Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/89693?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/89693?format=api", "purl": "pkg:rpm/redhat/multicluster-engine-managedcluster-import-controller@container-v2.8?arch=3-10", "type": "rpm", "namespace": "redhat", "name": "multicluster-engine-managedcluster-import-controller", "version": "container-v2.8", "qualifiers": { "arch": "3-10" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/29826?format=api", "vulnerability_id": "VCID-4pq8-1dxx-37gj", "summary": "form-data uses unsafe random function in form-data for choosing boundary\n### Summary\n\nform-data uses `Math.random()` to select a boundary value for multipart form-encoded data. This can lead to a security issue if an attacker:\n1. can observe other values produced by Math.random in the target application, and\n2. can control one field of a request made using form-data\n\nBecause the values of Math.random() are pseudo-random and predictable (see: https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f) an attacker who can observe a few sequential values can determine the state of the PRNG and predict future values, includes those used to generate form-data's boundary value. The allows the attacker to craft a value that contains a boundary value, allowing them to inject additional parameters into the request.\n\nThis is largely the same vulnerability as was [recently found in `undici`](https://hackerone.com/reports/2913312) by [`parrot409`](https://hackerone.com/parrot409?type=user) -- I'm not affiliated with that researcher but want to give credit where credit is due! My PoC is largely based on their work.\n\n### Details\n\nThe culprit is this line here: https://github.com/form-data/form-data/blob/426ba9ac440f95d1998dac9a5cd8d738043b048f/lib/form_data.js#L347\n\nAn attacker who is able to predict the output of Math.random() can predict this boundary value, and craft a payload that contains the boundary value, followed by another, fully attacker-controlled field. This is roughly equivalent to any sort of improper escaping vulnerability, with the caveat that the attacker must find a way to observe other Math.random() values generated by the application to solve for the state of the PRNG. However, Math.random() is used in all sorts of places that might be visible to an attacker (including by form-data itself, if the attacker can arrange for the vulnerable application to make a request to an attacker-controlled server using form-data, such as a user-controlled webhook -- the attacker could observe the boundary values from those requests to observe the Math.random() outputs). A common example would be a `x-request-id` header added by the server. These sorts of headers are often used for distributed tracing, to correlate errors across the frontend and backend. `Math.random()` is a fine place to get these sorts of IDs (in fact, [opentelemetry uses Math.random for this purpose](https://github.com/open-telemetry/opentelemetry-js/blob/2053f0d3a44631ade77ea04f656056a2c8a2ae76/packages/opentelemetry-sdk-trace-base/src/platform/node/RandomIdGenerator.ts#L22))\n\n### PoC\n\nPoC here: https://github.com/benweissmann/CVE-2025-7783-poc\n\nInstructions are in that repo. It's based on the PoC from https://hackerone.com/reports/2913312 but simplified somewhat; the vulnerable application has a more direct side-channel from which to observe Math.random() values (a separate endpoint that happens to include a randomly-generated request ID). \n\n### Impact\n\nFor an application to be vulnerable, it must:\n- Use `form-data` to send data including user-controlled data to some other system. The attacker must be able to do something malicious by adding extra parameters (that were not intended to be user-controlled) to this request. Depending on the target system's handling of repeated parameters, the attacker might be able to overwrite values in addition to appending values (some multipart form handlers deal with repeats by overwriting values instead of representing them as an array)\n- Reveal values of Math.random(). It's easiest if the attacker can observe multiple sequential values, but more complex math could recover the PRNG state to some degree of confidence with non-sequential values. \n\nIf an application is vulnerable, this allows an attacker to make arbitrary requests to internal systems.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7783.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7783.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-7783", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22976", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31742", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31712", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31661", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.3184", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54458", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54442", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00414", "scoring_system": "epss", "scoring_elements": "0.61585", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00414", "scoring_system": "epss", "scoring_elements": "0.6158", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00414", "scoring_system": "epss", "scoring_elements": "0.61595", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00414", "scoring_system": "epss", "scoring_elements": "0.6159", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00414", "scoring_system": "epss", "scoring_elements": "0.61569", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00414", "scoring_system": "epss", "scoring_elements": "0.61548", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-7783" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7783", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7783" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/benweissmann/CVE-2025-7783-poc", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/benweissmann/CVE-2025-7783-poc" }, { "reference_url": "https://github.com/form-data/form-data", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/form-data/form-data" }, { "reference_url": "https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-22T14:54:27Z/" } ], "url": "https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0" }, { "reference_url": "https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-22T14:54:27Z/" } ], "url": "https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00023.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00023.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7783", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7783" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109551", "reference_id": "1109551", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109551" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2381959", "reference_id": "2381959", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2381959" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14886", "reference_id": "RHSA-2025:14886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14919", "reference_id": "RHSA-2025:14919", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14919" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15771", "reference_id": "RHSA-2025:15771", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15771" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16101", "reference_id": "RHSA-2025:16101", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16101" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16113", "reference_id": "RHSA-2025:16113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16918", "reference_id": "RHSA-2025:16918", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16918" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17501", "reference_id": "RHSA-2025:17501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17501" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18278", "reference_id": "RHSA-2025:18278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18744", "reference_id": "RHSA-2025:18744", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18744" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20047", "reference_id": "RHSA-2025:20047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:20047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21704", "reference_id": "RHSA-2025:21704", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2737", "reference_id": "RHSA-2026:2737", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2737" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2800", "reference_id": "RHSA-2026:2800", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2800" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3406", "reference_id": "RHSA-2026:3406", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3406" }, { "reference_url": "https://usn.ubuntu.com/7976-1/", "reference_id": "USN-7976-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7976-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2025-7783", "GHSA-fjxv-7rqg-78g4" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4pq8-1dxx-37gj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/29174?format=api", "vulnerability_id": "VCID-s5gr-zsbz-xkbe", "summary": "jwt-go allows excessive memory allocation during header parsing\n### Summary\n\nFunction [`parse.ParseUnverified`](https://github.com/golang-jwt/jwt/blob/c035977d9e11c351f4c05dfeae193923cbab49ee/parser.go#L138-L139) currently splits (via a call to [strings.Split](https://pkg.go.dev/strings#Split)) its argument (which is untrusted data) on periods.\n\nAs a result, in the face of a malicious request whose _Authorization_ header consists of `Bearer ` followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. Relevant weakness: [CWE-405: Asymmetric Resource Consumption (Amplification)](https://cwe.mitre.org/data/definitions/405.html)\n\n### Details\n\nSee [`parse.ParseUnverified`](https://github.com/golang-jwt/jwt/blob/c035977d9e11c351f4c05dfeae193923cbab49ee/parser.go#L138-L139) \n\n### Impact\n\nExcessive memory allocation", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30204.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30204.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-30204", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27767", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27879", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27961", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.2801", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28027", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28018", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28075", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28118", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28111", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28069", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28002", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28206", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28163", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.29962", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-30204" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/golang-jwt/jwt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/golang-jwt/jwt" }, { "reference_url": "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T14:10:18Z/" } ], "url": "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3" }, { "reference_url": "https://github.com/golang-jwt/jwt/commit/bf316c48137a1212f8d0af9288cc9ce8e59f1afb", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T14:10:18Z/" } ], "url": "https://github.com/golang-jwt/jwt/commit/bf316c48137a1212f8d0af9288cc9ce8e59f1afb" }, { "reference_url": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T14:10:18Z/" } ], "url": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30204", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30204" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20250404-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20250404-0002" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2354195", "reference_id": "2354195", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2354195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11396", "reference_id": "RHSA-2025:11396", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11396" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11573", "reference_id": "RHSA-2025:11573", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11573" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11669", "reference_id": "RHSA-2025:11669", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11669" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11749", "reference_id": "RHSA-2025:11749", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11749" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13900", "reference_id": "RHSA-2025:13900", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13900" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14048", "reference_id": "RHSA-2025:14048", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14048" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14855", "reference_id": "RHSA-2025:14855", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14855" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15332", "reference_id": "RHSA-2025:15332", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15332" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15673", "reference_id": "RHSA-2025:15673", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15673" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15872", "reference_id": "RHSA-2025:15872", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15872" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16101", "reference_id": "RHSA-2025:16101", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16101" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16595", "reference_id": "RHSA-2025:16595", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16595" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17671", "reference_id": "RHSA-2025:17671", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17671" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18241", "reference_id": "RHSA-2025:18241", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18241" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18242", "reference_id": "RHSA-2025:18242", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18242" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23057", "reference_id": "RHSA-2025:23057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23057" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23534", "reference_id": "RHSA-2025:23534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23534" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23535", "reference_id": "RHSA-2025:23535", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23535" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23916", "reference_id": "RHSA-2025:23916", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23916" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3344", "reference_id": "RHSA-2025:3344", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3344" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3411", "reference_id": "RHSA-2025:3411", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3411" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3503", "reference_id": "RHSA-2025:3503", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3503" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3565", "reference_id": "RHSA-2025:3565", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3565" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3569", "reference_id": "RHSA-2025:3569", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3569" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3607", "reference_id": "RHSA-2025:3607", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3607" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3616", "reference_id": "RHSA-2025:3616", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3616" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3618", "reference_id": "RHSA-2025:3618", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3618" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3698", "reference_id": "RHSA-2025:3698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3698" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3740", "reference_id": "RHSA-2025:3740", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3740" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3743", "reference_id": "RHSA-2025:3743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3743" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3775", "reference_id": "RHSA-2025:3775", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3790", "reference_id": "RHSA-2025:3790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3808", "reference_id": "RHSA-2025:3808", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3808" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3811", "reference_id": "RHSA-2025:3811", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3811" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3813", "reference_id": "RHSA-2025:3813", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3813" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3814", "reference_id": "RHSA-2025:3814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3814" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3820", "reference_id": "RHSA-2025:3820", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3820" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3905", "reference_id": "RHSA-2025:3905", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3905" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3906", "reference_id": "RHSA-2025:3906", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3906" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3907", "reference_id": "RHSA-2025:3907", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3907" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3928", "reference_id": "RHSA-2025:3928", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3928" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3929", "reference_id": "RHSA-2025:3929", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3929" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3930", "reference_id": "RHSA-2025:3930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3993", "reference_id": "RHSA-2025:3993", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3993" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4008", "reference_id": "RHSA-2025:4008", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4008" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4012", "reference_id": "RHSA-2025:4012", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4012" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4019", "reference_id": "RHSA-2025:4019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4171", "reference_id": "RHSA-2025:4171", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4171" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4177", "reference_id": "RHSA-2025:4177", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4177" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4188", "reference_id": "RHSA-2025:4188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4204", "reference_id": "RHSA-2025:4204", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4204" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4250", "reference_id": "RHSA-2025:4250", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4250" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4409", "reference_id": "RHSA-2025:4409", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4409" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4422", "reference_id": "RHSA-2025:4422", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4422" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4462", "reference_id": "RHSA-2025:4462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4473", "reference_id": "RHSA-2025:4473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4502", "reference_id": "RHSA-2025:4502", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4502" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4569", "reference_id": "RHSA-2025:4569", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4569" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4666", "reference_id": "RHSA-2025:4666", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4666" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4669", "reference_id": "RHSA-2025:4669", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4669" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4677", "reference_id": "RHSA-2025:4677", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4677" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4810", "reference_id": "RHSA-2025:4810", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4810" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7404", "reference_id": "RHSA-2025:7404", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7404" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7407", "reference_id": "RHSA-2025:7407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7407" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7425", "reference_id": "RHSA-2025:7425", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7425" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7475", "reference_id": "RHSA-2025:7475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7479", "reference_id": "RHSA-2025:7479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7503", "reference_id": "RHSA-2025:7503", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7503" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7702", "reference_id": "RHSA-2025:7702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7967", "reference_id": "RHSA-2025:7967", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7967" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8075", "reference_id": "RHSA-2025:8075", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8075" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8244", "reference_id": "RHSA-2025:8244", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8244" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8267", "reference_id": "RHSA-2025:8267", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8267" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8384", "reference_id": "RHSA-2025:8384", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8384" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8390", "reference_id": "RHSA-2025:8390", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8390" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8392", "reference_id": "RHSA-2025:8392", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8392" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8510", "reference_id": "RHSA-2025:8510", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8510" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8542", "reference_id": "RHSA-2025:8542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8552", "reference_id": "RHSA-2025:8552", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8552" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8560", "reference_id": "RHSA-2025:8560", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8560" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8691", "reference_id": "RHSA-2025:8691", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8691" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9167", "reference_id": "RHSA-2025:9167", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9167" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9259", "reference_id": "RHSA-2025:9259", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9259" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9388", "reference_id": "RHSA-2025:9388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9388" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9541", "reference_id": "RHSA-2025:9541", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9541" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9646", "reference_id": "RHSA-2025:9646", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9646" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2155", "reference_id": "RHSA-2026:2155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2155" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2164", "reference_id": "RHSA-2026:2164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2172", "reference_id": "RHSA-2026:2172", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2172" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3718", "reference_id": "RHSA-2026:3718", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3718" } ], "fixed_packages": [], "aliases": [ "CVE-2025-30204", "GHSA-mh63-6h87-95cp" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s5gr-zsbz-xkbe" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-managedcluster-import-controller@container-v2.8%3Farch=3-10" }