{"url":"http://public2.vulnerablecode.io/api/packages/92322?format=json","purl":"pkg:rpm/redhat/eap7-xalan-j2@2.7.1-38.redhat_00015.1?arch=el7eap","type":"rpm","namespace":"redhat","name":"eap7-xalan-j2","version":"2.7.1-38.redhat_00015.1","qualifiers":{"arch":"el7eap"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11784?format=json","vulnerability_id":"VCID-698m-2hju-2qcv","summary":"Deserialization of Untrusted Data\nJMSAppender in Log4j is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide `TopicBindingName` and `TopicConnectionFactoryBindingName` configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j when specifically configured to use JMSAppender, which is not the default. Apache Log4j reached end of life in August Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4104.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4104.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4104","reference_id":"","reference_type":"","scores":[{"value":"0.69284","scoring_system":"epss","scoring_elements":"0.98648","published_at":"2026-04-13T12:55:00Z"},{"value":"0.69284","scoring_system":"epss","scoring_elements":"0.98647","published_at":"2026-04-12T12:55:00Z"},{"value":"0.69284","scoring_system":"epss","scoring_elements":"0.98646","published_at":"2026-04-11T12:55:00Z"},{"value":"0.69284","scoring_system":"epss","scoring_elements":"0.98644","published_at":"2026-04-09T12:55:00Z"},{"value":"0.69284","scoring_system":"epss","scoring_elements":"0.98643","published_at":"2026-04-08T12:55:00Z"},{"value":"0.69284","scoring_system":"epss","scoring_elements":"0.98641","published_at":"2026-04-07T12:55:00Z"},{"value":"0.69284","scoring_system":"epss","scoring_elements":"0.98639","published_at":"2026-04-04T12:55:00Z"},{"value":"0.69284","scoring_system":"epss","scoring_elements":"0.98635","published_at":"2026-04-02T12:55:00Z"},{"value":"0.69284","scoring_system":"epss","scoring_elements":"0.98633","published_at":"2026-04-01T12:55:00Z"},{"value":"0.69284","scoring_system":"epss","scoring_elements":"0.98653","published_at":"2026-04-21T12:55:00Z"},{"value":"0.69284","scoring_system":"epss","scoring_elements":"0.98651","published_at":"2026-04-16T12:55:00Z"},{"value":"0.72202","scoring_system":"epss","scoring_elements":"0.9877","published_at":"2026-05-05T12:55:00Z"},{"value":"0.72202","scoring_system":"epss","scoring_elements":"0.98762","published_at":"2026-04-26T12:55:00Z"},{"value":"0.72202","scoring_system":"epss","scoring_elements":"0.98765","published_at":"2026-04-29T12:55:00Z"},{"value":"0.72202","scoring_system":"epss","scoring_elements":"0.98761","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4104"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/logging-log4j2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/logging-log4j2"},{"reference_url":"https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126"},{"reference_url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033"},{"reference_url":"https://security.gentoo.org/glsa/202209-02","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202209-02"},{"reference_url":"https://security.gentoo.org/glsa/202310-16","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202310-16"},{"reference_url":"https://security.gentoo.org/glsa/202312-04","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202312-04"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211223-0007","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20211223-0007"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211223-0007/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20211223-0007/"},{"reference_url":"https://www.cve.org/CVERecord?id=CVE-2021-44228","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cve.org/CVERecord?id=CVE-2021-44228"},{"reference_url":"https://www.kb.cert.org/vuls/id/930724","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.kb.cert.org/vuls/id/930724"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/01/18/3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/01/18/3"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2031667","reference_id":"2031667","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2031667"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2021-4104","reference_id":"CVE-2021-4104","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2021-4104"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-4104","reference_id":"CVE-2021-4104","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-4104"},{"reference_url":"https://github.com/advisories/GHSA-fp5r-v3w9-4333","reference_id":"GHSA-fp5r-v3w9-4333","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fp5r-v3w9-4333"},{"reference_url":"https://security.gentoo.org/glsa/202312-02","reference_id":"GLSA-202312-02","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202312-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5107","reference_id":"RHSA-2021:5107","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5107"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5141","reference_id":"RHSA-2021:5141","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5141"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5148","reference_id":"RHSA-2021:5148","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5148"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5183","reference_id":"RHSA-2021:5183","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5183"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5184","reference_id":"RHSA-2021:5184","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5184"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5186","reference_id":"RHSA-2021:5186","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5186"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5206","reference_id":"RHSA-2021:5206","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5206"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5269","reference_id":"RHSA-2021:5269","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5269"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0289","reference_id":"RHSA-2022:0289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0290","reference_id":"RHSA-2022:0290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0291","reference_id":"RHSA-2022:0291","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0291"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0294","reference_id":"RHSA-2022:0294","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0294"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0430","reference_id":"RHSA-2022:0430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0430"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0435","reference_id":"RHSA-2022:0435","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0435"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0436","reference_id":"RHSA-2022:0436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0437","reference_id":"RHSA-2022:0437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0438","reference_id":"RHSA-2022:0438","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0438"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0444","reference_id":"RHSA-2022:0444","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0444"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0445","reference_id":"RHSA-2022:0445","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0445"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0446","reference_id":"RHSA-2022:0446","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0446"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0447","reference_id":"RHSA-2022:0447","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0447"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0448","reference_id":"RHSA-2022:0448","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0448"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0449","reference_id":"RHSA-2022:0449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0450","reference_id":"RHSA-2022:0450","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0450"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0475","reference_id":"RHSA-2022:0475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0497","reference_id":"RHSA-2022:0497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0507","reference_id":"RHSA-2022:0507","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0507"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0524","reference_id":"RHSA-2022:0524","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0524"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0527","reference_id":"RHSA-2022:0527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0553","reference_id":"RHSA-2022:0553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0661","reference_id":"RHSA-2022:0661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1296","reference_id":"RHSA-2022:1296","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1296"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1297","reference_id":"RHSA-2022:1297","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1297"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1299","reference_id":"RHSA-2022:1299","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1299"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5458","reference_id":"RHSA-2022:5458","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5458"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5459","reference_id":"RHSA-2022:5459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5460","reference_id":"RHSA-2022:5460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5460"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5856","reference_id":"RHSA-2024:5856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5856"},{"reference_url":"https://usn.ubuntu.com/5223-1/","reference_id":"USN-5223-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5223-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5223-2/","reference_id":"USN-USN-5223-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5223-2/"}],"fixed_packages":[],"aliases":["CVE-2021-4104","GHSA-fp5r-v3w9-4333"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-698m-2hju-2qcv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12291?format=json","vulnerability_id":"VCID-6tyr-1gfy-fua1","summary":"Improper Control of Generation of Code ('Code Injection')\nH2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.","references":[{"reference_url":"http://packetstormsecurity.com/files/165676/H2-Database-Console-Remote-Code-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:31:39Z/"}],"url":"http://packetstormsecurity.com/files/165676/H2-Database-Console-Remote-Code-Execution.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23221.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23221.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23221","reference_id":"","reference_type":"","scores":[{"value":"0.26568","scoring_system":"epss","scoring_elements":"0.96347","published_at":"2026-04-24T12:55:00Z"},{"value":"0.26568","scoring_system":"epss","scoring_elements":"0.96346","published_at":"2026-04-21T12:55:00Z"},{"value":"0.26568","scoring_system":"epss","scoring_elements":"0.96329","published_at":"2026-04-12T12:55:00Z"},{"value":"0.26568","scoring_system":"epss","scoring_elements":"0.96359","published_at":"2026-05-05T12:55:00Z"},{"value":"0.26568","scoring_system":"epss","scoring_elements":"0.96349","published_at":"2026-04-29T12:55:00Z"},{"value":"0.26568","scoring_system":"epss","scoring_elements":"0.96348","published_at":"2026-04-26T12:55:00Z"},{"value":"0.26568","scoring_system":"epss","scoring_elements":"0.96345","published_at":"2026-04-18T12:55:00Z"},{"value":"0.26568","scoring_system":"epss","scoring_elements":"0.9634","published_at":"2026-04-16T12:55:00Z"},{"value":"0.26568","scoring_system":"epss","scoring_elements":"0.96332","published_at":"2026-04-13T12:55:00Z"},{"value":"0.26568","scoring_system":"epss","scoring_elements":"0.96325","published_at":"2026-04-09T12:55:00Z"},{"value":"0.26568","scoring_system":"epss","scoring_elements":"0.96322","published_at":"2026-04-08T12:55:00Z"},{"value":"0.26568","scoring_system":"epss","scoring_elements":"0.96314","published_at":"2026-04-07T12:55:00Z"},{"value":"0.26568","scoring_system":"epss","scoring_elements":"0.96309","published_at":"2026-04-04T12:55:00Z"},{"value":"0.26568","scoring_system":"epss","scoring_elements":"0.96302","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23221"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42392","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42392"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23221","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23221"},{"reference_url":"http://seclists.org/fulldisclosure/2022/Jan/39","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:31:39Z/"}],"url":"http://seclists.org/fulldisclosure/2022/Jan/39"},{"reference_url":"https://github.com/h2database/h2database","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/h2database/h2database"},{"reference_url":"https://github.com/h2database/h2database/releases/tag/version-2.1.210","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:31:39Z/"}],"url":"https://github.com/h2database/h2database/releases/tag/version-2.1.210"},{"reference_url":"https://github.com/h2database/h2database/security/advisories","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:31:39Z/"}],"url":"https://github.com/h2database/h2database/security/advisories"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/02/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:31:39Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/02/msg00017.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230818-0011","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20230818-0011"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230818-0011/","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:31:39Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230818-0011/"},{"reference_url":"https://twitter.com/d0nkey_man/status/1483824727936450564","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:31:39Z/"}],"url":"https://twitter.com/d0nkey_man/status/1483824727936450564"},{"reference_url":"https://www.debian.org/security/2022/dsa-5076","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:31:39Z/"}],"url":"https://www.debian.org/security/2022/dsa-5076"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:31:39Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:31:39Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2044596","reference_id":"2044596","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2044596"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23221","reference_id":"CVE-2022-23221","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23221"},{"reference_url":"https://github.com/advisories/GHSA-45hx-wfhj-473x","reference_id":"GHSA-45hx-wfhj-473x","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-45hx-wfhj-473x"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4918","reference_id":"RHSA-2022:4918","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4918"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4919","reference_id":"RHSA-2022:4919","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4919"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4922","reference_id":"RHSA-2022:4922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5532","reference_id":"RHSA-2022:5532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5532"},{"reference_url":"https://usn.ubuntu.com/5365-1/","reference_id":"USN-5365-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5365-1/"},{"reference_url":"https://usn.ubuntu.com/6834-1/","reference_id":"USN-6834-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6834-1/"}],"fixed_packages":[],"aliases":["CVE-2022-23221","GHSA-45hx-wfhj-473x"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6tyr-1gfy-fua1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11104?format=json","vulnerability_id":"VCID-6yqn-2w2d-3yd3","summary":"When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.\n\nThis issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2.  Users should update to apache-avro version 1.11.3 which addresses this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39410.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39410.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39410","reference_id":"","reference_type":"","scores":[{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18666","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18787","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18833","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18852","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.1896","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18951","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18938","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18984","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19036","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19082","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19077","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19023","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18943","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19227","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19175","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39410"},{"reference_url":"https://github.com/apache/avro","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/avro"},{"reference_url":"https://github.com/apache/avro/commit/a12a7e44ddbe060c3dc731863cad5c15f9267828","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/avro/commit/a12a7e44ddbe060c3dc731863cad5c15f9267828"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/avro/PYSEC-2023-188.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/avro/PYSEC-2023-188.yaml"},{"reference_url":"https://issues.apache.org/jira/browse/AVRO-3819","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/AVRO-3819"},{"reference_url":"https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:07:20Z/"}],"url":"https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240621-0006","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240621-0006"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/09/29/6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:07:20Z/"}],"url":"https://www.openwall.com/lists/oss-security/2023/09/29/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/29/6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2023/09/29/6"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2242521","reference_id":"2242521","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2242521"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39410","reference_id":"CVE-2023-39410","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39410"},{"reference_url":"https://github.com/advisories/GHSA-rhrv-645h-fjfh","reference_id":"GHSA-rhrv-645h-fjfh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rhrv-645h-fjfh"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7617","reference_id":"RHSA-2023:7617","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7617"}],"fixed_packages":[],"aliases":["CVE-2023-39410","GHSA-rhrv-645h-fjfh","PYSEC-2023-188"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6yqn-2w2d-3yd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12203?format=json","vulnerability_id":"VCID-9k99-jzq8-fyge","summary":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nBy design, the JDBCAppender in Log4j accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j when specifically configured to use the JDBCAppender, which is not the default. Beginning, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j reached end of life in August Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23305.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23305.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23305","reference_id":"","reference_type":"","scores":[{"value":"0.07951","scoring_system":"epss","scoring_elements":"0.92037","published_at":"2026-04-02T12:55:00Z"},{"value":"0.07951","scoring_system":"epss","scoring_elements":"0.9205","published_at":"2026-04-07T12:55:00Z"},{"value":"0.07951","scoring_system":"epss","scoring_elements":"0.92045","published_at":"2026-04-04T12:55:00Z"},{"value":"0.07951","scoring_system":"epss","scoring_elements":"0.92072","published_at":"2026-04-21T12:55:00Z"},{"value":"0.07951","scoring_system":"epss","scoring_elements":"0.92074","published_at":"2026-04-18T12:55:00Z"},{"value":"0.07951","scoring_system":"epss","scoring_elements":"0.92077","published_at":"2026-04-16T12:55:00Z"},{"value":"0.07951","scoring_system":"epss","scoring_elements":"0.92069","published_at":"2026-04-12T12:55:00Z"},{"value":"0.07951","scoring_system":"epss","scoring_elements":"0.92065","published_at":"2026-04-13T12:55:00Z"},{"value":"0.07951","scoring_system":"epss","scoring_elements":"0.92062","published_at":"2026-04-08T12:55:00Z"},{"value":"0.09452","scoring_system":"epss","scoring_elements":"0.92832","published_at":"2026-04-26T12:55:00Z"},{"value":"0.09452","scoring_system":"epss","scoring_elements":"0.92827","published_at":"2026-04-29T12:55:00Z"},{"value":"0.09457","scoring_system":"epss","scoring_elements":"0.92839","published_at":"2026-05-05T12:55:00Z"},{"value":"0.1156","scoring_system":"epss","scoring_elements":"0.93668","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23305"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23305"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/logging-log4j1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/logging-log4j1"},{"reference_url":"https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y"},{"reference_url":"https://logging.apache.org/log4j/1.2/index.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://logging.apache.org/log4j/1.2/index.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220217-0007","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220217-0007"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220217-0007/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220217-0007/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/01/18/4","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/01/18/4"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004482","reference_id":"1004482","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004482"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2041959","reference_id":"2041959","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2041959"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23305","reference_id":"CVE-2022-23305","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23305"},{"reference_url":"https://github.com/advisories/GHSA-65fg-84f6-3jq3","reference_id":"GHSA-65fg-84f6-3jq3","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-65fg-84f6-3jq3"},{"reference_url":"https://security.gentoo.org/glsa/202402-16","reference_id":"GLSA-202402-16","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-16"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0289","reference_id":"RHSA-2022:0289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0290","reference_id":"RHSA-2022:0290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0291","reference_id":"RHSA-2022:0291","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0291"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0294","reference_id":"RHSA-2022:0294","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0294"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0430","reference_id":"RHSA-2022:0430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0430"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0435","reference_id":"RHSA-2022:0435","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0435"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0436","reference_id":"RHSA-2022:0436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0437","reference_id":"RHSA-2022:0437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0438","reference_id":"RHSA-2022:0438","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0438"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0439","reference_id":"RHSA-2022:0439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0439"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0442","reference_id":"RHSA-2022:0442","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0442"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0444","reference_id":"RHSA-2022:0444","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0444"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0445","reference_id":"RHSA-2022:0445","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0445"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0446","reference_id":"RHSA-2022:0446","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0446"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0447","reference_id":"RHSA-2022:0447","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0447"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0448","reference_id":"RHSA-2022:0448","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0448"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0449","reference_id":"RHSA-2022:0449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0450","reference_id":"RHSA-2022:0450","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0450"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0467","reference_id":"RHSA-2022:0467","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0467"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0469","reference_id":"RHSA-2022:0469","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0469"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0475","reference_id":"RHSA-2022:0475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0497","reference_id":"RHSA-2022:0497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0507","reference_id":"RHSA-2022:0507","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0507"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0524","reference_id":"RHSA-2022:0524","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0524"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0527","reference_id":"RHSA-2022:0527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0553","reference_id":"RHSA-2022:0553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0661","reference_id":"RHSA-2022:0661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1296","reference_id":"RHSA-2022:1296","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1296"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1297","reference_id":"RHSA-2022:1297","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1297"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1299","reference_id":"RHSA-2022:1299","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1299"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5458","reference_id":"RHSA-2022:5458","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5458"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5459","reference_id":"RHSA-2022:5459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5460","reference_id":"RHSA-2022:5460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5460"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5856","reference_id":"RHSA-2024:5856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5856"},{"reference_url":"https://usn.ubuntu.com/5998-1/","reference_id":"USN-5998-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5998-1/"},{"reference_url":"https://usn.ubuntu.com/7590-1/","reference_id":"USN-7590-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7590-1/"}],"fixed_packages":[],"aliases":["CVE-2022-23305","GHSA-65fg-84f6-3jq3"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9k99-jzq8-fyge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12147?format=json","vulnerability_id":"VCID-agjx-5whj-dyac","summary":"Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK)\nSchema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.\nUsers are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47561.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47561.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47561","reference_id":"","reference_type":"","scores":[{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73166","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73171","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73032","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73052","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73027","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73172","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73159","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73064","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73077","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73102","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73081","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73075","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73118","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73122","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73128","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47561"},{"reference_url":"https://github.com/apache/avro","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/avro"},{"reference_url":"https://github.com/apache/avro/commit/8f89868d29272e3afea2ff8de8c85cb81a57d900","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/avro/commit/8f89868d29272e3afea2ff8de8c85cb81a57d900"},{"reference_url":"https://github.com/apache/avro/commit/f6b3bd7e50e6e09fedddb98c61558c022ba31285","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/avro/commit/f6b3bd7e50e6e09fedddb98c61558c022ba31285"},{"reference_url":"https://github.com/apache/avro/pull/2934","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/avro/pull/2934"},{"reference_url":"https://github.com/apache/avro/pull/2980","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/avro/pull/2980"},{"reference_url":"https://issues.apache.org/jira/browse/AVRO-3985","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/AVRO-3985"},{"reference_url":"https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T18:53:44Z/"}],"url":"https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47561","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47561"},{"reference_url":"https://security.netapp.com/advisory/ntap-20241011-0003","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20241011-0003"},{"reference_url":"https://thehackernews.com/2024/10/critical-apache-avro-sdk-flaw-allows.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://thehackernews.com/2024/10/critical-apache-avro-sdk-flaw-allows.html"},{"reference_url":"https://www.openwall.com/lists/oss-security/2024/10/03/1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2024/10/03/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/10/03/1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/10/03/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2316116","reference_id":"2316116","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2316116"},{"reference_url":"https://github.com/advisories/GHSA-r7pg-v2c8-mfg3","reference_id":"GHSA-r7pg-v2c8-mfg3","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r7pg-v2c8-mfg3"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7670","reference_id":"RHSA-2024:7670","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7670"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7676","reference_id":"RHSA-2024:7676","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7676"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7811","reference_id":"RHSA-2024:7811","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7811"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7812","reference_id":"RHSA-2024:7812","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7812"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7861","reference_id":"RHSA-2024:7861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7972","reference_id":"RHSA-2024:7972","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7972"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8064","reference_id":"RHSA-2024:8064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8064"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8093","reference_id":"RHSA-2024:8093","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8093"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8339","reference_id":"RHSA-2024:8339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8339"}],"fixed_packages":[],"aliases":["CVE-2024-47561","GHSA-r7pg-v2c8-mfg3"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-agjx-5whj-dyac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12208?format=json","vulnerability_id":"VCID-bbq3-tx7c-yucn","summary":"This advisory has been marked as False Positive and removed.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23307.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23307.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23307","reference_id":"","reference_type":"","scores":[{"value":"0.02155","scoring_system":"epss","scoring_elements":"0.84226","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02155","scoring_system":"epss","scoring_elements":"0.84249","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02155","scoring_system":"epss","scoring_elements":"0.84208","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02155","scoring_system":"epss","scoring_elements":"0.84227","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02155","scoring_system":"epss","scoring_elements":"0.84292","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02155","scoring_system":"epss","scoring_elements":"0.84288","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02155","scoring_system":"epss","scoring_elements":"0.84287","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02155","scoring_system":"epss","scoring_elements":"0.84265","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02155","scoring_system":"epss","scoring_elements":"0.84268","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02155","scoring_system":"epss","scoring_elements":"0.84273","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02155","scoring_system":"epss","scoring_elements":"0.84256","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02603","scoring_system":"epss","scoring_elements":"0.85672","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02603","scoring_system":"epss","scoring_elements":"0.85661","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02603","scoring_system":"epss","scoring_elements":"0.85674","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02673","scoring_system":"epss","scoring_elements":"0.85889","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23307"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23307","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23307"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh"},{"reference_url":"https://logging.apache.org/log4j/1.2/index.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://logging.apache.org/log4j/1.2/index.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004482","reference_id":"1004482","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004482"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2041967","reference_id":"2041967","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2041967"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23307","reference_id":"CVE-2022-23307","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23307"},{"reference_url":"https://github.com/advisories/GHSA-f7vh-qwp3-x37m","reference_id":"GHSA-f7vh-qwp3-x37m","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f7vh-qwp3-x37m"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0289","reference_id":"RHSA-2022:0289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0290","reference_id":"RHSA-2022:0290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0291","reference_id":"RHSA-2022:0291","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0291"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0294","reference_id":"RHSA-2022:0294","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0294"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0430","reference_id":"RHSA-2022:0430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0430"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0435","reference_id":"RHSA-2022:0435","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0435"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0436","reference_id":"RHSA-2022:0436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0437","reference_id":"RHSA-2022:0437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0438","reference_id":"RHSA-2022:0438","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0438"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0439","reference_id":"RHSA-2022:0439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0439"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0442","reference_id":"RHSA-2022:0442","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0442"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0444","reference_id":"RHSA-2022:0444","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0444"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0445","reference_id":"RHSA-2022:0445","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0445"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0446","reference_id":"RHSA-2022:0446","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0446"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0447","reference_id":"RHSA-2022:0447","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0447"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0448","reference_id":"RHSA-2022:0448","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0448"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0449","reference_id":"RHSA-2022:0449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0450","reference_id":"RHSA-2022:0450","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0450"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0467","reference_id":"RHSA-2022:0467","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0467"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0469","reference_id":"RHSA-2022:0469","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0469"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0475","reference_id":"RHSA-2022:0475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0497","reference_id":"RHSA-2022:0497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0507","reference_id":"RHSA-2022:0507","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0507"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0524","reference_id":"RHSA-2022:0524","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0524"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0527","reference_id":"RHSA-2022:0527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0553","reference_id":"RHSA-2022:0553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0661","reference_id":"RHSA-2022:0661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1296","reference_id":"RHSA-2022:1296","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1296"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1297","reference_id":"RHSA-2022:1297","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1297"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1299","reference_id":"RHSA-2022:1299","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1299"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5458","reference_id":"RHSA-2022:5458","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5458"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5459","reference_id":"RHSA-2022:5459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5460","reference_id":"RHSA-2022:5460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5460"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5856","reference_id":"RHSA-2024:5856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5856"},{"reference_url":"https://usn.ubuntu.com/5998-1/","reference_id":"USN-5998-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5998-1/"},{"reference_url":"https://usn.ubuntu.com/7590-1/","reference_id":"USN-7590-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7590-1/"}],"fixed_packages":[],"aliases":["CVE-2022-23307","GHSA-f7vh-qwp3-x37m"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bbq3-tx7c-yucn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53733?format=json","vulnerability_id":"VCID-cf5j-2dz8-7bbu","summary":"Undertow vulnerable to Denial of Service (DoS) attacks\nUndertow client side invocation timeout raised when calling over HTTP2, this vulnerability can allow attacker to carry out denial of service (DoS) attacks in versions less than 2.2.15 Final.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3859.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3859.json"},{"reference_url":"https://access.redhat.com/security/cve/cve-2021-3859","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/cve-2021-3859"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3859","reference_id":"","reference_type":"","scores":[{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54114","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54103","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54138","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54157","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54115","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54135","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54051","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54037","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54088","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54106","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54054","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54034","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.5408","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54154","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54104","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3859"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2010378","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2010378"},{"reference_url":"https://github.com/undertow-io/undertow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow"},{"reference_url":"https://github.com/undertow-io/undertow/commit/db0f5be43f8e2a4b88fbedd2eb6d5a95a29ceaa8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow/commit/db0f5be43f8e2a4b88fbedd2eb6d5a95a29ceaa8"},{"reference_url":"https://github.com/undertow-io/undertow/commit/e43f0ada3f4da6e8579e0020cec3cb1a81e487c2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow/commit/e43f0ada3f4da6e8579e0020cec3cb1a81e487c2"},{"reference_url":"https://github.com/undertow-io/undertow/pull/1296","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow/pull/1296"},{"reference_url":"https://issues.redhat.com/browse/UNDERTOW-1979","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/UNDERTOW-1979"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3859","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3859"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221201-0004","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20221201-0004"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221201-0004/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20221201-0004/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015983","reference_id":"1015983","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015983"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2021-3859","reference_id":"CVE-2021-3859","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/CVE-2021-3859"},{"reference_url":"https://github.com/advisories/GHSA-339q-62wm-c39w","reference_id":"GHSA-339q-62wm-c39w","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-339q-62wm-c39w"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0400","reference_id":"RHSA-2022:0400","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0400"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0401","reference_id":"RHSA-2022:0401","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0401"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0404","reference_id":"RHSA-2022:0404","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0404"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0405","reference_id":"RHSA-2022:0405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0406","reference_id":"RHSA-2022:0406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0406"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0407","reference_id":"RHSA-2022:0407","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0407"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0408","reference_id":"RHSA-2022:0408","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0408"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0409","reference_id":"RHSA-2022:0409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0410","reference_id":"RHSA-2022:0410","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0410"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0415","reference_id":"RHSA-2022:0415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0447","reference_id":"RHSA-2022:0447","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0447"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0448","reference_id":"RHSA-2022:0448","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0448"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1179","reference_id":"RHSA-2022:1179","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1179"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5532","reference_id":"RHSA-2022:5532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5532"}],"fixed_packages":[],"aliases":["CVE-2021-3859","GHSA-339q-62wm-c39w","GMS-2022-2963"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cf5j-2dz8-7bbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16621?format=json","vulnerability_id":"VCID-efw6-swgm-4fbc","summary":"SSRF vulnerability using the Aegis DataBinding in Apache CXF\nA SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28752.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28752.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28752","reference_id":"","reference_type":"","scores":[{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69148","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00799","scoring_system":"epss","scoring_elements":"0.74016","published_at":"2026-04-04T12:55:00Z"},{"value":"0.46497","scoring_system":"epss","scoring_elements":"0.97666","published_at":"2026-04-26T12:55:00Z"},{"value":"0.49265","scoring_system":"epss","scoring_elements":"0.97797","published_at":"2026-04-29T12:55:00Z"},{"value":"0.50829","scoring_system":"epss","scoring_elements":"0.97877","published_at":"2026-05-05T12:55:00Z"},{"value":"0.55152","scoring_system":"epss","scoring_elements":"0.98056","published_at":"2026-04-08T12:55:00Z"},{"value":"0.55152","scoring_system":"epss","scoring_elements":"0.98052","published_at":"2026-04-07T12:55:00Z"},{"value":"0.55152","scoring_system":"epss","scoring_elements":"0.98057","published_at":"2026-04-09T12:55:00Z"},{"value":"0.55152","scoring_system":"epss","scoring_elements":"0.98061","published_at":"2026-04-11T12:55:00Z"},{"value":"0.55152","scoring_system":"epss","scoring_elements":"0.98062","published_at":"2026-04-13T12:55:00Z"},{"value":"0.57136","scoring_system":"epss","scoring_elements":"0.98154","published_at":"2026-04-18T12:55:00Z"},{"value":"0.57136","scoring_system":"epss","scoring_elements":"0.98152","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28752"},{"reference_url":"https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-20T03:55:33Z/"}],"url":"https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt"},{"reference_url":"https://github.com/apache/cxf","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/cxf"},{"reference_url":"https://github.com/apache/cxf/commit/d0baeb3ee64c6d7c883bd2f5c4cb0de6b0b5f463","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/cxf/commit/d0baeb3ee64c6d7c883bd2f5c4cb0de6b0b5f463"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28752","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28752"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240517-0001","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240517-0001"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/03/14/3","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-20T03:55:33Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/03/14/3"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2270732","reference_id":"2270732","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2270732"},{"reference_url":"https://github.com/advisories/GHSA-qmgx-j96g-4428","reference_id":"GHSA-qmgx-j96g-4428","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qmgx-j96g-4428"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240517-0001/","reference_id":"ntap-20240517-0001","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-20T03:55:33Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240517-0001/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2834","reference_id":"RHSA-2024:2834","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2834"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2852","reference_id":"RHSA-2024:2852","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2852"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3708","reference_id":"RHSA-2024:3708","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3708"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5479","reference_id":"RHSA-2024:5479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5481","reference_id":"RHSA-2024:5481","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5481"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5482","reference_id":"RHSA-2024:5482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8339","reference_id":"RHSA-2024:8339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8339"}],"fixed_packages":[],"aliases":["CVE-2024-28752","GHSA-qmgx-j96g-4428"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-efw6-swgm-4fbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16770?format=json","vulnerability_id":"VCID-khr7-6pza-afab","summary":"Apache Log4j 1.x (EOL) allows Denial of Service (DoS)\n** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26464.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26464.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26464","reference_id":"","reference_type":"","scores":[{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34697","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.3479","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34808","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35041","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35088","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35102","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35066","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.3509","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35142","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35125","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.3512","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35094","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35049","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35171","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35198","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26464"},{"reference_url":"https://github.com/apache/logging-log4j2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/logging-log4j2"},{"reference_url":"https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T16:39:52Z/"}],"url":"https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230505-0008","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20230505-0008"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2182864","reference_id":"2182864","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2182864"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26464","reference_id":"CVE-2023-26464","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26464"},{"reference_url":"https://github.com/advisories/GHSA-vp98-w2p3-mv35","reference_id":"GHSA-vp98-w2p3-mv35","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vp98-w2p3-mv35"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230505-0008/","reference_id":"ntap-20230505-0008","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T16:39:52Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230505-0008/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3663","reference_id":"RHSA-2023:3663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3663"}],"fixed_packages":[],"aliases":["CVE-2023-26464","GHSA-vp98-w2p3-mv35"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-khr7-6pza-afab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51667?format=json","vulnerability_id":"VCID-knw5-d2nn-vyhq","summary":"HyperSQL DataBase vulnerable to remote code execution when processing untrusted input\nThose using `java.sql.Statement` or `java.sql.PreparedStatement` in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property \"hsqldb.method_class_names\" to classes which are allowed to be called. For example, `System.setProperty(\"hsqldb.method_class_names\", \"abc\")` or Java argument `-Dhsqldb.method_class_names=\"abc\"` can be used. From version 2.7.1 all classes by default are not accessible except those in `java.lang.Math` and need to be manually enabled.","references":[{"reference_url":"http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control","reference_id":"","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-21T13:37:02Z/"}],"url":"http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41853.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41853.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41853","reference_id":"","reference_type":"","scores":[{"value":"0.70144","scoring_system":"epss","scoring_elements":"0.98694","published_at":"2026-05-05T12:55:00Z"},{"value":"0.70144","scoring_system":"epss","scoring_elements":"0.98666","published_at":"2026-04-02T12:55:00Z"},{"value":"0.70144","scoring_system":"epss","scoring_elements":"0.98669","published_at":"2026-04-04T12:55:00Z"},{"value":"0.70144","scoring_system":"epss","scoring_elements":"0.98672","published_at":"2026-04-07T12:55:00Z"},{"value":"0.70144","scoring_system":"epss","scoring_elements":"0.98673","published_at":"2026-04-08T12:55:00Z"},{"value":"0.70144","scoring_system":"epss","scoring_elements":"0.98674","published_at":"2026-04-09T12:55:00Z"},{"value":"0.70144","scoring_system":"epss","scoring_elements":"0.98676","published_at":"2026-04-11T12:55:00Z"},{"value":"0.70144","scoring_system":"epss","scoring_elements":"0.98677","published_at":"2026-04-12T12:55:00Z"},{"value":"0.70144","scoring_system":"epss","scoring_elements":"0.98678","published_at":"2026-04-13T12:55:00Z"},{"value":"0.70144","scoring_system":"epss","scoring_elements":"0.98681","published_at":"2026-04-16T12:55:00Z"},{"value":"0.70144","scoring_system":"epss","scoring_elements":"0.98682","published_at":"2026-04-18T12:55:00Z"},{"value":"0.70144","scoring_system":"epss","scoring_elements":"0.98683","published_at":"2026-04-21T12:55:00Z"},{"value":"0.70144","scoring_system":"epss","scoring_elements":"0.98687","published_at":"2026-04-24T12:55:00Z"},{"value":"0.70144","scoring_system":"epss","scoring_elements":"0.98688","published_at":"2026-04-26T12:55:00Z"},{"value":"0.70144","scoring_system":"epss","scoring_elements":"0.98689","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41853"},{"reference_url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50212#c7","reference_id":"","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-21T13:37:02Z/"}],"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50212#c7"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41853","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41853"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00020.html","reference_id":"","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-21T13:37:02Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00020.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41853","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41853"},{"reference_url":"https://sourceforge.net/projects/hsqldb","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://sourceforge.net/projects/hsqldb"},{"reference_url":"https://www.debian.org/security/2023/dsa-5313","reference_id":"","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-21T13:37:02Z/"}],"url":"https://www.debian.org/security/2023/dsa-5313"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023573","reference_id":"1023573","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023573"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2136141","reference_id":"2136141","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2136141"},{"reference_url":"https://github.com/advisories/GHSA-77xx-rxvh-q682","reference_id":"GHSA-77xx-rxvh-q682","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-77xx-rxvh-q682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8559","reference_id":"RHSA-2022:8559","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8559"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8560","reference_id":"RHSA-2022:8560","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8652","reference_id":"RHSA-2022:8652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2100","reference_id":"RHSA-2023:2100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2100"}],"fixed_packages":[],"aliases":["CVE-2022-41853","GHSA-77xx-rxvh-q682"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-knw5-d2nn-vyhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53969?format=json","vulnerability_id":"VCID-rfs8-njaq-qkc8","summary":"Apache Xalan Java XSLT library integer truncation issue when processing malicious XSLT stylesheets\nThe Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode.\n\nA fix for this issue was published in September 2022 as part of an anticipated 2.7.3 release.","references":[{"reference_url":"http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34169.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34169.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34169","reference_id":"","reference_type":"","scores":[{"value":"0.06658","scoring_system":"epss","scoring_elements":"0.91251","published_at":"2026-04-26T12:55:00Z"},{"value":"0.06658","scoring_system":"epss","scoring_elements":"0.9124","published_at":"2026-04-21T12:55:00Z"},{"value":"0.06658","scoring_system":"epss","scoring_elements":"0.91239","published_at":"2026-04-18T12:55:00Z"},{"value":"0.06658","scoring_system":"epss","scoring_elements":"0.91215","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06658","scoring_system":"epss","scoring_elements":"0.91216","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06658","scoring_system":"epss","scoring_elements":"0.91212","published_at":"2026-04-11T12:55:00Z"},{"value":"0.06658","scoring_system":"epss","scoring_elements":"0.91199","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06658","scoring_system":"epss","scoring_elements":"0.91186","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06658","scoring_system":"epss","scoring_elements":"0.91206","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06658","scoring_system":"epss","scoring_elements":"0.91265","published_at":"2026-05-05T12:55:00Z"},{"value":"0.06658","scoring_system":"epss","scoring_elements":"0.9125","published_at":"2026-04-29T12:55:00Z"},{"value":"0.08992","scoring_system":"epss","scoring_elements":"0.92585","published_at":"2026-04-02T12:55:00Z"},{"value":"0.08992","scoring_system":"epss","scoring_elements":"0.92592","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21540","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21540"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21549","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21549"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34169"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitbox.apache.org/repos/asf?p=xalan-java.git","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitbox.apache.org/repos/asf?p=xalan-java.git"},{"reference_url":"https://gitbox.apache.org/repos/asf?p=xalan-java.git;a=commit;h=2e60d0a9a5b822c4abf9051857973b1c6babfe81","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitbox.apache.org/repos/asf?p=xalan-java.git;a=commit;h=2e60d0a9a5b822c4abf9051857973b1c6babfe81"},{"reference_url":"https://gitbox.apache.org/repos/asf?p=xalan-java.git;a=commit;h=ab57211e5d2e97cbed06786f919fa9b749c83573","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitbox.apache.org/repos/asf?p=xalan-java.git;a=commit;h=ab57211e5d2e97cbed06786f919fa9b749c83573"},{"reference_url":"https://gitbox.apache.org/repos/asf?p=xalan-java.git;a=commit;h=da3e0d06b467247643ce04e88d3346739d119f21","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitbox.apache.org/repos/asf?p=xalan-java.git;a=commit;h=da3e0d06b467247643ce04e88d3346739d119f21"},{"reference_url":"https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw"},{"reference_url":"https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8"},{"reference_url":"https://lists.apache.org/thread/x3f7xv3p1g32qj2hlg8wd57pwcpld471","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/x3f7xv3p1g32qj2hlg8wd57pwcpld471"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-34169","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-34169"},{"reference_url":"https://security.gentoo.org/glsa/202401-25","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202401-25"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220729-0009","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220729-0009"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240621-0006","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240621-0006"},{"reference_url":"https://www.debian.org/security/2022/dsa-5188","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2022/dsa-5188"},{"reference_url":"https://www.debian.org/security/2022/dsa-5192","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2022/dsa-5192"},{"reference_url":"https://www.debian.org/security/2022/dsa-5256","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2022/dsa-5256"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://xalan.apache.org","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://xalan.apache.org"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/07/19/5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/07/19/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/07/19/6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/07/19/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/07/20/2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/07/20/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/07/20/3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/07/20/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/10/18/2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/10/18/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/04/8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/11/04/8"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/07/2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/11/07/2"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015860","reference_id":"1015860","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015860"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2108554","reference_id":"2108554","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2108554"},{"reference_url":"https://github.com/advisories/GHSA-9339-86wc-4qgf","reference_id":"GHSA-9339-86wc-4qgf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9339-86wc-4qgf"},{"reference_url":"https://security.gentoo.org/glsa/202405-16","reference_id":"GLSA-202405-16","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-16"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5681","reference_id":"RHSA-2022:5681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5683","reference_id":"RHSA-2022:5683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5684","reference_id":"RHSA-2022:5684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5685","reference_id":"RHSA-2022:5685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5685"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5687","reference_id":"RHSA-2022:5687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5695","reference_id":"RHSA-2022:5695","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5695"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5696","reference_id":"RHSA-2022:5696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5696"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5697","reference_id":"RHSA-2022:5697","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5697"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5698","reference_id":"RHSA-2022:5698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5700","reference_id":"RHSA-2022:5700","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5700"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5701","reference_id":"RHSA-2022:5701","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5701"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5709","reference_id":"RHSA-2022:5709","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5709"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5726","reference_id":"RHSA-2022:5726","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5726"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5736","reference_id":"RHSA-2022:5736","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5736"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5753","reference_id":"RHSA-2022:5753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5754","reference_id":"RHSA-2022:5754","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5754"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5755","reference_id":"RHSA-2022:5755","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5755"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5756","reference_id":"RHSA-2022:5756","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5756"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5757","reference_id":"RHSA-2022:5757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5758","reference_id":"RHSA-2022:5758","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5758"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3708","reference_id":"RHSA-2024:3708","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3708"},{"reference_url":"https://usn.ubuntu.com/5546-1/","reference_id":"USN-5546-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5546-1/"},{"reference_url":"https://usn.ubuntu.com/5546-2/","reference_id":"USN-5546-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5546-2/"}],"fixed_packages":[],"aliases":["CVE-2022-34169","GHSA-9339-86wc-4qgf"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rfs8-njaq-qkc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16318?format=json","vulnerability_id":"VCID-rgtf-p6z8-dkc3","summary":"XNIO denial of service vulnerability\nA flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS). Version 3.8.14.Final is expected to contain a fix.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7637","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:12:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7637"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7638","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:12:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7638"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7639","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:12:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7639"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7641","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:12:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7641"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10207","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:12:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:10207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10208","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:12:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:10208"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2707","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:12:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2707"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5685.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5685.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-5685","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:12:35Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-5685"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5685","reference_id":"","reference_type":"","scores":[{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64806","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64731","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.6476","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64722","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.6477","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64785","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64802","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.6479","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64763","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64801","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64811","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64798","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64815","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64828","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64825","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5685"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241822","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:12:35Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241822"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5685","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5685"},{"reference_url":"https://github.com/xnio/xnio","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xnio/xnio"},{"reference_url":"https://github.com/xnio/xnio/blob/3.8.13.Final/api/src/main/java/org/xnio/AbstractIoFuture.java#L249","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xnio/xnio/blob/3.8.13.Final/api/src/main/java/org/xnio/AbstractIoFuture.java#L249"},{"reference_url":"https://github.com/xnio/xnio/commit/ffabdcdda508ef87aeadad5ca3f854e274d60ec1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xnio/xnio/commit/ffabdcdda508ef87aeadad5ca3f854e274d60ec1"},{"reference_url":"https://issues.redhat.com/browse/XNIO-423","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/XNIO-423"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5685","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5685"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065847","reference_id":"1065847","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065847"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4","reference_id":"cpe:/a:redhat:apache_camel_hawtio:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache-camel-spring-boot:4.4.0","reference_id":"cpe:/a:redhat:apache-camel-spring-boot:4.4.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache-camel-spring-boot:4.4.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:3","reference_id":"cpe:/a:redhat:camel_spring_boot:3","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:3"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1","reference_id":"cpe:/a:redhat:integration:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7","reference_id":"cpe:/a:redhat:jboss_data_grid:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8","reference_id":"cpe:/a:redhat:jboss_data_grid:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7.4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse_service_works:6","reference_id":"cpe:/a:redhat:jboss_fuse_service_works:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse_service_works:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://github.com/advisories/GHSA-7f88-5hhx-67m2","reference_id":"GHSA-7f88-5hhx-67m2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7f88-5hhx-67m2"}],"fixed_packages":[],"aliases":["CVE-2023-5685","GHSA-7f88-5hhx-67m2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rgtf-p6z8-dkc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52617?format=json","vulnerability_id":"VCID-y8up-mkx2-abcn","summary":"Apache CXF Server-Side Request Forgery vulnerability\nA SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46364.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46364.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-46364","reference_id":"","reference_type":"","scores":[{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23151","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.22971","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.22978","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25247","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25366","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.3082","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30863","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30909","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30729","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30788","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33196","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33241","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33201","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33177","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33218","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-46364"},{"reference_url":"https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-22T02:48:12Z/"}],"url":"https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-46364","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-46364"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2155682","reference_id":"2155682","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2155682"},{"reference_url":"https://github.com/advisories/GHSA-x3x3-qwjq-8gj4","reference_id":"GHSA-x3x3-qwjq-8gj4","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x3x3-qwjq-8gj4"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0163","reference_id":"RHSA-2023:0163","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0163"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0164","reference_id":"RHSA-2023:0164","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0164"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0483","reference_id":"RHSA-2023:0483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0483"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0544","reference_id":"RHSA-2023:0544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0556","reference_id":"RHSA-2023:0556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0556"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1285","reference_id":"RHSA-2023:1285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1286","reference_id":"RHSA-2023:1286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2041","reference_id":"RHSA-2023:2041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3641","reference_id":"RHSA-2023:3641","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3641"}],"fixed_packages":[],"aliases":["CVE-2022-46364","GHSA-x3x3-qwjq-8gj4"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y8up-mkx2-abcn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78039?format=json","vulnerability_id":"VCID-zxsk-ucu6-73h1","summary":"eap-7: heap exhaustion via deserialization","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3171.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3171.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3171","reference_id":"","reference_type":"","scores":[{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39658","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.3968","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39598","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39652","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39666","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39676","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.3964","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39624","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39675","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39646","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39562","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39382","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39367","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39284","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.3916","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3171"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2213639","reference_id":"2213639","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2213639"}],"fixed_packages":[],"aliases":["CVE-2023-3171"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zxsk-ucu6-73h1"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-xalan-j2@2.7.1-38.redhat_00015.1%3Farch=el7eap"}