{"url":"http://public2.vulnerablecode.io/api/packages/96100?format=json","purl":"pkg:rpm/redhat/jenkins-2-plugins@4.11.1686831822-1?arch=el8","type":"rpm","namespace":"redhat","name":"jenkins-2-plugins","version":"4.11.1686831822-1","qualifiers":{"arch":"el8"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16881?format=json","vulnerability_id":"VCID-7k5m-ys11-mfby","summary":"json-smart Uncontrolled Recursion vulnerability\nAffected versions of [net.minidev:json-smart](https://github.com/netplex/json-smart-v1) are vulnerable to Denial of Service (DoS) due to a StackOverflowError when parsing a deeply nested JSON array or object.\n\nWhen reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the 3PP does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1370.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1370.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1370","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02246","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02236","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02254","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02257","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02268","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02286","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02264","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03121","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02908","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02923","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02931","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0301","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03005","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02994","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03044","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03017","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03038","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03075","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03083","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03089","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1370"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1370","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1370"},{"reference_url":"https://github.com/netplex/json-smart-v2/commit/5b3205d051952d3100aa0db1535f6ba6226bd87a","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/netplex/json-smart-v2/commit/5b3205d051952d3100aa0db1535f6ba6226bd87a"},{"reference_url":"https://github.com/netplex/json-smart-v2/commit/e2791ae506a57491bc856b439d706c81e45adcf8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/netplex/json-smart-v2/commit/e2791ae506a57491bc856b439d706c81e45adcf8"},{"reference_url":"https://github.com/netplex/json-smart-v2/issues/137","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/netplex/json-smart-v2/issues/137"},{"reference_url":"https://github.com/oswaldobapvicjr/jsonmerge","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/oswaldobapvicjr/jsonmerge"},{"reference_url":"https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240621-0006","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240621-0006"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-NETMINIDEV-3369748","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-NETMINIDEV-3369748"},{"reference_url":"https://www.cve.org/CVERecord?id=CVE-2023-1370","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cve.org/CVERecord?id=CVE-2023-1370"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033474","reference_id":"1033474","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033474"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2188542","reference_id":"2188542","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2188542"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1370","reference_id":"CVE-2023-1370","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1370"},{"reference_url":"https://github.com/advisories/GHSA-493p-pfq6-5258","reference_id":"GHSA-493p-pfq6-5258","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-493p-pfq6-5258"},{"reference_url":"https://github.com/oswaldobapvicjr/jsonmerge/security/advisories/GHSA-493p-pfq6-5258","reference_id":"GHSA-493p-pfq6-5258","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/oswaldobapvicjr/jsonmerge/security/advisories/GHSA-493p-pfq6-5258"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2099","reference_id":"RHSA-2023:2099","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2099"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2100","reference_id":"RHSA-2023:2100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2100"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3179","reference_id":"RHSA-2023:3179","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3179"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3193","reference_id":"RHSA-2023:3193","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3193"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3223","reference_id":"RHSA-2023:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3362","reference_id":"RHSA-2023:3362","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3362"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3610","reference_id":"RHSA-2023:3610","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3610"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3622","reference_id":"RHSA-2023:3622","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3622"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3641","reference_id":"RHSA-2023:3641","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3641"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3663","reference_id":"RHSA-2023:3663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7697","reference_id":"RHSA-2023:7697","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7697"},{"reference_url":"https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/","reference_id":"stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T19:09:38Z/"}],"url":"https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/"},{"reference_url":"https://usn.ubuntu.com/6011-1/","reference_id":"USN-6011-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6011-1/"}],"fixed_packages":[],"aliases":["CVE-2023-1370","GHSA-493p-pfq6-5258"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7k5m-ys11-mfby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41775?format=json","vulnerability_id":"VCID-9h46-72hw-bkcr","summary":"Multiple vulnerabilities have been found in FasterXML jackson-databind, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42003.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42003.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42003","reference_id":"","reference_type":"","scores":[{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.5256","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54935","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54883","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54909","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54878","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54928","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54926","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54939","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.5492","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54897","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57148","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57138","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57117","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57184","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57124","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.593","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59358","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59295","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59252","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42003"},{"reference_url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/blob/2.13/release-notes/VERSION-2.x","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/blob/2.13/release-notes/VERSION-2.x"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/2c4a601c626f7790cad9d3c322d244e182838288","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/2c4a601c626f7790cad9d3c322d244e182838288"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commits/jackson-databind-2.4.0-rc1?after=75b97b8519f0d50c62523ad85170d80a197a2c86+174&branch=jackson-databind-2.4.0-rc1&qualified_name=refs%2Ftags%2Fjackson-databind-2.4.0-rc1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commits/jackson-databind-2.4.0-rc1?after=75b97b8519f0d50c62523ad85170d80a197a2c86+174&branch=jackson-databind-2.4.0-rc1&qualified_name=refs%2Ftags%2Fjackson-databind-2.4.0-rc1"},{"reference_url":"https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.13.4.1...jackson-databind-2.13.4.2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.13.4.1...jackson-databind-2.13.4.2"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/3590","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/3590"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/3627","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/3627"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42003","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42003"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221124-0004","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20221124-0004"},{"reference_url":"https://www.debian.org/security/2022/dsa-5283","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2022/dsa-5283"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2135244","reference_id":"2135244","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2135244"},{"reference_url":"https://github.com/advisories/GHSA-jjjh-jjxp-wpff","reference_id":"GHSA-jjjh-jjxp-wpff","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jjjh-jjxp-wpff"},{"reference_url":"https://security.gentoo.org/glsa/202210-21","reference_id":"GLSA-202210-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202210-21"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7435","reference_id":"RHSA-2022:7435","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7435"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8781","reference_id":"RHSA-2022:8781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8876","reference_id":"RHSA-2022:8876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8876"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8889","reference_id":"RHSA-2022:8889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:9023","reference_id":"RHSA-2022:9023","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:9023"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:9032","reference_id":"RHSA-2022:9032","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:9032"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0189","reference_id":"RHSA-2023:0189","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0189"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0261","reference_id":"RHSA-2023:0261","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0261"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0264","reference_id":"RHSA-2023:0264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0264"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0469","reference_id":"RHSA-2023:0469","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0469"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0471","reference_id":"RHSA-2023:0471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0552","reference_id":"RHSA-2023:0552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0553","reference_id":"RHSA-2023:0553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0554","reference_id":"RHSA-2023:0554","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0554"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0556","reference_id":"RHSA-2023:0556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0556"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0713","reference_id":"RHSA-2023:0713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1006","reference_id":"RHSA-2023:1006","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1064","reference_id":"RHSA-2023:1064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1064"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1151","reference_id":"RHSA-2023:1151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2097","reference_id":"RHSA-2023:2097","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2097"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2100","reference_id":"RHSA-2023:2100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2100"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3223","reference_id":"RHSA-2023:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3641","reference_id":"RHSA-2023:3641","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3641"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3663","reference_id":"RHSA-2023:3663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1746","reference_id":"RHSA-2025:1746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1747","reference_id":"RHSA-2025:1747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1747"}],"fixed_packages":[],"aliases":["CVE-2022-42003","GHSA-jjjh-jjxp-wpff"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9h46-72hw-bkcr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16770?format=json","vulnerability_id":"VCID-khr7-6pza-afab","summary":"Apache Log4j 1.x (EOL) allows Denial of Service (DoS)\n** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26464.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26464.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26464","reference_id":"","reference_type":"","scores":[{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.3467","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35142","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35171","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35049","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35094","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.3512","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35125","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.3509","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35066","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35102","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35088","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35041","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34808","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.3479","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34697","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35268","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35295","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35202","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35224","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35198","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26464"},{"reference_url":"https://github.com/apache/logging-log4j2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/logging-log4j2"},{"reference_url":"https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T16:39:52Z/"}],"url":"https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230505-0008","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20230505-0008"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2182864","reference_id":"2182864","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2182864"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26464","reference_id":"CVE-2023-26464","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26464"},{"reference_url":"https://github.com/advisories/GHSA-vp98-w2p3-mv35","reference_id":"GHSA-vp98-w2p3-mv35","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vp98-w2p3-mv35"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230505-0008/","reference_id":"ntap-20230505-0008","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T16:39:52Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230505-0008/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3663","reference_id":"RHSA-2023:3663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3663"}],"fixed_packages":[],"aliases":["CVE-2023-26464","GHSA-vp98-w2p3-mv35"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-khr7-6pza-afab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52409?format=json","vulnerability_id":"VCID-myp4-24sf-9yfv","summary":"Jettison memory exhaustion\nThose using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40150.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40150.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-40150","reference_id":"","reference_type":"","scores":[{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20262","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20493","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20276","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20277","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20272","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20284","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.2043","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20343","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20388","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20358","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20299","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20219","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20115","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20149","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20619","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20628","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20541","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20471","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20604","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21086","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-40150"},{"reference_url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46549","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:36:35Z/"}],"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46549"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40149","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40149"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40150","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40150"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45685","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45685"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45693","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45693"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/jettison-json/jettison","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jettison-json/jettison"},{"reference_url":"https://github.com/jettison-json/jettison/issues/45","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:36:35Z/"}],"url":"https://github.com/jettison-json/jettison/issues/45"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00045.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:36:35Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00045.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-40150","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-40150"},{"reference_url":"https://www.debian.org/security/2023/dsa-5312","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:36:35Z/"}],"url":"https://www.debian.org/security/2023/dsa-5312"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022553","reference_id":"1022553","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022553"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2135770","reference_id":"2135770","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2135770"},{"reference_url":"https://github.com/advisories/GHSA-x27m-9w8j-5vcw","reference_id":"GHSA-x27m-9w8j-5vcw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x27m-9w8j-5vcw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0469","reference_id":"RHSA-2023:0469","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0469"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0552","reference_id":"RHSA-2023:0552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0553","reference_id":"RHSA-2023:0553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0554","reference_id":"RHSA-2023:0554","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0554"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0556","reference_id":"RHSA-2023:0556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0556"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2100","reference_id":"RHSA-2023:2100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2100"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3223","reference_id":"RHSA-2023:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3610","reference_id":"RHSA-2023:3610","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3610"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3663","reference_id":"RHSA-2023:3663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4437","reference_id":"RHSA-2025:4437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4437"},{"reference_url":"https://usn.ubuntu.com/6177-1/","reference_id":"USN-6177-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6177-1/"}],"fixed_packages":[],"aliases":["CVE-2022-40150","GHSA-x27m-9w8j-5vcw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-myp4-24sf-9yfv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16853?format=json","vulnerability_id":"VCID-qq1f-3nsz-6kcz","summary":"Jettison vulnerable to infinite recursion\nAn infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1436.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1436.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1436","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07004","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08415","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08496","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08466","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.0848","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08499","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08506","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08488","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.2666","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26724","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26696","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30756","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.31026","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30905","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30821","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31151","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31241","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31235","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31166","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31174","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1436"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1436","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1436"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/jettison-json/jettison","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jettison-json/jettison"},{"reference_url":"https://github.com/jettison-json/jettison/issues/60","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jettison-json/jettison/issues/60"},{"reference_url":"https://github.com/jettison-json/jettison/pull/62","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jettison-json/jettison/pull/62"},{"reference_url":"https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.4"},{"reference_url":"https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911"},{"reference_url":"https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T15:02:11Z/"}],"url":"https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033846","reference_id":"1033846","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033846"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2182788","reference_id":"2182788","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2182788"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1436","reference_id":"CVE-2023-1436","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1436"},{"reference_url":"https://github.com/advisories/GHSA-q6g2-g7f3-rr83","reference_id":"GHSA-q6g2-g7f3-rr83","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q6g2-g7f3-rr83"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2100","reference_id":"RHSA-2023:2100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2100"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3622","reference_id":"RHSA-2023:3622","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3622"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3641","reference_id":"RHSA-2023:3641","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3641"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3663","reference_id":"RHSA-2023:3663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3667","reference_id":"RHSA-2023:3667","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3667"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7670","reference_id":"RHSA-2023:7670","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7670"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1027","reference_id":"RHSA-2024:1027","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1027"},{"reference_url":"https://usn.ubuntu.com/6179-1/","reference_id":"USN-6179-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6179-1/"}],"fixed_packages":[],"aliases":["CVE-2023-1436","GHSA-q6g2-g7f3-rr83"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qq1f-3nsz-6kcz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52395?format=json","vulnerability_id":"VCID-sqx4-euc2-myew","summary":"Jettison parser crash by stackoverflow\nThose using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40149.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40149.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-40149","reference_id":"","reference_type":"","scores":[{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.6799","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67901","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.6792","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67899","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.6795","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67964","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67988","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67974","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67939","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67977","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67972","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.68015","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.68024","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.68029","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.68138","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.6857","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68579","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68545","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68541","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.685","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-40149"},{"reference_url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46538","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:36:38Z/"}],"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40149","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40149"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40150","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40150"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45685","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45685"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45693","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45693"},{"reference_url":"https://github.com/jettison-json/jettison","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jettison-json/jettison"},{"reference_url":"https://github.com/jettison-json/jettison/issues/45","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:36:38Z/"}],"url":"https://github.com/jettison-json/jettison/issues/45"},{"reference_url":"https://github.com/jettison-json/jettison/pull/49/files","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jettison-json/jettison/pull/49/files"},{"reference_url":"https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00011.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:36:38Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00011.html"},{"reference_url":"https://www.debian.org/security/2023/dsa-5312","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:36:38Z/"}],"url":"https://www.debian.org/security/2023/dsa-5312"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022554","reference_id":"1022554","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022554"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2135771","reference_id":"2135771","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2135771"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-40149","reference_id":"CVE-2022-40149","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-40149"},{"reference_url":"https://github.com/advisories/GHSA-56h3-78gp-v83r","reference_id":"GHSA-56h3-78gp-v83r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-56h3-78gp-v83r"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0469","reference_id":"RHSA-2023:0469","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0469"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0544","reference_id":"RHSA-2023:0544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0552","reference_id":"RHSA-2023:0552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0553","reference_id":"RHSA-2023:0553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0554","reference_id":"RHSA-2023:0554","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0554"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0556","reference_id":"RHSA-2023:0556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0556"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3223","reference_id":"RHSA-2023:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3610","reference_id":"RHSA-2023:3610","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3610"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3663","reference_id":"RHSA-2023:3663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4437","reference_id":"RHSA-2025:4437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4437"},{"reference_url":"https://usn.ubuntu.com/6177-1/","reference_id":"USN-6177-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6177-1/"}],"fixed_packages":[],"aliases":["CVE-2022-40149","GHSA-56h3-78gp-v83r"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sqx4-euc2-myew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41776?format=json","vulnerability_id":"VCID-v2pq-1qhm-4qb9","summary":"Multiple vulnerabilities have been found in FasterXML jackson-databind, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42004.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42004.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42004","reference_id":"","reference_type":"","scores":[{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45641","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50619","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50664","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50651","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50716","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50683","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50708","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50719","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50703","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50695","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50745","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50766","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.5076","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50735","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50758","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53161","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53119","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53068","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53115","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42004"},{"reference_url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/35de19e7144c4df8ab178b800ba86e80c3d84252","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/35de19e7144c4df8ab178b800ba86e80c3d84252"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/3582","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/3582"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42004","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42004"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221118-0008","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20221118-0008"},{"reference_url":"https://www.debian.org/security/2022/dsa-5283","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2022/dsa-5283"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2135247","reference_id":"2135247","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2135247"},{"reference_url":"https://github.com/advisories/GHSA-rgv9-q543-rqg4","reference_id":"GHSA-rgv9-q543-rqg4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rgv9-q543-rqg4"},{"reference_url":"https://security.gentoo.org/glsa/202210-21","reference_id":"GLSA-202210-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202210-21"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7435","reference_id":"RHSA-2022:7435","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7435"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8781","reference_id":"RHSA-2022:8781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8876","reference_id":"RHSA-2022:8876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8876"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8889","reference_id":"RHSA-2022:8889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:9023","reference_id":"RHSA-2022:9023","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:9023"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:9032","reference_id":"RHSA-2022:9032","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:9032"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0189","reference_id":"RHSA-2023:0189","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0189"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0264","reference_id":"RHSA-2023:0264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0264"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0469","reference_id":"RHSA-2023:0469","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0469"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0471","reference_id":"RHSA-2023:0471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0552","reference_id":"RHSA-2023:0552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0553","reference_id":"RHSA-2023:0553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0554","reference_id":"RHSA-2023:0554","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0554"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0556","reference_id":"RHSA-2023:0556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0556"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0713","reference_id":"RHSA-2023:0713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1006","reference_id":"RHSA-2023:1006","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1064","reference_id":"RHSA-2023:1064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1064"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2097","reference_id":"RHSA-2023:2097","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2097"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2100","reference_id":"RHSA-2023:2100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2100"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3223","reference_id":"RHSA-2023:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3641","reference_id":"RHSA-2023:3641","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3641"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3663","reference_id":"RHSA-2023:3663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1746","reference_id":"RHSA-2025:1746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1747","reference_id":"RHSA-2025:1747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1747"}],"fixed_packages":[],"aliases":["CVE-2022-42004","GHSA-rgv9-q543-rqg4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v2pq-1qhm-4qb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17609?format=json","vulnerability_id":"VCID-v9jp-s75d-zffs","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nJenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32977.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32977.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32977","reference_id":"","reference_type":"","scores":[{"value":"0.03706","scoring_system":"epss","scoring_elements":"0.8808","published_at":"2026-05-14T12:55:00Z"},{"value":"0.03706","scoring_system":"epss","scoring_elements":"0.87975","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03706","scoring_system":"epss","scoring_elements":"0.87974","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03706","scoring_system":"epss","scoring_elements":"0.87991","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03706","scoring_system":"epss","scoring_elements":"0.87998","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03706","scoring_system":"epss","scoring_elements":"0.88008","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03706","scoring_system":"epss","scoring_elements":"0.88025","published_at":"2026-05-07T12:55:00Z"},{"value":"0.03706","scoring_system":"epss","scoring_elements":"0.88039","published_at":"2026-05-09T12:55:00Z"},{"value":"0.03706","scoring_system":"epss","scoring_elements":"0.88037","published_at":"2026-05-11T12:55:00Z"},{"value":"0.03706","scoring_system":"epss","scoring_elements":"0.8805","published_at":"2026-05-12T12:55:00Z"},{"value":"0.03706","scoring_system":"epss","scoring_elements":"0.87915","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03706","scoring_system":"epss","scoring_elements":"0.87928","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03706","scoring_system":"epss","scoring_elements":"0.87932","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03706","scoring_system":"epss","scoring_elements":"0.87952","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03706","scoring_system":"epss","scoring_elements":"0.87959","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03706","scoring_system":"epss","scoring_elements":"0.8797","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03706","scoring_system":"epss","scoring_elements":"0.87962","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03706","scoring_system":"epss","scoring_elements":"0.87961","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32977"},{"reference_url":"https://github.com/jenkinsci/workflow-job-plugin/commit/395eb740000509bff789c7f409c90f2a4a738821","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/workflow-job-plugin/commit/395eb740000509bff789c7f409c90f2a4a738821"},{"reference_url":"https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T16:05:56Z/"}],"url":"https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2207830","reference_id":"2207830","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2207830"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32977","reference_id":"CVE-2023-32977","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32977"},{"reference_url":"https://github.com/advisories/GHSA-2wvv-phhw-qvmc","reference_id":"GHSA-2wvv-phhw-qvmc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2wvv-phhw-qvmc"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3610","reference_id":"RHSA-2023:3610","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3610"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3625","reference_id":"RHSA-2023:3625","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3625"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3663","reference_id":"RHSA-2023:3663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3663"}],"fixed_packages":[],"aliases":["CVE-2023-32977","GHSA-2wvv-phhw-qvmc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v9jp-s75d-zffs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17646?format=json","vulnerability_id":"VCID-yph7-zq7p-j3hz","summary":"Jenkins Pipeline Utility Steps Plugin arbitrary file write vulnerability\nAn arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier allows attackers able to provide crafted archives as parameters to create or replace arbitrary files on the agent file system with attacker-specified content.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32981.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32981.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32981","reference_id":"","reference_type":"","scores":[{"value":"0.01044","scoring_system":"epss","scoring_elements":"0.77471","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01044","scoring_system":"epss","scoring_elements":"0.77427","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01044","scoring_system":"epss","scoring_elements":"0.77478","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01044","scoring_system":"epss","scoring_elements":"0.77497","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01044","scoring_system":"epss","scoring_elements":"0.77452","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01044","scoring_system":"epss","scoring_elements":"0.77432","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01044","scoring_system":"epss","scoring_elements":"0.77462","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02338","scoring_system":"epss","scoring_elements":"0.849","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02338","scoring_system":"epss","scoring_elements":"0.84874","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02338","scoring_system":"epss","scoring_elements":"0.84877","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02338","scoring_system":"epss","scoring_elements":"0.84876","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02338","scoring_system":"epss","scoring_elements":"0.8491","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02338","scoring_system":"epss","scoring_elements":"0.84854","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03142","scoring_system":"epss","scoring_elements":"0.87028","published_at":"2026-05-14T12:55:00Z"},{"value":"0.03142","scoring_system":"epss","scoring_elements":"0.86954","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03142","scoring_system":"epss","scoring_elements":"0.86972","published_at":"2026-05-07T12:55:00Z"},{"value":"0.03142","scoring_system":"epss","scoring_elements":"0.8699","published_at":"2026-05-09T12:55:00Z"},{"value":"0.03142","scoring_system":"epss","scoring_elements":"0.86985","published_at":"2026-05-11T12:55:00Z"},{"value":"0.03142","scoring_system":"epss","scoring_elements":"0.86999","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32981"},{"reference_url":"https://github.com/jenkinsci/pipeline-utility-steps-plugin/commit/0ba4f329ee27c023609653e25bdd5604c5e46a11","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/pipeline-utility-steps-plugin/commit/0ba4f329ee27c023609653e25bdd5604c5e46a11"},{"reference_url":"https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-23T20:48:10Z/"}],"url":"https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2207835","reference_id":"2207835","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2207835"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32981","reference_id":"CVE-2023-32981","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32981"},{"reference_url":"https://github.com/advisories/GHSA-6987-xccv-fhjp","reference_id":"GHSA-6987-xccv-fhjp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6987-xccv-fhjp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3610","reference_id":"RHSA-2023:3610","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3610"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3625","reference_id":"RHSA-2023:3625","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3625"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3663","reference_id":"RHSA-2023:3663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3663"}],"fixed_packages":[],"aliases":["CVE-2023-32981","GHSA-6987-xccv-fhjp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yph7-zq7p-j3hz"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.11.1686831822-1%3Farch=el8"}