{"url":"http://public2.vulnerablecode.io/api/packages/97859?format=json","purl":"pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1?arch=el7eap","type":"rpm","namespace":"redhat","name":"eap7-woodstox-core","version":"6.4.0-1.redhat_00001.1","qualifiers":{"arch":"el7eap"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53129?format=json","vulnerability_id":"VCID-e3vc-jpft-gye7","summary":"XNIO `notifyReadClosed` method logging message to unexpected end\nA flaw was found in XNIO, specifically in the `notifyReadClosed` method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up. A fix for this issue is available on the `3.x` branch of the repository.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0084.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0084.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2022-0084","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2022-0084"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0084","reference_id":"","reference_type":"","scores":[{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64429","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64304","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64352","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64367","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64379","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64338","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64374","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64386","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64377","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64397","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.6441","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64384","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64261","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64318","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64346","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0084"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064226","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0084","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0084"},{"reference_url":"https://github.com/xnio/xnio","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xnio/xnio"},{"reference_url":"https://github.com/xnio/xnio/commit/fdefb3b8b715d33387cadc4d48991fb1989b0c12","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xnio/xnio/commit/fdefb3b8b715d33387cadc4d48991fb1989b0c12"},{"reference_url":"https://github.com/xnio/xnio/pull/291","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xnio/xnio/pull/291"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0084","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0084"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013280","reference_id":"1013280","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013280"},{"reference_url":"https://github.com/advisories/GHSA-76fg-mhrg-fmmg","reference_id":"GHSA-76fg-mhrg-fmmg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-76fg-mhrg-fmmg"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2232","reference_id":"RHSA-2022:2232","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2232"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4918","reference_id":"RHSA-2022:4918","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4918"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4919","reference_id":"RHSA-2022:4919","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4919"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4922","reference_id":"RHSA-2022:4922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5532","reference_id":"RHSA-2022:5532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6782","reference_id":"RHSA-2022:6782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6783","reference_id":"RHSA-2022:6783","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6783"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6787","reference_id":"RHSA-2022:6787","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6787"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7409","reference_id":"RHSA-2022:7409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7410","reference_id":"RHSA-2022:7410","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7410"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7411","reference_id":"RHSA-2022:7411","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7411"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7417","reference_id":"RHSA-2022:7417","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7417"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4437","reference_id":"RHSA-2025:4437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4437"}],"fixed_packages":[],"aliases":["CVE-2022-0084","GHSA-76fg-mhrg-fmmg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e3vc-jpft-gye7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52285?format=json","vulnerability_id":"VCID-hqzr-vc5w-9ff5","summary":"Denial of Service due to parser crash\nThose using FasterXML/woodstox to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.\n\nThis vulnerability is only relevant for users making use of the DTD parsing functionality.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40152.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40152.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-40152","reference_id":"","reference_type":"","scores":[{"value":"0.00803","scoring_system":"epss","scoring_elements":"0.74184","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00803","scoring_system":"epss","scoring_elements":"0.74176","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00803","scoring_system":"epss","scoring_elements":"0.7414","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00803","scoring_system":"epss","scoring_elements":"0.7415","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00803","scoring_system":"epss","scoring_elements":"0.74141","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00803","scoring_system":"epss","scoring_elements":"0.74102","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00803","scoring_system":"epss","scoring_elements":"0.74109","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00803","scoring_system":"epss","scoring_elements":"0.74126","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00803","scoring_system":"epss","scoring_elements":"0.74105","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00803","scoring_system":"epss","scoring_elements":"0.7409","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00803","scoring_system":"epss","scoring_elements":"0.74057","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00803","scoring_system":"epss","scoring_elements":"0.74086","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00803","scoring_system":"epss","scoring_elements":"0.7406","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00825","scoring_system":"epss","scoring_elements":"0.74571","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00825","scoring_system":"epss","scoring_elements":"0.74541","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-40152"},{"reference_url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47434","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:39:21Z/"}],"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47434"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40152","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40152"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/FasterXML/woodstox","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/woodstox"},{"reference_url":"https://github.com/FasterXML/woodstox/issues/157","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/woodstox/issues/157"},{"reference_url":"https://github.com/FasterXML/woodstox/issues/160","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/woodstox/issues/160"},{"reference_url":"https://github.com/FasterXML/woodstox/pull/159","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/woodstox/pull/159"},{"reference_url":"https://github.com/x-stream/xstream/issues/304","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:39:21Z/"}],"url":"https://github.com/x-stream/xstream/issues/304"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-40152","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-40152"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032089","reference_id":"1032089","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032089"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2134291","reference_id":"2134291","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2134291"},{"reference_url":"https://github.com/advisories/GHSA-3f7h-mf4q-vrm4","reference_id":"GHSA-3f7h-mf4q-vrm4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3f7h-mf4q-vrm4"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0469","reference_id":"RHSA-2023:0469","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0469"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0552","reference_id":"RHSA-2023:0552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0553","reference_id":"RHSA-2023:0553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0554","reference_id":"RHSA-2023:0554","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0554"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0556","reference_id":"RHSA-2023:0556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0556"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2100","reference_id":"RHSA-2023:2100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2100"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3299","reference_id":"RHSA-2023:3299","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3299"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3641","reference_id":"RHSA-2023:3641","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3641"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3815","reference_id":"RHSA-2023:3815","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3815"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4983","reference_id":"RHSA-2023:4983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4437","reference_id":"RHSA-2025:4437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4437"}],"fixed_packages":[],"aliases":["CVE-2022-40152","GHSA-3f7h-mf4q-vrm4"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hqzr-vc5w-9ff5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13636?format=json","vulnerability_id":"VCID-kexn-gjxj-uudm","summary":"Path Traversal: 'dir/../../filename' in moment.locale\nThis vulnerability impacts npm (server) users of moment.js, especially if user provided locale string, eg `fr` is directly used to switch moment locale.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24785.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24785.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24785","reference_id":"","reference_type":"","scores":[{"value":"0.02256","scoring_system":"epss","scoring_elements":"0.84703","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02256","scoring_system":"epss","scoring_elements":"0.84611","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02256","scoring_system":"epss","scoring_elements":"0.84592","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02256","scoring_system":"epss","scoring_elements":"0.84585","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02256","scoring_system":"epss","scoring_elements":"0.84564","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02256","scoring_system":"epss","scoring_elements":"0.84676","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02256","scoring_system":"epss","scoring_elements":"0.8456","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02256","scoring_system":"epss","scoring_elements":"0.84601","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02256","scoring_system":"epss","scoring_elements":"0.84621","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02256","scoring_system":"epss","scoring_elements":"0.84622","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02256","scoring_system":"epss","scoring_elements":"0.84539","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02256","scoring_system":"epss","scoring_elements":"0.84606","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02256","scoring_system":"epss","scoring_elements":"0.84624","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02256","scoring_system":"epss","scoring_elements":"0.84651","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02256","scoring_system":"epss","scoring_elements":"0.84663","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02256","scoring_system":"epss","scoring_elements":"0.8466","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24785"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moment/moment","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moment/moment"},{"reference_url":"https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:10Z/"}],"url":"https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00035.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:10Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00035.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220513-0006","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220513-0006"},{"reference_url":"https://security.netapp.com/advisory/ntap-20241108-0002","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20241108-0002"},{"reference_url":"https://www.tenable.com/security/tns-2022-09","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:10Z/"}],"url":"https://www.tenable.com/security/tns-2022-09"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009327","reference_id":"1009327","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009327"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2072009","reference_id":"2072009","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2072009"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q/","reference_id":"6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:10Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24785","reference_id":"CVE-2022-24785","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24785"},{"reference_url":"https://github.com/advisories/GHSA-8hfj-j24r-96c4","reference_id":"GHSA-8hfj-j24r-96c4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8hfj-j24r-96c4"},{"reference_url":"https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4","reference_id":"GHSA-8hfj-j24r-96c4","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:10Z/"}],"url":"https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220513-0006/","reference_id":"ntap-20220513-0006","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:10Z/"}],"url":"https://security.netapp.com/advisory/ntap-20220513-0006/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5/","reference_id":"ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:10Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4918","reference_id":"RHSA-2022:4918","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4918"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4919","reference_id":"RHSA-2022:4919","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4919"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4922","reference_id":"RHSA-2022:4922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4956","reference_id":"RHSA-2022:4956","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4956"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5006","reference_id":"RHSA-2022:5006","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6156","reference_id":"RHSA-2022:6156","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6156"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6272","reference_id":"RHSA-2022:6272","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6272"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6277","reference_id":"RHSA-2022:6277","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6277"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8652","reference_id":"RHSA-2022:8652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0076","reference_id":"RHSA-2023:0076","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0076"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3642","reference_id":"RHSA-2023:3642","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3642"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4437","reference_id":"RHSA-2025:4437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4437"},{"reference_url":"https://usn.ubuntu.com/5559-1/","reference_id":"USN-5559-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5559-1/"}],"fixed_packages":[],"aliases":["CVE-2022-24785","GHSA-8hfj-j24r-96c4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kexn-gjxj-uudm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53284?format=json","vulnerability_id":"VCID-mm3e-4pej-byed","summary":"Uncontrolled Resource Consumption in snakeyaml\nThe package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25857.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25857.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25857","reference_id":"","reference_type":"","scores":[{"value":"0.00869","scoring_system":"epss","scoring_elements":"0.75288","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00869","scoring_system":"epss","scoring_elements":"0.75261","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00869","scoring_system":"epss","scoring_elements":"0.75251","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00869","scoring_system":"epss","scoring_elements":"0.75132","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00869","scoring_system":"epss","scoring_elements":"0.7521","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00869","scoring_system":"epss","scoring_elements":"0.75207","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00869","scoring_system":"epss","scoring_elements":"0.75185","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00869","scoring_system":"epss","scoring_elements":"0.75173","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00869","scoring_system":"epss","scoring_elements":"0.75139","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00869","scoring_system":"epss","scoring_elements":"0.75162","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00869","scoring_system":"epss","scoring_elements":"0.75247","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00869","scoring_system":"epss","scoring_elements":"0.75244","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00869","scoring_system":"epss","scoring_elements":"0.75206","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00869","scoring_system":"epss","scoring_elements":"0.75216","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25857"},{"reference_url":"https://bitbucket.org/snakeyaml/snakeyaml/commits/fc300780da21f4bb92c148bc90257201220cf174","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bitbucket.org/snakeyaml/snakeyaml/commits/fc300780da21f4bb92c148bc90257201220cf174"},{"reference_url":"https://bitbucket.org/snakeyaml/snakeyaml/issues/525","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bitbucket.org/snakeyaml/snakeyaml/issues/525"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25857","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25857"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/jruby/jruby/issues/7342","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://github.com/jruby/jruby/issues/7342"},{"reference_url":"https://github.com/snakeyaml/snakeyaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/snakeyaml/snakeyaml"},{"reference_url":"https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25857","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25857"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240315-0010","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240315-0010"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019218","reference_id":"1019218","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019218"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2126789","reference_id":"2126789","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2126789"},{"reference_url":"https://github.com/advisories/GHSA-3mc7-4q67-w48m","reference_id":"GHSA-3mc7-4q67-w48m","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3mc7-4q67-w48m"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6757","reference_id":"RHSA-2022:6757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6820","reference_id":"RHSA-2022:6820","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6820"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6821","reference_id":"RHSA-2022:6821","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6821"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6822","reference_id":"RHSA-2022:6822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6823","reference_id":"RHSA-2022:6823","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6823"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6825","reference_id":"RHSA-2022:6825","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6825"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6835","reference_id":"RHSA-2022:6835","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6835"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6941","reference_id":"RHSA-2022:6941","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6941"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8524","reference_id":"RHSA-2022:8524","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8524"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8652","reference_id":"RHSA-2022:8652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8876","reference_id":"RHSA-2022:8876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8876"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0560","reference_id":"RHSA-2023:0560","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0560"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0777","reference_id":"RHSA-2023:0777","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0777"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2097","reference_id":"RHSA-2023:2097","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2097"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2100","reference_id":"RHSA-2023:2100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2100"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3198","reference_id":"RHSA-2023:3198","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3198"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3641","reference_id":"RHSA-2023:3641","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3641"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4983","reference_id":"RHSA-2023:4983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6172","reference_id":"RHSA-2023:6172","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6172"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6179","reference_id":"RHSA-2023:6179","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6179"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7288","reference_id":"RHSA-2023:7288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7697","reference_id":"RHSA-2023:7697","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7697"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0776","reference_id":"RHSA-2024:0776","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0776"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0777","reference_id":"RHSA-2024:0777","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0777"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0778","reference_id":"RHSA-2024:0778","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0778"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4437","reference_id":"RHSA-2025:4437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4437"},{"reference_url":"https://usn.ubuntu.com/5944-1/","reference_id":"USN-5944-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5944-1/"}],"fixed_packages":[],"aliases":["CVE-2022-25857","GHSA-3mc7-4q67-w48m"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mm3e-4pej-byed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52409?format=json","vulnerability_id":"VCID-myp4-24sf-9yfv","summary":"Jettison memory exhaustion\nThose using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40150.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40150.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-40150","reference_id":"","reference_type":"","scores":[{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20493","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20299","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20219","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.2043","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20115","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20149","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20276","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20277","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20272","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20284","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20343","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20388","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20358","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20471","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20541","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21086","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-40150"},{"reference_url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46549","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:36:35Z/"}],"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46549"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40149","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40149"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40150","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40150"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45685","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45685"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45693","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45693"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/jettison-json/jettison","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jettison-json/jettison"},{"reference_url":"https://github.com/jettison-json/jettison/issues/45","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:36:35Z/"}],"url":"https://github.com/jettison-json/jettison/issues/45"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00045.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:36:35Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00045.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-40150","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-40150"},{"reference_url":"https://www.debian.org/security/2023/dsa-5312","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:36:35Z/"}],"url":"https://www.debian.org/security/2023/dsa-5312"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022553","reference_id":"1022553","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022553"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2135770","reference_id":"2135770","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2135770"},{"reference_url":"https://github.com/advisories/GHSA-x27m-9w8j-5vcw","reference_id":"GHSA-x27m-9w8j-5vcw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x27m-9w8j-5vcw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0469","reference_id":"RHSA-2023:0469","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0469"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0552","reference_id":"RHSA-2023:0552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0553","reference_id":"RHSA-2023:0553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0554","reference_id":"RHSA-2023:0554","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0554"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0556","reference_id":"RHSA-2023:0556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0556"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2100","reference_id":"RHSA-2023:2100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2100"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3223","reference_id":"RHSA-2023:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3610","reference_id":"RHSA-2023:3610","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3610"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3663","reference_id":"RHSA-2023:3663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4437","reference_id":"RHSA-2025:4437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4437"},{"reference_url":"https://usn.ubuntu.com/6177-1/","reference_id":"USN-6177-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6177-1/"}],"fixed_packages":[],"aliases":["CVE-2022-40150","GHSA-x27m-9w8j-5vcw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-myp4-24sf-9yfv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14315?format=json","vulnerability_id":"VCID-nfjb-tkzv-fudg","summary":"The package com.google.code.gson:gson before 2.8.9 is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25647.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25647.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25647","reference_id":"","reference_type":"","scores":[{"value":"0.02798","scoring_system":"epss","scoring_elements":"0.86171","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02798","scoring_system":"epss","scoring_elements":"0.86193","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02798","scoring_system":"epss","scoring_elements":"0.86053","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02798","scoring_system":"epss","scoring_elements":"0.8607","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02798","scoring_system":"epss","scoring_elements":"0.86069","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02798","scoring_system":"epss","scoring_elements":"0.86089","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02798","scoring_system":"epss","scoring_elements":"0.86099","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02798","scoring_system":"epss","scoring_elements":"0.86114","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02798","scoring_system":"epss","scoring_elements":"0.86111","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02798","scoring_system":"epss","scoring_elements":"0.86106","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02798","scoring_system":"epss","scoring_elements":"0.86124","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02798","scoring_system":"epss","scoring_elements":"0.86129","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02798","scoring_system":"epss","scoring_elements":"0.86122","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02798","scoring_system":"epss","scoring_elements":"0.86142","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02798","scoring_system":"epss","scoring_elements":"0.86152","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02798","scoring_system":"epss","scoring_elements":"0.86151","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25647"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25647","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25647"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/google/gson","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/google/gson"},{"reference_url":"https://github.com/google/gson/pull/1991","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/google/gson/pull/1991"},{"reference_url":"https://github.com/google/gson/pull/1991/commits","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/google/gson/pull/1991/commits"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00015.html","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00015.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00009.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220901-0009","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220901-0009"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220901-0009/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220901-0009/"},{"reference_url":"https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327"},{"reference_url":"https://www.debian.org/security/2022/dsa-5227","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2022/dsa-5227"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010670","reference_id":"1010670","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010670"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2080850","reference_id":"2080850","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2080850"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25647","reference_id":"CVE-2022-25647","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25647"},{"reference_url":"https://github.com/advisories/GHSA-4jrv-ppp4-jm57","reference_id":"GHSA-4jrv-ppp4-jm57","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4jrv-ppp4-jm57"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4985","reference_id":"RHSA-2022:4985","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4985"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5029","reference_id":"RHSA-2022:5029","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5029"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5892","reference_id":"RHSA-2022:5892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5893","reference_id":"RHSA-2022:5893","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5893"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5894","reference_id":"RHSA-2022:5894","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5894"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5903","reference_id":"RHSA-2022:5903","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5903"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5928","reference_id":"RHSA-2022:5928","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5928"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6819","reference_id":"RHSA-2022:6819","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6819"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6835","reference_id":"RHSA-2022:6835","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6835"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3299","reference_id":"RHSA-2023:3299","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3299"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4437","reference_id":"RHSA-2025:4437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4437"},{"reference_url":"https://usn.ubuntu.com/6692-1/","reference_id":"USN-6692-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6692-1/"}],"fixed_packages":[],"aliases":["CVE-2022-25647","GHSA-4jrv-ppp4-jm57"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nfjb-tkzv-fudg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52395?format=json","vulnerability_id":"VCID-sqx4-euc2-myew","summary":"Jettison parser crash by stackoverflow\nThose using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40149.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40149.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-40149","reference_id":"","reference_type":"","scores":[{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67901","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67964","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.6795","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67899","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.6792","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.68029","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.68024","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.68015","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67972","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.6799","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67977","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67939","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67974","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67988","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.685","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68541","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-40149"},{"reference_url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46538","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:36:38Z/"}],"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40149","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40149"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40150","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40150"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45685","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45685"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45693","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45693"},{"reference_url":"https://github.com/jettison-json/jettison","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jettison-json/jettison"},{"reference_url":"https://github.com/jettison-json/jettison/issues/45","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:36:38Z/"}],"url":"https://github.com/jettison-json/jettison/issues/45"},{"reference_url":"https://github.com/jettison-json/jettison/pull/49/files","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jettison-json/jettison/pull/49/files"},{"reference_url":"https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00011.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:36:38Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00011.html"},{"reference_url":"https://www.debian.org/security/2023/dsa-5312","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:36:38Z/"}],"url":"https://www.debian.org/security/2023/dsa-5312"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022554","reference_id":"1022554","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022554"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2135771","reference_id":"2135771","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2135771"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-40149","reference_id":"CVE-2022-40149","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-40149"},{"reference_url":"https://github.com/advisories/GHSA-56h3-78gp-v83r","reference_id":"GHSA-56h3-78gp-v83r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-56h3-78gp-v83r"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0469","reference_id":"RHSA-2023:0469","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0469"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0544","reference_id":"RHSA-2023:0544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0552","reference_id":"RHSA-2023:0552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0553","reference_id":"RHSA-2023:0553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0554","reference_id":"RHSA-2023:0554","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0554"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0556","reference_id":"RHSA-2023:0556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0556"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3223","reference_id":"RHSA-2023:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3610","reference_id":"RHSA-2023:3610","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3610"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3663","reference_id":"RHSA-2023:3663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4437","reference_id":"RHSA-2025:4437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4437"},{"reference_url":"https://usn.ubuntu.com/6177-1/","reference_id":"USN-6177-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6177-1/"}],"fixed_packages":[],"aliases":["CVE-2022-40149","GHSA-56h3-78gp-v83r"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sqx4-euc2-myew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12491?format=json","vulnerability_id":"VCID-zy5r-wxv8-g3e8","summary":"Uncontrolled Resource Consumption\nIn Apache ActiveMQ Artemis, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23913.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23913.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23913","reference_id":"","reference_type":"","scores":[{"value":"0.02409","scoring_system":"epss","scoring_elements":"0.8518","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02409","scoring_system":"epss","scoring_elements":"0.85153","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02409","scoring_system":"epss","scoring_elements":"0.85139","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02409","scoring_system":"epss","scoring_elements":"0.85142","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02409","scoring_system":"epss","scoring_elements":"0.85133","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02409","scoring_system":"epss","scoring_elements":"0.85112","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02409","scoring_system":"epss","scoring_elements":"0.8511","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02409","scoring_system":"epss","scoring_elements":"0.85088","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02409","scoring_system":"epss","scoring_elements":"0.85094","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02409","scoring_system":"epss","scoring_elements":"0.85078","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02409","scoring_system":"epss","scoring_elements":"0.8507","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02409","scoring_system":"epss","scoring_elements":"0.85092","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02409","scoring_system":"epss","scoring_elements":"0.85044","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02409","scoring_system":"epss","scoring_elements":"0.85027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02409","scoring_system":"epss","scoring_elements":"0.85048","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23913"},{"reference_url":"https://github.com/apache/activemq-artemis","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq-artemis"},{"reference_url":"https://github.com/apache/activemq-artemis/pull/3862","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq-artemis/pull/3862"},{"reference_url":"https://github.com/apache/activemq-artemis/pull/3862/commits/1f92368240229b8f5db92a92a72c703faf83e9b7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq-artemis/pull/3862/commits/1f92368240229b8f5db92a92a72c703faf83e9b7"},{"reference_url":"https://github.com/apache/activemq-artemis/pull/3871","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq-artemis/pull/3871"},{"reference_url":"https://github.com/apache/activemq-artemis/pull/3871/commits/153d2e9a979aead8dff95fbc91d659ecc7d0fb82","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq-artemis/pull/3871/commits/153d2e9a979aead8dff95fbc91d659ecc7d0fb82"},{"reference_url":"https://github.com/github/codeql-java-CVE-coverage/issues/1061","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/github/codeql-java-CVE-coverage/issues/1061"},{"reference_url":"https://issues.apache.org/jira/browse/ARTEMIS-3593","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/ARTEMIS-3593"},{"reference_url":"https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220303-0003","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220303-0003"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220303-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220303-0003/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2063601","reference_id":"2063601","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2063601"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23913","reference_id":"CVE-2022-23913","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23913"},{"reference_url":"https://github.com/advisories/GHSA-pr38-qpxm-g88x","reference_id":"GHSA-pr38-qpxm-g88x","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pr38-qpxm-g88x"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4918","reference_id":"RHSA-2022:4918","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4918"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4919","reference_id":"RHSA-2022:4919","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4919"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4922","reference_id":"RHSA-2022:4922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5101","reference_id":"RHSA-2022:5101","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5101"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5532","reference_id":"RHSA-2022:5532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7409","reference_id":"RHSA-2022:7409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7410","reference_id":"RHSA-2022:7410","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7410"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7411","reference_id":"RHSA-2022:7411","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7411"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7417","reference_id":"RHSA-2022:7417","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7417"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4437","reference_id":"RHSA-2025:4437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4437"}],"fixed_packages":[],"aliases":["CVE-2022-23913","GHSA-pr38-qpxm-g88x"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zy5r-wxv8-g3e8"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1%3Farch=el7eap"}