{"url":"http://public2.vulnerablecode.io/api/packages/91024?format=json","purl":"pkg:rpm/redhat/opentelemetry-collector@0.107.0-8?arch=el9_5","type":"rpm","namespace":"redhat","name":"opentelemetry-collector","version":"0.107.0-8","qualifiers":{"arch":"el9_5"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29177?format=json","vulnerability_id":"VCID-chwd-qyet-4qbz","summary":"Memory Exhaustion in Expr Parser with Unrestricted Input\n### Impact\nIf the Expr expression parser is given an **unbounded input string**, it will attempt to compile the *entire* string and generate an Abstract Syntax Tree (AST) node for each part of the expression. In scenarios where input size isn’t limited, a malicious or inadvertent extremely large expression can consume excessive memory as the parser builds a huge AST. This can ultimately lead to **excessive memory usage** and an **Out-Of-Memory (OOM) crash** of the process. This issue is relatively uncommon and will only manifest when there are **no restrictions on the input size**, i.e. the expression length is allowed to grow arbitrarily large. In typical use cases where inputs are bounded or validated, this problem would not occur.\n\n### Patches\n\nThe problem has been **patched** in the latest versions of the Expr library. The fix introduces compile-time limits on the number of AST nodes and memory usage during parsing, preventing any single expression from exhausting resources. Users should upgrade to **Expr version 1.17.0 or later**, as this release includes the new node budget and memory limit safeguards. Upgrading to v1.17.0 ensures that extremely deep or large expressions are detected and safely aborted during compilation, avoiding the OOM condition.\n\n### Workarounds\n\nFor users who cannot immediately upgrade, the recommended workaround is to **impose an input size restriction before parsing**. In practice, this means validating or limiting the length of expression strings that your application will accept. For example, set a maximum allowable number of characters (or nodes) for any expression and reject or truncate inputs that exceed this limit. By ensuring no unbounded-length expression is ever fed into the parser, you can prevent the parser from constructing a pathologically large AST and avoid potential memory exhaustion. In short, **pre-validate and cap input size** as a safeguard in the absence of the patch.\n\n### References\n\n- #762","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-29786.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-29786.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-29786","reference_id":"","reference_type":"","scores":[{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26175","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26125","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27798","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.2782","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27813","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27872","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27914","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27804","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27697","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27755","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.28012","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27971","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27913","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27871","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-29786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29786"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/expr-lang/expr","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/expr-lang/expr"},{"reference_url":"https://github.com/expr-lang/expr/commit/0d19441454426d2f58edb22c31f3ba5f99c7a26e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-17T13:29:22Z/"}],"url":"https://github.com/expr-lang/expr/commit/0d19441454426d2f58edb22c31f3ba5f99c7a26e"},{"reference_url":"https://github.com/expr-lang/expr/pull/762","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-17T13:29:22Z/"}],"url":"https://github.com/expr-lang/expr/pull/762"},{"reference_url":"https://github.com/expr-lang/expr/security/advisories/GHSA-93mq-9ffx-83m2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-17T13:29:22Z/"}],"url":"https://github.com/expr-lang/expr/security/advisories/GHSA-93mq-9ffx-83m2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-29786","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-29786"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103788","reference_id":"1103788","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103788"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2352914","reference_id":"2352914","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2352914"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3335","reference_id":"RHSA-2025:3335","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3593","reference_id":"RHSA-2025:3593","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3593"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3740","reference_id":"RHSA-2025:3740","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3740"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3743","reference_id":"RHSA-2025:3743","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3743"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3993","reference_id":"RHSA-2025:3993","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3993"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7407","reference_id":"RHSA-2025:7407","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7407"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7479","reference_id":"RHSA-2025:7479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9167","reference_id":"RHSA-2025:9167","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9167"}],"fixed_packages":[],"aliases":["CVE-2025-29786","GHSA-93mq-9ffx-83m2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-chwd-qyet-4qbz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72075?format=json","vulnerability_id":"VCID-fk74-ghxp-w3g9","summary":"golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45336.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45336.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45336","reference_id":"","reference_type":"","scores":[{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30713","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30831","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34538","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.3451","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34405","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34447","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34477","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34478","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34439","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34416","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.3445","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34437","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34397","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34605","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45336"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2341751","reference_id":"2341751","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2341751"},{"reference_url":"https://go.dev/cl/643100","reference_id":"643100","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-28T14:56:59Z/"}],"url":"https://go.dev/cl/643100"},{"reference_url":"https://go.dev/issue/70530","reference_id":"70530","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-28T14:56:59Z/"}],"url":"https://go.dev/issue/70530"},{"reference_url":"https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ","reference_id":"bk9LAa-lCgAJ","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-28T14:56:59Z/"}],"url":"https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ"},{"reference_url":"https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ","reference_id":"G461hA6lCgAJ","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-28T14:56:59Z/"}],"url":"https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ"},{"reference_url":"https://pkg.go.dev/vuln/GO-2025-3420","reference_id":"GO-2025-3420","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-28T14:56:59Z/"}],"url":"https://pkg.go.dev/vuln/GO-2025-3420"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2789","reference_id":"RHSA-2025:2789","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2789"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3131","reference_id":"RHSA-2025:3131","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3131"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3335","reference_id":"RHSA-2025:3335","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3593","reference_id":"RHSA-2025:3593","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3593"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3772","reference_id":"RHSA-2025:3772","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3772"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3773","reference_id":"RHSA-2025:3773","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3773"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3922","reference_id":"RHSA-2025:3922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4666","reference_id":"RHSA-2025:4666","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4666"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4667","reference_id":"RHSA-2025:4667","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4667"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4810","reference_id":"RHSA-2025:4810","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4810"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7326","reference_id":"RHSA-2025:7326","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7326"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7466","reference_id":"RHSA-2025:7466","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7466"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9514","reference_id":"RHSA-2025:9514","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9514"},{"reference_url":"https://usn.ubuntu.com/7574-1/","reference_id":"USN-7574-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7574-1/"}],"fixed_packages":[],"aliases":["CVE-2024-45336"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fk74-ghxp-w3g9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29879?format=json","vulnerability_id":"VCID-nrrp-y243-bfa1","summary":"golang.org/x/oauth2 Improper Validation of Syntactic Correctness of Input vulnerability\nAn attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-22868.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-22868.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-22868","reference_id":"","reference_type":"","scores":[{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.2942","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29832","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29785","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35503","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35691","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35659","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35945","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35971","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.36009","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.3592","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37854","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37904","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38169","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38187","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-22868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22868"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://go.dev/cl/652155","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:45:27Z/"}],"url":"https://go.dev/cl/652155"},{"reference_url":"https://go.dev/issue/71490","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:45:27Z/"}],"url":"https://go.dev/issue/71490"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-22868","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-22868"},{"reference_url":"https://pkg.go.dev/vuln/GO-2025-3488","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:45:27Z/"}],"url":"https://pkg.go.dev/vuln/GO-2025-3488"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098967","reference_id":"1098967","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098967"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2348366","reference_id":"2348366","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2348366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11037","reference_id":"RHSA-2024:11037","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11037"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11038","reference_id":"RHSA-2024:11038","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11038"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10294","reference_id":"RHSA-2025:10294","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10294"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10781","reference_id":"RHSA-2025:10781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11351","reference_id":"RHSA-2025:11351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11351"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11396","reference_id":"RHSA-2025:11396","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11396"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11669","reference_id":"RHSA-2025:11669","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11669"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11749","reference_id":"RHSA-2025:11749","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11749"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11830","reference_id":"RHSA-2025:11830","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11830"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11889","reference_id":"RHSA-2025:11889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12323","reference_id":"RHSA-2025:12323","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:12323"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15673","reference_id":"RHSA-2025:15673","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15673"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17671","reference_id":"RHSA-2025:17671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23057","reference_id":"RHSA-2025:23057","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23057"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23078","reference_id":"RHSA-2025:23078","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23079","reference_id":"RHSA-2025:23079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23080","reference_id":"RHSA-2025:23080","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23080"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23202","reference_id":"RHSA-2025:23202","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23202"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23204","reference_id":"RHSA-2025:23204","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23204"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23205","reference_id":"RHSA-2025:23205","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23205"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23209","reference_id":"RHSA-2025:23209","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23209"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23449","reference_id":"RHSA-2025:23449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23534","reference_id":"RHSA-2025:23534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23534"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23535","reference_id":"RHSA-2025:23535","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23535"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2526","reference_id":"RHSA-2025:2526","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2526"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2567","reference_id":"RHSA-2025:2567","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2567"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3051","reference_id":"RHSA-2025:3051","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3051"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3053","reference_id":"RHSA-2025:3053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3053"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3172","reference_id":"RHSA-2025:3172","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3172"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3335","reference_id":"RHSA-2025:3335","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3437","reference_id":"RHSA-2025:3437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3439","reference_id":"RHSA-2025:3439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3439"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3498","reference_id":"RHSA-2025:3498","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3498"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3501","reference_id":"RHSA-2025:3501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3503","reference_id":"RHSA-2025:3503","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3503"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3593","reference_id":"RHSA-2025:3593","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3593"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3720","reference_id":"RHSA-2025:3720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3740","reference_id":"RHSA-2025:3740","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3740"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3743","reference_id":"RHSA-2025:3743","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3743"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3790","reference_id":"RHSA-2025:3790","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3790"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3808","reference_id":"RHSA-2025:3808","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3808"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3811","reference_id":"RHSA-2025:3811","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3811"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3813","reference_id":"RHSA-2025:3813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3813"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3814","reference_id":"RHSA-2025:3814","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3814"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3820","reference_id":"RHSA-2025:3820","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3820"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3863","reference_id":"RHSA-2025:3863","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3863"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3886","reference_id":"RHSA-2025:3886","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3886"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3932","reference_id":"RHSA-2025:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3959","reference_id":"RHSA-2025:3959","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3959"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3987","reference_id":"RHSA-2025:3987","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3987"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4002","reference_id":"RHSA-2025:4002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4002"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4250","reference_id":"RHSA-2025:4250","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4250"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4473","reference_id":"RHSA-2025:4473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4605","reference_id":"RHSA-2025:4605","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4605"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4666","reference_id":"RHSA-2025:4666","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4666"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4810","reference_id":"RHSA-2025:4810","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4810"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7407","reference_id":"RHSA-2025:7407","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7407"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7479","reference_id":"RHSA-2025:7479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7616","reference_id":"RHSA-2025:7616","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7616"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8284","reference_id":"RHSA-2025:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8299","reference_id":"RHSA-2025:8299","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8299"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8390","reference_id":"RHSA-2025:8390","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8390"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8510","reference_id":"RHSA-2025:8510","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8510"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9167","reference_id":"RHSA-2025:9167","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9167"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9541","reference_id":"RHSA-2025:9541","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9541"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9646","reference_id":"RHSA-2025:9646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9759","reference_id":"RHSA-2025:9759","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9759"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2164","reference_id":"RHSA-2026:2164","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2164"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2172","reference_id":"RHSA-2026:2172","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2172"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3406","reference_id":"RHSA-2026:3406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3406"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3461","reference_id":"RHSA-2026:3461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3462","reference_id":"RHSA-2026:3462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3718","reference_id":"RHSA-2026:3718","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3718"}],"fixed_packages":[],"aliases":["CVE-2025-22868","GHSA-6v2p-p543-phr9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nrrp-y243-bfa1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/27215?format=json","vulnerability_id":"VCID-rbtx-222u-zudf","summary":"DoS in go-jose Parsing\n### Impact\nWhen parsing compact JWS or JWE input, go-jose could use excessive memory. The code used strings.Split(token, \".\") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of '.' characters.  An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service.\n\n### Patches\nVersion 4.0.5 fixes this issue\n\n### Workarounds\nApplications could pre-validate payloads passed to go-jose do not contain an excessive number of '.' characters.\n\n### References\nThis is the same sort of issue as in the golang.org/x/oauth2/jws package as CVE-2025-22868 and Go issue https://go.dev/issue/71490.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27144.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27144.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27144","reference_id":"","reference_type":"","scores":[{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23266","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27456","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00109","scoring_system":"epss","scoring_elements":"0.29369","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.296","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29581","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29632","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29673","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29636","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29574","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29676","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29299","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29413","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.2953","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27144"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/go-jose/go-jose","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/go-jose/go-jose"},{"reference_url":"https://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:26:42Z/"}],"url":"https://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22"},{"reference_url":"https://github.com/go-jose/go-jose/releases/tag/v4.0.5","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:26:42Z/"}],"url":"https://github.com/go-jose/go-jose/releases/tag/v4.0.5"},{"reference_url":"https://github.com/go-jose/go-jose/security/advisories/GHSA-c6gw-w398-hv78","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:26:42Z/"}],"url":"https://github.com/go-jose/go-jose/security/advisories/GHSA-c6gw-w398-hv78"},{"reference_url":"https://github.com/golang/go/issues/71490","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/golang/go/issues/71490"},{"reference_url":"https://go.dev/issue/71490","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://go.dev/issue/71490"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27144","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27144"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098908","reference_id":"1098908","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098908"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2347423","reference_id":"2347423","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2347423"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11038","reference_id":"RHSA-2024:11038","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11038"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11396","reference_id":"RHSA-2025:11396","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11396"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19566","reference_id":"RHSA-2025:19566","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19566"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19594","reference_id":"RHSA-2025:19594","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19594"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22014","reference_id":"RHSA-2025:22014","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22014"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3059","reference_id":"RHSA-2025:3059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3061","reference_id":"RHSA-2025:3061","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3061"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3066","reference_id":"RHSA-2025:3066","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3066"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3068","reference_id":"RHSA-2025:3068","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3068"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3131","reference_id":"RHSA-2025:3131","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3131"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3132","reference_id":"RHSA-2025:3132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3335","reference_id":"RHSA-2025:3335","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3438","reference_id":"RHSA-2025:3438","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3438"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3439","reference_id":"RHSA-2025:3439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3439"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3501","reference_id":"RHSA-2025:3501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3593","reference_id":"RHSA-2025:3593","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3593"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3743","reference_id":"RHSA-2025:3743","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3743"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3775","reference_id":"RHSA-2025:3775","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3775"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3820","reference_id":"RHSA-2025:3820","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3820"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3906","reference_id":"RHSA-2025:3906","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3906"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4427","reference_id":"RHSA-2025:4427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4712","reference_id":"RHSA-2025:4712","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4712"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7389","reference_id":"RHSA-2025:7389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7391","reference_id":"RHSA-2025:7391","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7391"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7397","reference_id":"RHSA-2025:7397","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7397"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7407","reference_id":"RHSA-2025:7407","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7407"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7459","reference_id":"RHSA-2025:7459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7462","reference_id":"RHSA-2025:7462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7467","reference_id":"RHSA-2025:7467","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7467"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7479","reference_id":"RHSA-2025:7479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7669","reference_id":"RHSA-2025:7669","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7669"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9167","reference_id":"RHSA-2025:9167","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9167"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3718","reference_id":"RHSA-2026:3718","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3718"}],"fixed_packages":[],"aliases":["CVE-2025-27144","GHSA-c6gw-w398-hv78"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rbtx-222u-zudf"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/opentelemetry-collector@0.107.0-8%3Farch=el9_5"}