsg-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1059948?format=json","purl":"pkg:deb/debian/erlang@1:27.3.4.10%2Bdfsg-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c47m-8h7d-afaz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.10%252Bdfsg-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1076516?format=json","purl":"pkg:deb/debian/erlang@1:27.3.4.11%2Bdfsg-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.11%252Bdfsg-1"}],"aliases":["CVE-2026-23942"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wwcj-hwqc-f3g7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81764?format=json","vulnerability_id":"VCID-xcks-117s-v3dd","summary":"erlang: allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy serve","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000107.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000107.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1000107","reference_id":"","reference_type":"","scores":[{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.60537","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.60612","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.60641","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.60811","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.60752","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.60712","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.60739","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.608","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65084","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65045","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65083","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65092","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65076","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65094","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65107","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65105","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65087","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65135","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65073","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65002","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65052","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65066","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1000107"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000107","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000107"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115086","reference_id":"1115086","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115086"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1824460","reference_id":"1824460","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1824460"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1089394?format=json","purl":"pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4"},{"url":"http://public2.vulnerablecode.io/api/packages/582523?format=json","purl":"pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c47m-8h7d-afaz"},{"vulnerability":"VCID-gcn7-ak4r-eba3"},{"vulnerability":"VCID-h1k4-x8vr-5bch"},{"vulnerability":"VCID-j7t3-nrjj-pfgp"},{"vulnerability":"VCID-s9qn-9qdm-j7ej"},{"vulnerability":"VCID-w9yj-xg82-kyac"},{"vulnerability":"VCID-wwcj-hwqc-f3g7"},{"vulnerability":"VCID-zegc-rj1x-ryau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u1"}],"aliases":["CVE-2016-1000107"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xcks-117s-v3dd"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68017?format=json","vulnerability_id":"VCID-1283-nvxm-r7cw","summary":"erlang: Erlang Excessive Use of System Resources","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48038.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48038.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48038","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31553","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31511","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35077","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35472","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.3542","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35184","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35162","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35082","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.3496","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35032","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35062","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.34967","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.34993","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35061","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36443","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.364","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36463","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36422","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36451","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36471","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36479","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48038","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48038"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/erlang/otp/pull/10156","reference_id":"10156","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:56Z/"}],"url":"https://github.com/erlang/otp/pull/10156"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115093","reference_id":"1115093","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115093"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2394522","reference_id":"2394522","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2394522"},{"reference_url":"https://github.com/erlang/otp/commit/4e3bf86777ab3db7220c11d8ddabf15970ddd10a","reference_id":"4e3bf86777ab3db7220c11d8ddabf15970ddd10a","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:56Z/"}],"url":"https://github.com/erlang/otp/commit/4e3bf86777ab3db7220c11d8ddabf15970ddd10a"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"},{"reference_url":"https://cna.erlef.org/cves/CVE-2025-48038.html","reference_id":"CVE-2025-48038.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:56Z/"}],"url":"https://cna.erlef.org/cves/CVE-2025-48038.html"},{"reference_url":"https://osv.dev/vulnerability/EEF-CVE-2025-48038","reference_id":"EEF-CVE-2025-48038","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:56Z/"}],"url":"https://osv.dev/vulnerability/EEF-CVE-2025-48038"},{"reference_url":"https://github.com/erlang/otp/commit/f09e0201ff701993dc24a08f15e524daf72db42f","reference_id":"f09e0201ff701993dc24a08f15e524daf72db42f","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:56Z/"}],"url":"https://github.com/erlang/otp/commit/f09e0201ff701993dc24a08f15e524daf72db42f"},{"reference_url":"https://github.com/erlang/otp/security/advisories/GHSA-pvj7-9652-7h9r","reference_id":"GHSA-pvj7-9652-7h9r","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:56Z/"}],"url":"https://github.com/erlang/otp/security/advisories/GHSA-pvj7-9652-7h9r"},{"reference_url":"https://usn.ubuntu.com/7831-1/","reference_id":"USN-7831-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7831-1/"},{"reference_url":"https://www.erlang.org/doc/system/versions.html#order-of-versions","reference_id":"versions.html#order-of-versions","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:56Z/"}],"url":"https://www.erlang.org/doc/system/versions.html#order-of-versions"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582522?format=json","purl":"pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1283-nvxm-r7cw"},{"vulnerability":"VCID-28fj-t5hy-x3gn"},{"vulnerability":"VCID-c3vm-u9jn-83cs"},{"vulnerability":"VCID-c47m-8h7d-afaz"},{"vulnerability":"VCID-gcn7-ak4r-eba3"},{"vulnerability":"VCID-h1k4-x8vr-5bch"},{"vulnerability":"VCID-j7t3-nrjj-pfgp"},{"vulnerability":"VCID-jxzt-8wru-6yhk"},{"vulnerability":"VCID-s9qn-9qdm-j7ej"},{"vulnerability":"VCID-w9yj-xg82-kyac"},{"vulnerability":"VCID-wwcj-hwqc-f3g7"},{"vulnerability":"VCID-xcks-117s-v3dd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1089394?format=json","purl":"pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4"},{"url":"http://public2.vulnerablecode.io/api/packages/582523?format=json","purl":"pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c47m-8h7d-afaz"},{"vulnerability":"VCID-gcn7-ak4r-eba3"},{"vulnerability":"VCID-h1k4-x8vr-5bch"},{"vulnerability":"VCID-j7t3-nrjj-pfgp"},{"vulnerability":"VCID-s9qn-9qdm-j7ej"},{"vulnerability":"VCID-w9yj-xg82-kyac"},{"vulnerability":"VCID-wwcj-hwqc-f3g7"},{"vulnerability":"VCID-zegc-rj1x-ryau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u1"}],"aliases":["CVE-2025-48038"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1283-nvxm-r7cw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68016?format=json","vulnerability_id":"VCID-c3vm-u9jn-83cs","summary":"erlang: Erlang Excessive Use of System Resources","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48039.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48039.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48039","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31553","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31511","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35077","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35472","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.3542","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35184","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35162","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35082","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.3496","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35032","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35062","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.34967","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.34993","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35061","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36443","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.364","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36463","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36422","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36451","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36471","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36479","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48039"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/erlang/otp/commit/043ee3c943e2977c1acdd740ad13992fd60b6bf0","reference_id":"043ee3c943e2977c1acdd740ad13992fd60b6bf0","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:44Z/"}],"url":"https://github.com/erlang/otp/commit/043ee3c943e2977c1acdd740ad13992fd60b6bf0"},{"reference_url":"https://github.com/erlang/otp/pull/10155","reference_id":"10155","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:44Z/"}],"url":"https://github.com/erlang/otp/pull/10155"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115092","reference_id":"1115092","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115092"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2394523","reference_id":"2394523","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2394523"},{"reference_url":"https://github.com/erlang/otp/commit/c242e6458967e9514bea351814151695807a54ac","reference_id":"c242e6458967e9514bea351814151695807a54ac","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:44Z/"}],"url":"https://github.com/erlang/otp/commit/c242e6458967e9514bea351814151695807a54ac"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"},{"reference_url":"https://cna.erlef.org/cves/CVE-2025-48039.html","reference_id":"CVE-2025-48039.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:44Z/"}],"url":"https://cna.erlef.org/cves/CVE-2025-48039.html"},{"reference_url":"https://osv.dev/vulnerability/EEF-CVE-2025-48039","reference_id":"EEF-CVE-2025-48039","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:44Z/"}],"url":"https://osv.dev/vulnerability/EEF-CVE-2025-48039"},{"reference_url":"https://github.com/erlang/otp/security/advisories/GHSA-rr5p-6856-j7h8","reference_id":"GHSA-rr5p-6856-j7h8","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:44Z/"}],"url":"https://github.com/erlang/otp/security/advisories/GHSA-rr5p-6856-j7h8"},{"reference_url":"https://usn.ubuntu.com/7831-1/","reference_id":"USN-7831-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7831-1/"},{"reference_url":"https://www.erlang.org/doc/system/versions.html#order-of-versions","reference_id":"versions.html#order-of-versions","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:44Z/"}],"url":"https://www.erlang.org/doc/system/versions.html#order-of-versions"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582522?format=json","purl":"pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1283-nvxm-r7cw"},{"vulnerability":"VCID-28fj-t5hy-x3gn"},{"vulnerability":"VCID-c3vm-u9jn-83cs"},{"vulnerability":"VCID-c47m-8h7d-afaz"},{"vulnerability":"VCID-gcn7-ak4r-eba3"},{"vulnerability":"VCID-h1k4-x8vr-5bch"},{"vulnerability":"VCID-j7t3-nrjj-pfgp"},{"vulnerability":"VCID-jxzt-8wru-6yhk"},{"vulnerability":"VCID-s9qn-9qdm-j7ej"},{"vulnerability":"VCID-w9yj-xg82-kyac"},{"vulnerability":"VCID-wwcj-hwqc-f3g7"},{"vulnerability":"VCID-xcks-117s-v3dd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1089394?format=json","purl":"pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4"},{"url":"http://public2.vulnerablecode.io/api/packages/582523?format=json","purl":"pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c47m-8h7d-afaz"},{"vulnerability":"VCID-gcn7-ak4r-eba3"},{"vulnerability":"VCID-h1k4-x8vr-5bch"},{"vulnerability":"VCID-j7t3-nrjj-pfgp"},{"vulnerability":"VCID-s9qn-9qdm-j7ej"},{"vulnerability":"VCID-w9yj-xg82-kyac"},{"vulnerability":"VCID-wwcj-hwqc-f3g7"},{"vulnerability":"VCID-zegc-rj1x-ryau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u1"}],"aliases":["CVE-2025-48039"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c3vm-u9jn-83cs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96643?format=json","vulnerability_id":"VCID-jg37-ud9r-d3h7","summary":"Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32433","reference_id":"","reference_type":"","scores":[{"value":"0.47068","scoring_system":"epss","scoring_elements":"0.97701","published_at":"2026-05-07T12:55:00Z"},{"value":"0.47068","scoring_system":"epss","scoring_elements":"0.97718","published_at":"2026-05-15T12:55:00Z"},{"value":"0.47068","scoring_system":"epss","scoring_elements":"0.97715","published_at":"2026-05-14T12:55:00Z"},{"value":"0.47068","scoring_system":"epss","scoring_elements":"0.97708","published_at":"2026-05-12T12:55:00Z"},{"value":"0.47068","scoring_system":"epss","scoring_elements":"0.97703","published_at":"2026-05-11T12:55:00Z"},{"value":"0.50814","scoring_system":"epss","scoring_elements":"0.97876","published_at":"2026-05-05T12:55:00Z"},{"value":"0.53597","scoring_system":"epss","scoring_elements":"0.9799","published_at":"2026-04-13T12:55:00Z"},{"value":"0.53597","scoring_system":"epss","scoring_elements":"0.97996","published_at":"2026-04-16T12:55:00Z"},{"value":"0.53597","scoring_system":"epss","scoring_elements":"0.97997","published_at":"2026-04-18T12:55:00Z"},{"value":"0.53995","scoring_system":"epss","scoring_elements":"0.98005","published_at":"2026-04-08T12:55:00Z"},{"value":"0.53995","scoring_system":"epss","scoring_elements":"0.97998","published_at":"2026-04-04T12:55:00Z"},{"value":"0.53995","scoring_system":"epss","scoring_elements":"0.98","published_at":"2026-04-07T12:55:00Z"},{"value":"0.53995","scoring_system":"epss","scoring_elements":"0.97996","published_at":"2026-04-02T12:55:00Z"},{"value":"0.54011","scoring_system":"epss","scoring_elements":"0.98019","published_at":"2026-04-29T12:55:00Z"},{"value":"0.54011","scoring_system":"epss","scoring_elements":"0.98016","published_at":"2026-04-26T12:55:00Z"},{"value":"0.54011","scoring_system":"epss","scoring_elements":"0.98015","published_at":"2026-04-24T12:55:00Z"},{"value":"0.5672","scoring_system":"epss","scoring_elements":"0.98127","published_at":"2026-04-11T12:55:00Z"},{"value":"0.5672","scoring_system":"epss","scoring_elements":"0.98123","published_at":"2026-04-09T12:55:00Z"},{"value":"0.5672","scoring_system":"epss","scoring_elements":"0.98128","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32433"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32433","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32433"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12","reference_id":"0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-08-20T03:55:59Z/"}],"url":"https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103442","reference_id":"1103442","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103442"},{"reference_url":"https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f","reference_id":"6eef04130afc8b0ccb63c9a0d8650209cf54892f","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-08-20T03:55:59Z/"}],"url":"https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f"},{"reference_url":"https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891","reference_id":"b1924d37fd83c070055beb115d5d6a6a9490b891","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-08-20T03:55:59Z/"}],"url":"https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891"},{"reference_url":"https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2","reference_id":"GHSA-37cp-fgq5-7wc2","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-08-20T03:55:59Z/"}],"url":"https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2"},{"reference_url":"https://usn.ubuntu.com/7443-1/","reference_id":"USN-7443-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7443-1/"},{"reference_url":"https://usn.ubuntu.com/7443-2/","reference_id":"USN-7443-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7443-2/"},{"reference_url":"https://usn.ubuntu.com/7443-3/","reference_id":"USN-7443-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7443-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582522?format=json","purl":"pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1283-nvxm-r7cw"},{"vulnerability":"VCID-28fj-t5hy-x3gn"},{"vulnerability":"VCID-c3vm-u9jn-83cs"},{"vulnerability":"VCID-c47m-8h7d-afaz"},{"vulnerability":"VCID-gcn7-ak4r-eba3"},{"vulnerability":"VCID-h1k4-x8vr-5bch"},{"vulnerability":"VCID-j7t3-nrjj-pfgp"},{"vulnerability":"VCID-jxzt-8wru-6yhk"},{"vulnerability":"VCID-s9qn-9qdm-j7ej"},{"vulnerability":"VCID-w9yj-xg82-kyac"},{"vulnerability":"VCID-wwcj-hwqc-f3g7"},{"vulnerability":"VCID-xcks-117s-v3dd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u3"}],"aliases":["CVE-2025-32433"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jg37-ud9r-d3h7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68014?format=json","vulnerability_id":"VCID-jxzt-8wru-6yhk","summary":"erlang: Erlang Exhaustion of File Handles","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48041.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48041.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48041","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31553","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31511","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35077","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35472","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.3542","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35184","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35162","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35082","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.3496","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35032","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35062","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.34967","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.34993","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35061","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36443","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.364","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36463","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36422","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36451","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36471","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36479","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48041"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/erlang/otp/pull/10157","reference_id":"10157","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:20Z/"}],"url":"https://github.com/erlang/otp/pull/10157"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115090","reference_id":"1115090","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115090"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2394520","reference_id":"2394520","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2394520"},{"reference_url":"https://github.com/erlang/otp/commit/5f9af63eec4657a37663828d206517828cb9f288","reference_id":"5f9af63eec4657a37663828d206517828cb9f288","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:20Z/"}],"url":"https://github.com/erlang/otp/commit/5f9af63eec4657a37663828d206517828cb9f288"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"},{"reference_url":"https://cna.erlef.org/cves/CVE-2025-48041.html","reference_id":"CVE-2025-48041.html","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:20Z/"}],"url":"https://cna.erlef.org/cves/CVE-2025-48041.html"},{"reference_url":"https://github.com/erlang/otp/commit/d49efa2d4fa9e6f7ee658719cd76ffe7a33c2401","reference_id":"d49efa2d4fa9e6f7ee658719cd76ffe7a33c2401","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:20Z/"}],"url":"https://github.com/erlang/otp/commit/d49efa2d4fa9e6f7ee658719cd76ffe7a33c2401"},{"reference_url":"https://osv.dev/vulnerability/EEF-CVE-2025-48041","reference_id":"EEF-CVE-2025-48041","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:20Z/"}],"url":"https://osv.dev/vulnerability/EEF-CVE-2025-48041"},{"reference_url":"https://github.com/erlang/otp/security/advisories/GHSA-79c4-cvv7-4qm3","reference_id":"GHSA-79c4-cvv7-4qm3","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:20Z/"}],"url":"https://github.com/erlang/otp/security/advisories/GHSA-79c4-cvv7-4qm3"},{"reference_url":"https://usn.ubuntu.com/7831-1/","reference_id":"USN-7831-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7831-1/"},{"reference_url":"https://www.erlang.org/doc/system/versions.html#order-of-versions","reference_id":"versions.html#order-of-versions","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T13:30:20Z/"}],"url":"https://www.erlang.org/doc/system/versions.html#order-of-versions"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582522?format=json","purl":"pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1283-nvxm-r7cw"},{"vulnerability":"VCID-28fj-t5hy-x3gn"},{"vulnerability":"VCID-c3vm-u9jn-83cs"},{"vulnerability":"VCID-c47m-8h7d-afaz"},{"vulnerability":"VCID-gcn7-ak4r-eba3"},{"vulnerability":"VCID-h1k4-x8vr-5bch"},{"vulnerability":"VCID-j7t3-nrjj-pfgp"},{"vulnerability":"VCID-jxzt-8wru-6yhk"},{"vulnerability":"VCID-s9qn-9qdm-j7ej"},{"vulnerability":"VCID-w9yj-xg82-kyac"},{"vulnerability":"VCID-wwcj-hwqc-f3g7"},{"vulnerability":"VCID-xcks-117s-v3dd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1089394?format=json","purl":"pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4"},{"url":"http://public2.vulnerablecode.io/api/packages/582523?format=json","purl":"pkg:deb/debian/erlang@1:27.3.4.1%2Bdfsg-1%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-c47m-8h7d-afaz"},{"vulnerability":"VCID-gcn7-ak4r-eba3"},{"vulnerability":"VCID-h1k4-x8vr-5bch"},{"vulnerability":"VCID-j7t3-nrjj-pfgp"},{"vulnerability":"VCID-s9qn-9qdm-j7ej"},{"vulnerability":"VCID-w9yj-xg82-kyac"},{"vulnerability":"VCID-wwcj-hwqc-f3g7"},{"vulnerability":"VCID-zegc-rj1x-ryau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:27.3.4.1%252Bdfsg-1%252Bdeb13u1"}],"aliases":["CVE-2025-48041"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jxzt-8wru-6yhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20351?format=json","vulnerability_id":"VCID-jzn6-bzzf-nugp","summary":"Improper Validation of Integrity Check Value\nThe SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.","references":[{"reference_url":"http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-48795.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-48795.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48795","reference_id":"","reference_type":"","scores":[{"value":"0.52606","scoring_system":"epss","scoring_elements":"0.97967","published_at":"2026-05-14T12:55:00Z"},{"value":"0.52606","scoring_system":"epss","scoring_elements":"0.97969","published_at":"2026-05-15T12:55:00Z"},{"value":"0.53559","scoring_system":"epss","scoring_elements":"0.98007","published_at":"2026-05-12T12:55:00Z"},{"value":"0.53559","scoring_system":"epss","scoring_elements":"0.98004","published_at":"2026-05-11T12:55:00Z"},{"value":"0.53559","scoring_system":"epss","scoring_elements":"0.97994","published_at":"2026-04-24T12:55:00Z"},{"value":"0.53559","scoring_system":"epss","scoring_elements":"0.98002","published_at":"2026-05-07T12:55:00Z"},{"value":"0.53559","scoring_system":"epss","scoring_elements":"0.98005","published_at":"2026-05-09T12:55:00Z"},{"value":"0.5673","scoring_system":"epss","scoring_elements":"0.98136","published_at":"2026-04-18T12:55:00Z"},{"value":"0.5673","scoring_system":"epss","scoring_elements":"0.98128","published_at":"2026-04-12T12:55:00Z"},{"value":"0.5673","scoring_system":"epss","scoring_elements":"0.98129","published_at":"2026-04-13T12:55:00Z"},{"value":"0.5673","scoring_system":"epss","scoring_elements":"0.98114","published_at":"2026-04-02T12:55:00Z"},{"value":"0.5673","scoring_system":"epss","scoring_elements":"0.98124","published_at":"2026-04-09T12:55:00Z"},{"value":"0.5673","scoring_system":"epss","scoring_elements":"0.98123","published_at":"2026-04-08T12:55:00Z"},{"value":"0.5673","scoring_system":"epss","scoring_elements":"0.98134","published_at":"2026-04-16T12:55:00Z"},{"value":"0.5673","scoring_system":"epss","scoring_elements":"0.98118","published_at":"2026-04-04T12:55:00Z"},{"value":"0.5673","scoring_system":"epss","scoring_elements":"0.98119","published_at":"2026-04-07T12:55:00Z"},{"value":"0.58603","scoring_system":"epss","scoring_elements":"0.98218","published_at":"2026-04-29T12:55:00Z"},{"value":"0.58603","scoring_system":"epss","scoring_elements":"0.98219","published_at":"2026-04-26T12:55:00Z"},{"value":"0.61084","scoring_system":"epss","scoring_elements":"0.98316","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48795"},{"reference_url":"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack"},{"reference_url":"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/"},{"reference_url":"https://bugs.gentoo.org/920280","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://bugs.gentoo.org/920280"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2254210","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2254210"},{"reference_url":"https://bugzilla.suse.com/show_bug.cgi?id=1217950","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://bugzilla.suse.com/show_bug.cgi?id=1217950"},{"reference_url":"https://cert-portal.siemens.com/productcert/html/ssa-082556.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cert-portal.siemens.com/productcert/html/ssa-082556.html"},{"reference_url":"https://cert-portal.siemens.com/productcert/html/ssa-364175.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cert-portal.siemens.com/productcert/html/ssa-364175.html"},{"reference_url":"https://cert-portal.siemens.com/productcert/html/ssa-794697.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cert-portal.siemens.com/productcert/html/ssa-794697.html"},{"reference_url":"https://crates.io/crates/thrussh/versions","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://crates.io/crates/thrussh/versions"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6004","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6004"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6918","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6918"},{"reference_url":"http://seclists.org/fulldisclosure/2024/Mar/21","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"http://seclists.org/fulldisclosure/2024/Mar/21"},{"reference_url":"https://filezilla-project.org/versions.php","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://filezilla-project.org/versions.php"},{"reference_url":"https://forum.netgate.com/topic/184941/terrapin-ssh-attack","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://forum.netgate.com/topic/184941/terrapin-ssh-attack"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/mina-sshd/issues/445","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/apache/mina-sshd/issues/445"},{"reference_url":"https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab"},{"reference_url":"https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22"},{"reference_url":"https://github.com/cyd01/KiTTY/issues/520","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/cyd01/KiTTY/issues/520"},{"reference_url":"https://github.com/drakkan/sftpgo/releases/tag/v2.5.6","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/drakkan/sftpgo/releases/tag/v2.5.6"},{"reference_url":"https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42"},{"reference_url":"https://github.com/erlang/otp/releases/tag/OTP-26.2.1","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/erlang/otp/releases/tag/OTP-26.2.1"},{"reference_url":"https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d"},{"reference_url":"https://github.com/hierynomus/sshj/issues/916","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/hierynomus/sshj/issues/916"},{"reference_url":"https://github.com/janmojzis/tinyssh/issues/81","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/janmojzis/tinyssh/issues/81"},{"reference_url":"https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5"},{"reference_url":"https://github.com/libssh2/libssh2/pull/1291","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/libssh2/libssh2/pull/1291"},{"reference_url":"https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25"},{"reference_url":"https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3"},{"reference_url":"https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15"},{"reference_url":"https://github.com/mwiede/jsch/issues/457","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/mwiede/jsch/issues/457"},{"reference_url":"https://github.com/mwiede/jsch/pull/461","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/mwiede/jsch/pull/461"},{"reference_url":"https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16"},{"reference_url":"https://github.com/NixOS/nixpkgs/pull/275249","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/NixOS/nixpkgs/pull/275249"},{"reference_url":"https://github.com/openssh/openssh-portable/commits/master","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/openssh/openssh-portable/commits/master"},{"reference_url":"https://github.com/paramiko/paramiko/issues/2337","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/paramiko/paramiko/issues/2337"},{"reference_url":"https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773"},{"reference_url":"https://github.com/PowerShell/Win32-OpenSSH/issues/2189","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/PowerShell/Win32-OpenSSH/issues/2189"},{"reference_url":"https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta"},{"reference_url":"https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES"},{"reference_url":"https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES"},{"reference_url":"https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"},{"reference_url":"https://github.com/proftpd/proftpd/issues/456","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/proftpd/proftpd/issues/456"},{"reference_url":"https://github.com/rapier1/hpn-ssh/releases","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/rapier1/hpn-ssh/releases"},{"reference_url":"https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst"},{"reference_url":"https://github.com/ronf/asyncssh/tags","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/ronf/asyncssh/tags"},{"reference_url":"https://github.com/ssh-mitm/ssh-mitm/issues/165","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/ssh-mitm/ssh-mitm/issues/165"},{"reference_url":"https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0"},{"reference_url":"https://github.com/TeraTermProject/teraterm/releases/tag/v5.1","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/TeraTermProject/teraterm/releases/tag/v5.1"},{"reference_url":"https://github.com/warp-tech/russh","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/warp-tech/russh"},{"reference_url":"https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951"},{"reference_url":"https://github.com/warp-tech/russh/releases/tag/v0.40.2","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/warp-tech/russh/releases/tag/v0.40.2"},{"reference_url":"https://gitlab.com/libssh/libssh-mirror/-/tags","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://gitlab.com/libssh/libssh-mirror/-/tags"},{"reference_url":"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6"},{"reference_url":"https://go.dev/cl/550715","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.dev/cl/550715"},{"reference_url":"https://go.dev/issue/64784","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.dev/issue/64784"},{"reference_url":"https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ"},{"reference_url":"https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg"},{"reference_url":"https://help.panic.com/releasenotes/transmit5","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://help.panic.com/releasenotes/transmit5"},{"reference_url":"https://help.panic.com/releasenotes/transmit5/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://help.panic.com/releasenotes/transmit5/"},{"reference_url":"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795"},{"reference_url":"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB"},{"reference_url":"https://matt.ucc.asn.au/dropbear/CHANGES","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://matt.ucc.asn.au/dropbear/CHANGES"},{"reference_url":"https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC"},{"reference_url":"https://news.ycombinator.com/item?id=38684904","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://news.ycombinator.com/item?id=38684904"},{"reference_url":"https://news.ycombinator.com/item?id=38685286","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://news.ycombinator.com/item?id=38685286"},{"reference_url":"https://news.ycombinator.com/item?id=38732005","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://news.ycombinator.com/item?id=38732005"},{"reference_url":"https://nova.app/releases/#v11.8","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://nova.app/releases/#v11.8"},{"reference_url":"https://oryx-embedded.com/download/#changelog","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://oryx-embedded.com/download/#changelog"},{"reference_url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002"},{"reference_url":"https://roumenpetrov.info/secsh/#news20231220","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://roumenpetrov.info/secsh/#news20231220"},{"reference_url":"https://security.gentoo.org/glsa/202312-16","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://security.gentoo.org/glsa/202312-16"},{"reference_url":"https://security.gentoo.org/glsa/202312-17","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://security.gentoo.org/glsa/202312-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240105-0004","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240105-0004"},{"reference_url":"https://security-tracker.debian.org/tracker/source-package/libssh2","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://security-tracker.debian.org/tracker/source-package/libssh2"},{"reference_url":"https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg"},{"reference_url":"https://security-tracker.debian.org/tracker/source-package/trilead-ssh2","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://security-tracker.debian.org/tracker/source-package/trilead-ssh2"},{"reference_url":"https://support.apple.com/kb/HT214084","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://support.apple.com/kb/HT214084"},{"reference_url":"https://twitter.com/TrueSkrillor/status/1736774389725565005","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://twitter.com/TrueSkrillor/status/1736774389725565005"},{"reference_url":"https://winscp.net/eng/docs/history#6.2.2","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://winscp.net/eng/docs/history#6.2.2"},{"reference_url":"https://www.bitvise.com/ssh-client-version-history#933","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.bitvise.com/ssh-client-version-history#933"},{"reference_url":"https://www.bitvise.com/ssh-server-version-history","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.bitvise.com/ssh-server-version-history"},{"reference_url":"https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html"},{"reference_url":"https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update"},{"reference_url":"https://www.debian.org/security/2023/dsa-5586","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.debian.org/security/2023/dsa-5586"},{"reference_url":"https://www.debian.org/security/2023/dsa-5588","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.debian.org/security/2023/dsa-5588"},{"reference_url":"https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc"},{"reference_url":"https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508"},{"reference_url":"https://www.netsarang.com/en/xshell-update-history","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.netsarang.com/en/xshell-update-history"},{"reference_url":"https://www.netsarang.com/en/xshell-update-history/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.netsarang.com/en/xshell-update-history/"},{"reference_url":"https://www.openssh.com/openbsd.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.openssh.com/openbsd.html"},{"reference_url":"https://www.openssh.com/txt/release-9.6","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.openssh.com/txt/release-9.6"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/12/18/2","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.openwall.com/lists/oss-security/2023/12/18/2"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/12/20/3","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.openwall.com/lists/oss-security/2023/12/20/3"},{"reference_url":"https://www.paramiko.org/changelog.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.paramiko.org/changelog.html"},{"reference_url":"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed"},{"reference_url":"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/"},{"reference_url":"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795"},{"reference_url":"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/"},{"reference_url":"https://www.terrapin-attack.com","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.terrapin-attack.com"},{"reference_url":"https://www.theregister.com/2023/12/20/terrapin_attack_ssh","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.theregister.com/2023/12/20/terrapin_attack_ssh"},{"reference_url":"https://www.vandyke.com/products/securecrt/history.txt","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://www.vandyke.com/products/securecrt/history.txt"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/12/18/3","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/12/18/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/12/19/5","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/12/19/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/12/20/3","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/12/20/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/03/06/3","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/03/06/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/04/17/8","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/04/17/8"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059001","reference_id":"1059001","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059001"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059002","reference_id":"1059002","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059002"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059003","reference_id":"1059003","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059003"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059004","reference_id":"1059004","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059004"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059005","reference_id":"1059005","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059005"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059006","reference_id":"1059006","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059006"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059007","reference_id":"1059007","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059007"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059058","reference_id":"1059058","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059058"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059144","reference_id":"1059144","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059144"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059290","reference_id":"1059290","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059290"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059294","reference_id":"1059294","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059294"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/","reference_id":"33XHJUB6ROFUOH2OQNENFROTVH6MHSHA","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/","reference_id":"3CAYYW35MUTNO65RVAELICTNZZFMT2XS","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/","reference_id":"3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/","reference_id":"6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/","reference_id":"BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/","reference_id":"C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/","reference_id":"CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"},{"reference_url":"https://access.redhat.com/security/cve/cve-2023-48795","reference_id":"CVE-2023-48795","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://access.redhat.com/security/cve/cve-2023-48795"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48795","reference_id":"CVE-2023-48795","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48795"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2023-48795","reference_id":"CVE-2023-48795","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://security-tracker.debian.org/tracker/CVE-2023-48795"},{"reference_url":"https://ubuntu.com/security/CVE-2023-48795","reference_id":"CVE-2023-48795","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://ubuntu.com/security/CVE-2023-48795"},{"reference_url":"https://thorntech.com/cve-2023-48795-and-sftp-gateway","reference_id":"CVE-2023-48795-AND-SFTP-GATEWAY","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://thorntech.com/cve-2023-48795-and-sftp-gateway"},{"reference_url":"https://thorntech.com/cve-2023-48795-and-sftp-gateway/","reference_id":"CVE-2023-48795-AND-SFTP-GATEWAY","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://thorntech.com/cve-2023-48795-and-sftp-gateway/"},{"reference_url":"https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit","reference_id":"CVE-2023-48795-DETECT-OPENSSH-VULNERABILIT","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit"},{"reference_url":"https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability","reference_id":"CVE-2023-48795-MITIGATE-OPENSSH-VULNERABILITY","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability"},{"reference_url":"https://github.com/advisories/GHSA-45x7-px36-x8w8","reference_id":"GHSA-45x7-px36-x8w8","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://github.com/advisories/GHSA-45x7-px36-x8w8"},{"reference_url":"https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8","reference_id":"GHSA-45x7-px36-x8w8","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8"},{"reference_url":"https://security.gentoo.org/glsa/202407-11","reference_id":"GLSA-202407-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-11"},{"reference_url":"https://security.gentoo.org/glsa/202407-12","reference_id":"GLSA-202407-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-12"},{"reference_url":"https://security.gentoo.org/glsa/202509-06","reference_id":"GLSA-202509-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202509-06"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/","reference_id":"HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/","reference_id":"I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/","reference_id":"KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/","reference_id":"L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/","reference_id":"LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240105-0004/","reference_id":"ntap-20240105-0004","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-22T05:01:05Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240105-0004/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7197","reference_id":"RHSA-2023:7197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7198","reference_id":"RHSA-2023:7198","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7198"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7201","reference_id":"RHSA-2023:7201","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7201"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0040","reference_id":"RHSA-2024:0040","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0040"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0429","reference_id":"RHSA-2024:0429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0429"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0455","reference_id":"RHSA-2024:0455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0455"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0499","reference_id":"RHSA-2024:0499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0538","reference_id":"RHSA-2024:0538","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0538"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0594","reference_id":"RHSA-2024:0594","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0594"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0606","reference_id":"RHSA-2024:0606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0625","reference_id":"RHSA-2024:0625","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0625"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0628","reference_id":"RHSA-2024:0628","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0628"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0766","reference_id":"RHSA-2024:0766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0789","reference_id":"RHSA-2024:0789","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0789"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0843","reference_id":"RHSA-2024:0843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0880","reference_id":"RHSA-2024:0880","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0880"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0954","reference_id":"RHSA-2024:0954","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0954"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1130","reference_id":"RHSA-2024:1130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1150","reference_id":"RHSA-2024:1150","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1150"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1192","reference_id":"RHSA-2024:1192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1193","reference_id":"RHSA-2024:1193","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1193"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1196","reference_id":"RHSA-2024:1196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1197","reference_id":"RHSA-2024:1197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1210","reference_id":"RHSA-2024:1210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1383","reference_id":"RHSA-2024:1383","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1383"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1557","reference_id":"RHSA-2024:1557","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1557"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1859","reference_id":"RHSA-2024:1859","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1859"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2728","reference_id":"RHSA-2024:2728","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2728"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2735","reference_id":"RHSA-2024:2735","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2735"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2768","reference_id":"RHSA-2024:2768","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2768"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2988","reference_id":"RHSA-2024:2988","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2988"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3479","reference_id":"RHSA-2024:3479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3634","reference_id":"RHSA-2024:3634","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3634"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3635","reference_id":"RHSA-2024:3635","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3635"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3636","reference_id":"RHSA-2024:3636","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3636"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3918","reference_id":"RHSA-2024:3918","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3918"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4010","reference_id":"RHSA-2024:4010","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4010"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4151","reference_id":"RHSA-2024:4151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4329","reference_id":"RHSA-2024:4329","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4329"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4479","reference_id":"RHSA-2024:4479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4484","reference_id":"RHSA-2024:4484","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4484"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4597","reference_id":"RHSA-2024:4597","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4597"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4662","reference_id":"RHSA-2024:4662","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4662"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4955","reference_id":"RHSA-2024:4955","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4955"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4959","reference_id":"RHSA-2024:4959","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4959"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5200","reference_id":"RHSA-2024:5200","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5200"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5432","reference_id":"RHSA-2024:5432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5432"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5433","reference_id":"RHSA-2024:5433","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5433"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5438","reference_id":"RHSA-2024:5438","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5438"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8235","reference_id":"RHSA-2024:8235","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8235"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4664","reference_id":"RHSA-2025:4664","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4664"},{"reference_url":"https://usn.ubuntu.com/6560-1/","reference_id":"USN-6560-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6560-1/"},{"reference_url":"https://usn.ubuntu.com/6560-2/","reference_id":"USN-6560-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6560-2/"},{"reference_url":"https://usn.ubuntu.com/6561-1/","reference_id":"USN-6561-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6561-1/"},{"reference_url":"https://usn.ubuntu.com/6585-1/","reference_id":"USN-6585-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6585-1/"},{"reference_url":"https://usn.ubuntu.com/6589-1/","reference_id":"USN-6589-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6589-1/"},{"reference_url":"https://usn.ubuntu.com/6598-1/","reference_id":"USN-6598-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6598-1/"},{"reference_url":"https://usn.ubuntu.com/6738-1/","reference_id":"USN-6738-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6738-1/"},{"reference_url":"https://usn.ubuntu.com/7051-1/","reference_id":"USN-7051-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7051-1/"},{"reference_url":"https://usn.ubuntu.com/7292-1/","reference_id":"USN-7292-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7292-1/"},{"reference_url":"https://usn.ubuntu.com/7297-1/","reference_id":"USN-7297-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7297-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582522?format=json","purl":"pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1283-nvxm-r7cw"},{"vulnerability":"VCID-28fj-t5hy-x3gn"},{"vulnerability":"VCID-c3vm-u9jn-83cs"},{"vulnerability":"VCID-c47m-8h7d-afaz"},{"vulnerability":"VCID-gcn7-ak4r-eba3"},{"vulnerability":"VCID-h1k4-x8vr-5bch"},{"vulnerability":"VCID-j7t3-nrjj-pfgp"},{"vulnerability":"VCID-jxzt-8wru-6yhk"},{"vulnerability":"VCID-s9qn-9qdm-j7ej"},{"vulnerability":"VCID-w9yj-xg82-kyac"},{"vulnerability":"VCID-wwcj-hwqc-f3g7"},{"vulnerability":"VCID-xcks-117s-v3dd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u3"}],"aliases":["CVE-2023-48795","GHSA-45x7-px36-x8w8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jzn6-bzzf-nugp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70606?format=json","vulnerability_id":"VCID-nqfj-97y5-suar","summary":"erlang: KEX init error results with excessive memory usage","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30211.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30211.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30211","reference_id":"","reference_type":"","scores":[{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35743","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35708","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.3573","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35638","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35661","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35726","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67926","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.6799","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.68014","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.68","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67965","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.68002","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.68015","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67998","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.6804","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.68049","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.68055","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.68029","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67928","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67948","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67977","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30211"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30211","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30211"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101713","reference_id":"1101713","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101713"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2355785","reference_id":"2355785","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2355785"},{"reference_url":"https://github.com/erlang/otp/security/advisories/GHSA-vvr3-fjhh-cfwc","reference_id":"GHSA-vvr3-fjhh-cfwc","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-28T15:10:23Z/"}],"url":"https://github.com/erlang/otp/security/advisories/GHSA-vvr3-fjhh-cfwc"},{"reference_url":"https://usn.ubuntu.com/7425-1/","reference_id":"USN-7425-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7425-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582522?format=json","purl":"pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1283-nvxm-r7cw"},{"vulnerability":"VCID-28fj-t5hy-x3gn"},{"vulnerability":"VCID-c3vm-u9jn-83cs"},{"vulnerability":"VCID-c47m-8h7d-afaz"},{"vulnerability":"VCID-gcn7-ak4r-eba3"},{"vulnerability":"VCID-h1k4-x8vr-5bch"},{"vulnerability":"VCID-j7t3-nrjj-pfgp"},{"vulnerability":"VCID-jxzt-8wru-6yhk"},{"vulnerability":"VCID-s9qn-9qdm-j7ej"},{"vulnerability":"VCID-w9yj-xg82-kyac"},{"vulnerability":"VCID-wwcj-hwqc-f3g7"},{"vulnerability":"VCID-xcks-117s-v3dd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u3"}],"aliases":["CVE-2025-30211"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nqfj-97y5-suar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71808?format=json","vulnerability_id":"VCID-tnt7-d764-13cq","summary":"otp: erlang: SSH SFTP packet size not verified properly in Erlang OTP","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26618.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26618.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-26618","reference_id":"","reference_type":"","scores":[{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56924","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56998","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56838","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56884","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56944","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56895","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56919","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56945","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.5692","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56971","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56975","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56982","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56963","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56939","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56968","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56964","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56942","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56881","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56899","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56883","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-26618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26618"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/erlang/otp/commit/0ed2573cbd55c92e9125c9dc70fa1ca7fed82872","reference_id":"0ed2573cbd55c92e9125c9dc70fa1ca7fed82872","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-20T20:55:12Z/"}],"url":"https://github.com/erlang/otp/commit/0ed2573cbd55c92e9125c9dc70fa1ca7fed82872"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346900","reference_id":"2346900","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346900"},{"reference_url":"https://github.com/erlang/otp/security/advisories/GHSA-78cv-45vx-q6fr","reference_id":"GHSA-78cv-45vx-q6fr","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-20T20:55:12Z/"}],"url":"https://github.com/erlang/otp/security/advisories/GHSA-78cv-45vx-q6fr"},{"reference_url":"https://usn.ubuntu.com/7313-1/","reference_id":"USN-7313-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7313-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582522?format=json","purl":"pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1283-nvxm-r7cw"},{"vulnerability":"VCID-28fj-t5hy-x3gn"},{"vulnerability":"VCID-c3vm-u9jn-83cs"},{"vulnerability":"VCID-c47m-8h7d-afaz"},{"vulnerability":"VCID-gcn7-ak4r-eba3"},{"vulnerability":"VCID-h1k4-x8vr-5bch"},{"vulnerability":"VCID-j7t3-nrjj-pfgp"},{"vulnerability":"VCID-jxzt-8wru-6yhk"},{"vulnerability":"VCID-s9qn-9qdm-j7ej"},{"vulnerability":"VCID-w9yj-xg82-kyac"},{"vulnerability":"VCID-wwcj-hwqc-f3g7"},{"vulnerability":"VCID-xcks-117s-v3dd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u3"}],"aliases":["CVE-2025-26618"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tnt7-d764-13cq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96718?format=json","vulnerability_id":"VCID-vqnt-uyex-87fn","summary":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2 unless the memory option is passed.  This issue affects OTP from OTP 17.0 until OTP 28.0.1, OTP 27.3.4.1 and OTP 26.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-4748","reference_id":"","reference_type":"","scores":[{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.2609","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.26131","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.2905","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29155","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29113","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29161","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59179","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59244","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59233","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59162","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59135","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59126","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59107","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59144","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59149","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59129","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59109","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59127","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59114","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59072","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59122","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-4748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4748"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107939","reference_id":"1107939","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107939"},{"reference_url":"https://github.com/erlang/otp/commit/578d4001575aa7647ea1efd4b2b7e3afadcc99a5","reference_id":"578d4001575aa7647ea1efd4b2b7e3afadcc99a5","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:10:47Z/"}],"url":"https://github.com/erlang/otp/commit/578d4001575aa7647ea1efd4b2b7e3afadcc99a5"},{"reference_url":"https://github.com/erlang/otp/commit/5a55feec10c9b69189d56723d8f237afa58d5d4f","reference_id":"5a55feec10c9b69189d56723d8f237afa58d5d4f","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:10:47Z/"}],"url":"https://github.com/erlang/otp/commit/5a55feec10c9b69189d56723d8f237afa58d5d4f"},{"reference_url":"https://github.com/erlang/otp/pull/9941","reference_id":"9941","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:10:47Z/"}],"url":"https://github.com/erlang/otp/pull/9941"},{"reference_url":"https://security.archlinux.org/AVG-2900","reference_id":"AVG-2900","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2900"},{"reference_url":"https://github.com/erlang/otp/commit/ba2f2bc5f45fcfd2d6201ba07990a678bbf4cc8f","reference_id":"ba2f2bc5f45fcfd2d6201ba07990a678bbf4cc8f","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:10:47Z/"}],"url":"https://github.com/erlang/otp/commit/ba2f2bc5f45fcfd2d6201ba07990a678bbf4cc8f"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"},{"reference_url":"https://cna.erlef.org/cves/CVE-2025-4748.html","reference_id":"CVE-2025-4748.html","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:10:47Z/"}],"url":"https://cna.erlef.org/cves/CVE-2025-4748.html"},{"reference_url":"https://osv.dev/vulnerability/EEF-CVE-2025-4748","reference_id":"EEF-CVE-2025-4748","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:10:47Z/"}],"url":"https://osv.dev/vulnerability/EEF-CVE-2025-4748"},{"reference_url":"https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc","reference_id":"GHSA-9g37-pgj9-wrhc","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:10:47Z/"}],"url":"https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc"},{"reference_url":"https://usn.ubuntu.com/7656-1/","reference_id":"USN-7656-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7656-1/"},{"reference_url":"https://www.erlang.org/doc/system/versions.html#order-of-versions","reference_id":"versions.html#order-of-versions","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:10:47Z/"}],"url":"https://www.erlang.org/doc/system/versions.html#order-of-versions"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582522?format=json","purl":"pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1283-nvxm-r7cw"},{"vulnerability":"VCID-28fj-t5hy-x3gn"},{"vulnerability":"VCID-c3vm-u9jn-83cs"},{"vulnerability":"VCID-c47m-8h7d-afaz"},{"vulnerability":"VCID-gcn7-ak4r-eba3"},{"vulnerability":"VCID-h1k4-x8vr-5bch"},{"vulnerability":"VCID-j7t3-nrjj-pfgp"},{"vulnerability":"VCID-jxzt-8wru-6yhk"},{"vulnerability":"VCID-s9qn-9qdm-j7ej"},{"vulnerability":"VCID-w9yj-xg82-kyac"},{"vulnerability":"VCID-wwcj-hwqc-f3g7"},{"vulnerability":"VCID-xcks-117s-v3dd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u3"}],"aliases":["CVE-2025-4748"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vqnt-uyex-87fn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96712?format=json","vulnerability_id":"VCID-z6gs-aq96-gkaw","summary":"Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25), Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This allows a Man-in-the-Middle attacker to inject these messages in a connection during the handshake. This issue has been patched in versions OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-46712","reference_id":"","reference_type":"","scores":[{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56627","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56648","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56678","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56683","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56692","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56667","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61093","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61081","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61086","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61084","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61035","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61144","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61106","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61133","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61191","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61207","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61061","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61103","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61109","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61092","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-46712"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46712","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46712"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104963","reference_id":"1104963","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104963"},{"reference_url":"https://github.com/erlang/otp/commit/e4b56a9f4a511aa9990dd86c16c61439c828df83","reference_id":"e4b56a9f4a511aa9990dd86c16c61439c828df83","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:02:52Z/"}],"url":"https://github.com/erlang/otp/commit/e4b56a9f4a511aa9990dd86c16c61439c828df83"},{"reference_url":"https://github.com/erlang/otp/security/advisories/GHSA-934x-xq38-hhqf","reference_id":"GHSA-934x-xq38-hhqf","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:02:52Z/"}],"url":"https://github.com/erlang/otp/security/advisories/GHSA-934x-xq38-hhqf"},{"reference_url":"https://github.com/erlang/otp/releases/tag/OTP-25.3.2.21","reference_id":"OTP-25.3.2.21","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:02:52Z/"}],"url":"https://github.com/erlang/otp/releases/tag/OTP-25.3.2.21"},{"reference_url":"https://github.com/erlang/otp/releases/tag/OTP-26.2.5.12","reference_id":"OTP-26.2.5.12","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:02:52Z/"}],"url":"https://github.com/erlang/otp/releases/tag/OTP-26.2.5.12"},{"reference_url":"https://github.com/erlang/otp/releases/tag/OTP-27.3.4","reference_id":"OTP-27.3.4","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:02:52Z/"}],"url":"https://github.com/erlang/otp/releases/tag/OTP-27.3.4"},{"reference_url":"https://usn.ubuntu.com/7656-1/","reference_id":"USN-7656-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7656-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582522?format=json","purl":"pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1283-nvxm-r7cw"},{"vulnerability":"VCID-28fj-t5hy-x3gn"},{"vulnerability":"VCID-c3vm-u9jn-83cs"},{"vulnerability":"VCID-c47m-8h7d-afaz"},{"vulnerability":"VCID-gcn7-ak4r-eba3"},{"vulnerability":"VCID-h1k4-x8vr-5bch"},{"vulnerability":"VCID-j7t3-nrjj-pfgp"},{"vulnerability":"VCID-jxzt-8wru-6yhk"},{"vulnerability":"VCID-s9qn-9qdm-j7ej"},{"vulnerability":"VCID-w9yj-xg82-kyac"},{"vulnerability":"VCID-wwcj-hwqc-f3g7"},{"vulnerability":"VCID-xcks-117s-v3dd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1089394?format=json","purl":"pkg:deb/debian/erlang@1:25.2.3%2Bdfsg-1%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u4"}],"aliases":["CVE-2025-46712"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z6gs-aq96-gkaw"}],"risk_score":"3.8","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/erlang@1:25.2.3%252Bdfsg-1%252Bdeb12u3"}