{"url":"http://public2.vulnerablecode.io/api/packages/95264?format=json","purl":"pkg:rpm/redhat/eap7-ironjacamar@1.5.15-1.Final_redhat_00001.1?arch=el8eap","type":"rpm","namespace":"redhat","name":"eap7-ironjacamar","version":"1.5.15-1.Final_redhat_00001.1","qualifiers":{"arch":"el8eap"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16770?format=json","vulnerability_id":"VCID-khr7-6pza-afab","summary":"Apache Log4j 1.x (EOL) allows Denial of Service (DoS)\n** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26464.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26464.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26464","reference_id":"","reference_type":"","scores":[{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34697","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35066","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35049","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35094","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.3512","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35125","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.3509","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35102","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.3479","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34808","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35142","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35041","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35088","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35171","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26464"},{"reference_url":"https://github.com/apache/logging-log4j2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/logging-log4j2"},{"reference_url":"https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T16:39:52Z/"}],"url":"https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230505-0008","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20230505-0008"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2182864","reference_id":"2182864","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2182864"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26464","reference_id":"CVE-2023-26464","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26464"},{"reference_url":"https://github.com/advisories/GHSA-vp98-w2p3-mv35","reference_id":"GHSA-vp98-w2p3-mv35","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vp98-w2p3-mv35"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230505-0008/","reference_id":"ntap-20230505-0008","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T16:39:52Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230505-0008/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3663","reference_id":"RHSA-2023:3663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3663"}],"fixed_packages":[],"aliases":["CVE-2023-26464","GHSA-vp98-w2p3-mv35"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-khr7-6pza-afab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18052?format=json","vulnerability_id":"VCID-nahx-etfu-qqfq","summary":"semver vulnerable to Regular Expression Denial of Service\nVersions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25883.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25883.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25883","reference_id":"","reference_type":"","scores":[{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68868","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68887","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68866","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68937","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68918","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00598","scoring_system":"epss","scoring_elements":"0.69424","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00598","scoring_system":"epss","scoring_elements":"0.69386","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00598","scoring_system":"epss","scoring_elements":"0.69399","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00598","scoring_system":"epss","scoring_elements":"0.69481","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00598","scoring_system":"epss","scoring_elements":"0.69415","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00598","scoring_system":"epss","scoring_elements":"0.69476","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00598","scoring_system":"epss","scoring_elements":"0.69469","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00598","scoring_system":"epss","scoring_elements":"0.69417","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00598","scoring_system":"epss","scoring_elements":"0.69435","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25883"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25883","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25883"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/npm/node-semver","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/npm/node-semver"},{"reference_url":"https://github.com/npm/node-semver/blob/main/classes/range.js%23L97-L104","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T16:54:52Z/"}],"url":"https://github.com/npm/node-semver/blob/main/classes/range.js%23L97-L104"},{"reference_url":"https://github.com/npm/node-semver/blob/main/classes/range.js#L97-L104","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/npm/node-semver/blob/main/classes/range.js#L97-L104"},{"reference_url":"https://github.com/npm/node-semver/blob/main/internal/re.js%23L138","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T16:54:52Z/"}],"url":"https://github.com/npm/node-semver/blob/main/internal/re.js%23L138"},{"reference_url":"https://github.com/npm/node-semver/blob/main/internal/re.js%23L160","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T16:54:52Z/"}],"url":"https://github.com/npm/node-semver/blob/main/internal/re.js%23L160"},{"reference_url":"https://github.com/npm/node-semver/blob/main/internal/re.js#L138","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/npm/node-semver/blob/main/internal/re.js#L138"},{"reference_url":"https://github.com/npm/node-semver/blob/main/internal/re.js#L160","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/npm/node-semver/blob/main/internal/re.js#L160"},{"reference_url":"https://github.com/npm/node-semver/commit/2f8fd41487acf380194579ecb6f8b1bbfe116be0","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/npm/node-semver/commit/2f8fd41487acf380194579ecb6f8b1bbfe116be0"},{"reference_url":"https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T16:54:52Z/"}],"url":"https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441"},{"reference_url":"https://github.com/npm/node-semver/commit/928e56d21150da0413a3333a3148b20e741a920c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/npm/node-semver/commit/928e56d21150da0413a3333a3148b20e741a920c"},{"reference_url":"https://github.com/npm/node-semver/pull/564","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T16:54:52Z/"}],"url":"https://github.com/npm/node-semver/pull/564"},{"reference_url":"https://github.com/npm/node-semver/pull/585","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/npm/node-semver/pull/585"},{"reference_url":"https://github.com/npm/node-semver/pull/593","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/npm/node-semver/pull/593"},{"reference_url":"https://security.netapp.com/advisory/ntap-20241025-0004","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20241025-0004"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T16:54:52Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2216475","reference_id":"2216475","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2216475"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25883","reference_id":"CVE-2022-25883","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25883"},{"reference_url":"https://github.com/advisories/GHSA-c2qf-rxjj-qqgw","reference_id":"GHSA-c2qf-rxjj-qqgw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c2qf-rxjj-qqgw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4341","reference_id":"RHSA-2023:4341","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4341"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5360","reference_id":"RHSA-2023:5360","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5360"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5361","reference_id":"RHSA-2023:5361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5362","reference_id":"RHSA-2023:5362","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5362"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5363","reference_id":"RHSA-2023:5363","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5363"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5379","reference_id":"RHSA-2023:5379","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5379"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7222","reference_id":"RHSA-2023:7222","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7222"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0719","reference_id":"RHSA-2024:0719","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0719"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5955","reference_id":"RHSA-2024:5955","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5955"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6044","reference_id":"RHSA-2024:6044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6044"}],"fixed_packages":[],"aliases":["CVE-2022-25883","GHSA-c2qf-rxjj-qqgw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nahx-etfu-qqfq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18166?format=json","vulnerability_id":"VCID-wjaq-7np6-z3bk","summary":"Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')\nVersions of the package tough-cookie before 4.1.3 is vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26136.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26136.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26136","reference_id":"","reference_type":"","scores":[{"value":"0.06371","scoring_system":"epss","scoring_elements":"0.90993","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06371","scoring_system":"epss","scoring_elements":"0.90971","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06371","scoring_system":"epss","scoring_elements":"0.90982","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06371","scoring_system":"epss","scoring_elements":"0.90962","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06371","scoring_system":"epss","scoring_elements":"0.91029","published_at":"2026-04-18T12:55:00Z"},{"value":"0.06371","scoring_system":"epss","scoring_elements":"0.91031","published_at":"2026-04-16T12:55:00Z"},{"value":"0.06371","scoring_system":"epss","scoring_elements":"0.91006","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06371","scoring_system":"epss","scoring_elements":"0.91007","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06371","scoring_system":"epss","scoring_elements":"0.90998","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06534","scoring_system":"epss","scoring_elements":"0.91163","published_at":"2026-04-24T12:55:00Z"},{"value":"0.06534","scoring_system":"epss","scoring_elements":"0.91161","published_at":"2026-04-26T12:55:00Z"},{"value":"0.06534","scoring_system":"epss","scoring_elements":"0.9115","published_at":"2026-04-21T12:55:00Z"},{"value":"0.06587","scoring_system":"epss","scoring_elements":"0.91197","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26136"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26136","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26136"},{"reference_url":"https://github.com/salesforce/tough-cookie","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/salesforce/tough-cookie"},{"reference_url":"https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T20:37:58Z/"}],"url":"https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e"},{"reference_url":"https://github.com/salesforce/tough-cookie/issues/282","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T20:37:58Z/"}],"url":"https://github.com/salesforce/tough-cookie/issues/282"},{"reference_url":"https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T20:37:58Z/"}],"url":"https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T20:37:58Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240621-0006","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240621-0006"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T20:37:58Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2219310","reference_id":"2219310","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2219310"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/","reference_id":"3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T20:37:58Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ/","reference_id":"6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-09T20:37:58Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26136","reference_id":"CVE-2023-26136","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26136"},{"reference_url":"https://github.com/advisories/GHSA-72xf-g2v4-qvf3","reference_id":"GHSA-72xf-g2v4-qvf3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-72xf-g2v4-qvf3"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3998","reference_id":"RHSA-2023:3998","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3998"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5006","reference_id":"RHSA-2023:5006","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5541","reference_id":"RHSA-2023:5541","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5541"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5542","reference_id":"RHSA-2023:5542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7222","reference_id":"RHSA-2023:7222","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7222"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8676","reference_id":"RHSA-2024:8676","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8676"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0082","reference_id":"RHSA-2025:0082","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0082"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0164","reference_id":"RHSA-2025:0164","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0164"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0323","reference_id":"RHSA-2025:0323","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0323"}],"fixed_packages":[],"aliases":["CVE-2023-26136","GHSA-72xf-g2v4-qvf3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wjaq-7np6-z3bk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78039?format=json","vulnerability_id":"VCID-zxsk-ucu6-73h1","summary":"eap-7: heap exhaustion via deserialization","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3171.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3171.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3171","reference_id":"","reference_type":"","scores":[{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39658","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.3968","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39598","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39652","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39666","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39676","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.3964","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39624","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39675","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39646","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39562","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39382","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39367","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39284","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3171"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2213639","reference_id":"2213639","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2213639"}],"fixed_packages":[],"aliases":["CVE-2023-3171"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zxsk-ucu6-73h1"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-ironjacamar@1.5.15-1.Final_redhat_00001.1%3Farch=el8eap"}