{"url":"http://public2.vulnerablecode.io/api/packages/98050?format=json","purl":"pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1?arch=el7sso","type":"rpm","namespace":"redhat","name":"rh-sso7-keycloak","version":"18.0.3-1.redhat_00001.1","qualifiers":{"arch":"el7sso"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11399?format=json","vulnerability_id":"VCID-5tzs-qhg5-rbbe","summary":"Improper Input Validation\nThe OWASP Java HTML Sanitizer does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42575.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42575.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42575","reference_id":"","reference_type":"","scores":[{"value":"0.00718","scoring_system":"epss","scoring_elements":"0.7262","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00718","scoring_system":"epss","scoring_elements":"0.72481","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00718","scoring_system":"epss","scoring_elements":"0.72524","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00718","scoring_system":"epss","scoring_elements":"0.72532","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00718","scoring_system":"epss","scoring_elements":"0.72529","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00718","scoring_system":"epss","scoring_elements":"0.7252","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00718","scoring_system":"epss","scoring_elements":"0.7255","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00718","scoring_system":"epss","scoring_elements":"0.72575","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00718","scoring_system":"epss","scoring_elements":"0.72538","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00718","scoring_system":"epss","scoring_elements":"0.72564","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00718","scoring_system":"epss","scoring_elements":"0.72395","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00718","scoring_system":"epss","scoring_elements":"0.724","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00718","scoring_system":"epss","scoring_elements":"0.72418","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00718","scoring_system":"epss","scoring_elements":"0.72434","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00718","scoring_system":"epss","scoring_elements":"0.72446","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00718","scoring_system":"epss","scoring_elements":"0.7247","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00718","scoring_system":"epss","scoring_elements":"0.72452","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00718","scoring_system":"epss","scoring_elements":"0.72442","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00718","scoring_system":"epss","scoring_elements":"0.72484","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00718","scoring_system":"epss","scoring_elements":"0.72492","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42575"},{"reference_url":"https://docs.google.com/document/d/11SoX296sMS0XoQiQbpxc5pNxSdbJKDJkm5BDv0zrX50","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.google.com/document/d/11SoX296sMS0XoQiQbpxc5pNxSdbJKDJkm5BDv0zrX50"},{"reference_url":"https://docs.google.com/document/d/11SoX296sMS0XoQiQbpxc5pNxSdbJKDJkm5BDv0zrX50/","reference_id":"","reference_type":"","scores":[],"url":"https://docs.google.com/document/d/11SoX296sMS0XoQiQbpxc5pNxSdbJKDJkm5BDv0zrX50/"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2027195","reference_id":"2027195","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2027195"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-42575","reference_id":"CVE-2021-42575","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-42575"},{"reference_url":"https://github.com/advisories/GHSA-3w73-fmf3-hg5c","reference_id":"GHSA-3w73-fmf3-hg5c","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3w73-fmf3-hg5c"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7409","reference_id":"RHSA-2022:7409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7410","reference_id":"RHSA-2022:7410","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7410"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7411","reference_id":"RHSA-2022:7411","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7411"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7417","reference_id":"RHSA-2022:7417","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7417"}],"fixed_packages":[],"aliases":["CVE-2021-42575","GHSA-3w73-fmf3-hg5c"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5tzs-qhg5-rbbe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52356?format=json","vulnerability_id":"VCID-7z49-f322-n7g8","summary":"Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console\nAn issue was discovered in Keycloak allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the `UPLOAD_SCRIPTS` feature is disabled","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2668.json","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2668.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2022-2668","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2022-2668"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2668","reference_id":"","reference_type":"","scores":[{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64878","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64696","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64733","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64744","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.6473","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64749","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64762","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64759","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64739","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64787","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.6483","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64801","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64822","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.6467","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64698","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64656","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64704","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64719","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64736","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64724","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2668"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2115392","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2115392"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/e2ae7eef39b27e48ffa4764995d558555f02838c","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/e2ae7eef39b27e48ffa4764995d558555f02838c"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2668","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2668"},{"reference_url":"https://github.com/advisories/GHSA-wf7g-7h6h-678v","reference_id":"GHSA-wf7g-7h6h-678v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wf7g-7h6h-678v"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6782","reference_id":"RHSA-2022:6782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6783","reference_id":"RHSA-2022:6783","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6783"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6787","reference_id":"RHSA-2022:6787","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6787"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7409","reference_id":"RHSA-2022:7409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7410","reference_id":"RHSA-2022:7410","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7410"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7411","reference_id":"RHSA-2022:7411","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7411"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7417","reference_id":"RHSA-2022:7417","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7417"}],"fixed_packages":[],"aliases":["CVE-2022-2668","GHSA-wf7g-7h6h-678v"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7z49-f322-n7g8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79532?format=json","vulnerability_id":"VCID-93ut-2de3-ckc5","summary":"undertow: Double AJP response for 400 from EAP 7 results in CPING failures","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1319.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1319.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1319","reference_id":"","reference_type":"","scores":[{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.78805","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.78812","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.78841","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.78825","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.7885","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.78856","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.78879","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.78862","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.78853","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.78881","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.78875","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.78904","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.78912","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.78929","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.78945","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.78967","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.7898","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.78977","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.78995","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.79034","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1319"},{"reference_url":"https://github.com/undertow-io/undertow/commit/1443a1a2bbb8e32e56788109d8285db250d55c8b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/undertow-io/undertow/commit/1443a1a2bbb8e32e56788109d8285db250d55c8b"},{"reference_url":"https://github.com/undertow-io/undertow/commit/7c5b3ab885b5638fd3f1e8a935d5063d68aa2df3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/undertow-io/undertow/commit/7c5b3ab885b5638fd3f1e8a935d5063d68aa2df3"},{"reference_url":"https://issues.redhat.com/browse/UNDERTOW-2060","reference_id":"","reference_type":"","scores":[],"url":"https://issues.redhat.com/browse/UNDERTOW-2060"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016448","reference_id":"1016448","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016448"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2073890","reference_id":"2073890","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2073890"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2022-1319","reference_id":"CVE-2022-1319","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/CVE-2022-1319"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1319","reference_id":"CVE-2022-1319","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1319"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4918","reference_id":"RHSA-2022:4918","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4918"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4919","reference_id":"RHSA-2022:4919","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4919"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4922","reference_id":"RHSA-2022:4922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5532","reference_id":"RHSA-2022:5532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7409","reference_id":"RHSA-2022:7409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7410","reference_id":"RHSA-2022:7410","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7410"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7411","reference_id":"RHSA-2022:7411","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7411"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7417","reference_id":"RHSA-2022:7417","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7417"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8761","reference_id":"RHSA-2022:8761","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8761"}],"fixed_packages":[],"aliases":["CVE-2022-1319"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-93ut-2de3-ckc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53129?format=json","vulnerability_id":"VCID-e3vc-jpft-gye7","summary":"XNIO `notifyReadClosed` method logging message to unexpected end\nA flaw was found in XNIO, specifically in the `notifyReadClosed` method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up. A fix for this issue is available on the `3.x` branch of the repository.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0084.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0084.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2022-0084","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2022-0084"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0084","reference_id":"","reference_type":"","scores":[{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64521","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64338","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64374","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64386","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64377","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64397","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.6441","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64384","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64429","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64474","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64444","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64469","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64261","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64318","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64346","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64304","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64352","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64367","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64379","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0084"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064226","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0084","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0084"},{"reference_url":"https://github.com/xnio/xnio","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xnio/xnio"},{"reference_url":"https://github.com/xnio/xnio/commit/fdefb3b8b715d33387cadc4d48991fb1989b0c12","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xnio/xnio/commit/fdefb3b8b715d33387cadc4d48991fb1989b0c12"},{"reference_url":"https://github.com/xnio/xnio/pull/291","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xnio/xnio/pull/291"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0084","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0084"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013280","reference_id":"1013280","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013280"},{"reference_url":"https://github.com/advisories/GHSA-76fg-mhrg-fmmg","reference_id":"GHSA-76fg-mhrg-fmmg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-76fg-mhrg-fmmg"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2232","reference_id":"RHSA-2022:2232","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2232"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4918","reference_id":"RHSA-2022:4918","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4918"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4919","reference_id":"RHSA-2022:4919","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4919"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4922","reference_id":"RHSA-2022:4922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5532","reference_id":"RHSA-2022:5532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6782","reference_id":"RHSA-2022:6782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6783","reference_id":"RHSA-2022:6783","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6783"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6787","reference_id":"RHSA-2022:6787","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6787"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7409","reference_id":"RHSA-2022:7409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7410","reference_id":"RHSA-2022:7410","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7410"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7411","reference_id":"RHSA-2022:7411","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7411"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7417","reference_id":"RHSA-2022:7417","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7417"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4437","reference_id":"RHSA-2025:4437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4437"}],"fixed_packages":[],"aliases":["CVE-2022-0084","GHSA-76fg-mhrg-fmmg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e3vc-jpft-gye7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11983?format=json","vulnerability_id":"VCID-jstt-6zs3-ybew","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in com.h2database:h2.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42392.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42392.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42392","reference_id":"","reference_type":"","scores":[{"value":"0.90592","scoring_system":"epss","scoring_elements":"0.99626","published_at":"2026-05-14T12:55:00Z"},{"value":"0.90592","scoring_system":"epss","scoring_elements":"0.99623","published_at":"2026-05-09T12:55:00Z"},{"value":"0.90592","scoring_system":"epss","scoring_elements":"0.99625","published_at":"2026-05-12T12:55:00Z"},{"value":"0.90592","scoring_system":"epss","scoring_elements":"0.99624","published_at":"2026-05-11T12:55:00Z"},{"value":"0.90592","scoring_system":"epss","scoring_elements":"0.99621","published_at":"2026-05-05T12:55:00Z"},{"value":"0.90592","scoring_system":"epss","scoring_elements":"0.99622","published_at":"2026-05-07T12:55:00Z"},{"value":"0.90773","scoring_system":"epss","scoring_elements":"0.99622","published_at":"2026-04-02T12:55:00Z"},{"value":"0.91037","scoring_system":"epss","scoring_elements":"0.99636","published_at":"2026-04-04T12:55:00Z"},{"value":"0.91037","scoring_system":"epss","scoring_elements":"0.99642","published_at":"2026-04-24T12:55:00Z"},{"value":"0.91037","scoring_system":"epss","scoring_elements":"0.9964","published_at":"2026-04-18T12:55:00Z"},{"value":"0.91037","scoring_system":"epss","scoring_elements":"0.99639","published_at":"2026-04-16T12:55:00Z"},{"value":"0.91037","scoring_system":"epss","scoring_elements":"0.99644","published_at":"2026-04-26T12:55:00Z"},{"value":"0.91037","scoring_system":"epss","scoring_elements":"0.99645","published_at":"2026-04-29T12:55:00Z"},{"value":"0.91037","scoring_system":"epss","scoring_elements":"0.99638","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42392"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42392","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42392"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23221","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23221"},{"reference_url":"https://github.com/h2database/h2database","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/h2database/h2database"},{"reference_url":"https://github.com/h2database/h2database/releases/tag/version-2.0.206","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/h2database/h2database/releases/tag/version-2.0.206"},{"reference_url":"https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console"},{"reference_url":"https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/","reference_id":"","reference_type":"","scores":[],"url":"https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/02/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/02/msg00017.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-42392","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-42392"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220119-0001","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220119-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220119-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220119-0001/"},{"reference_url":"https://www.debian.org/security/2022/dsa-5076","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2022/dsa-5076"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.secpod.com/blog/log4shell-critical-remote-code-execution-vulnerability-in-h2database-console","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.secpod.com/blog/log4shell-critical-remote-code-execution-vulnerability-in-h2database-console"},{"reference_url":"https://www.secpod.com/blog/log4shell-critical-remote-code-execution-vulnerability-in-h2database-console/","reference_id":"","reference_type":"","scores":[],"url":"https://www.secpod.com/blog/log4shell-critical-remote-code-execution-vulnerability-in-h2database-console/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003894","reference_id":"1003894","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003894"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039403","reference_id":"2039403","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039403"},{"reference_url":"https://github.com/advisories/GHSA-h376-j262-vhq6","reference_id":"GHSA-h376-j262-vhq6","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h376-j262-vhq6"},{"reference_url":"https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6","reference_id":"GHSA-h376-j262-vhq6","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1013","reference_id":"RHSA-2022:1013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4918","reference_id":"RHSA-2022:4918","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4918"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4919","reference_id":"RHSA-2022:4919","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4919"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4922","reference_id":"RHSA-2022:4922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6782","reference_id":"RHSA-2022:6782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6783","reference_id":"RHSA-2022:6783","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6783"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6787","reference_id":"RHSA-2022:6787","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6787"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7409","reference_id":"RHSA-2022:7409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7410","reference_id":"RHSA-2022:7410","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7410"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7411","reference_id":"RHSA-2022:7411","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7411"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7417","reference_id":"RHSA-2022:7417","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7417"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1747","reference_id":"RHSA-2025:1747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1747"},{"reference_url":"https://usn.ubuntu.com/5365-1/","reference_id":"USN-5365-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5365-1/"},{"reference_url":"https://usn.ubuntu.com/6834-1/","reference_id":"USN-6834-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6834-1/"}],"fixed_packages":[],"aliases":["CVE-2021-42392","GHSA-h376-j262-vhq6","GMS-2022-7"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jstt-6zs3-ybew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53230?format=json","vulnerability_id":"VCID-n23y-qjaf-tfcm","summary":"Keycloak XSS via use of malicious payload as group name when creating new group from admin console\nA flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0225.json","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0225.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0225","reference_id":"","reference_type":"","scores":[{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65552","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65532","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65562","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65518","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65471","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.6548","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65432","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65469","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65465","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65353","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65401","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65428","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65391","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65444","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65455","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65474","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.6546","published_at":"2026-04-12T12:55:00Z"},{"value":"0.005","scoring_system":"epss","scoring_elements":"0.66047","published_at":"2026-04-26T12:55:00Z"},{"value":"0.005","scoring_system":"epss","scoring_elements":"0.66046","published_at":"2026-04-29T12:55:00Z"},{"value":"0.005","scoring_system":"epss","scoring_elements":"0.66036","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70444","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0225"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2040268","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2040268"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0225","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0225"},{"reference_url":"https://github.com/advisories/GHSA-fqc7-5xxc-ph7r","reference_id":"GHSA-fqc7-5xxc-ph7r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fqc7-5xxc-ph7r"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6782","reference_id":"RHSA-2022:6782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6783","reference_id":"RHSA-2022:6783","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6783"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6787","reference_id":"RHSA-2022:6787","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6787"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7409","reference_id":"RHSA-2022:7409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7410","reference_id":"RHSA-2022:7410","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7410"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7411","reference_id":"RHSA-2022:7411","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7411"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7417","reference_id":"RHSA-2022:7417","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7417"}],"fixed_packages":[],"aliases":["CVE-2022-0225","GHSA-fqc7-5xxc-ph7r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n23y-qjaf-tfcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79617?format=json","vulnerability_id":"VCID-sk2v-nmmr-h7d1","summary":"jboss-client: memory leakage in remote client transaction","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0853.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0853.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0853","reference_id":"","reference_type":"","scores":[{"value":"0.01306","scoring_system":"epss","scoring_elements":"0.79722","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01306","scoring_system":"epss","scoring_elements":"0.79729","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01306","scoring_system":"epss","scoring_elements":"0.7975","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01306","scoring_system":"epss","scoring_elements":"0.79736","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01306","scoring_system":"epss","scoring_elements":"0.79765","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01306","scoring_system":"epss","scoring_elements":"0.79772","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01306","scoring_system":"epss","scoring_elements":"0.79794","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01306","scoring_system":"epss","scoring_elements":"0.79778","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01306","scoring_system":"epss","scoring_elements":"0.7977","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01306","scoring_system":"epss","scoring_elements":"0.79797","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01306","scoring_system":"epss","scoring_elements":"0.79799","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01306","scoring_system":"epss","scoring_elements":"0.79802","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01306","scoring_system":"epss","scoring_elements":"0.79831","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01306","scoring_system":"epss","scoring_elements":"0.79838","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01306","scoring_system":"epss","scoring_elements":"0.79854","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01306","scoring_system":"epss","scoring_elements":"0.79869","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01306","scoring_system":"epss","scoring_elements":"0.79892","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01306","scoring_system":"epss","scoring_elements":"0.79908","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01306","scoring_system":"epss","scoring_elements":"0.79904","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01306","scoring_system":"epss","scoring_elements":"0.79922","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01306","scoring_system":"epss","scoring_elements":"0.79959","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0853"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2060725","reference_id":"2060725","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2060725"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4918","reference_id":"RHSA-2022:4918","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4918"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4919","reference_id":"RHSA-2022:4919","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4919"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4922","reference_id":"RHSA-2022:4922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7409","reference_id":"RHSA-2022:7409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7410","reference_id":"RHSA-2022:7410","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7410"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7411","reference_id":"RHSA-2022:7411","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7411"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7417","reference_id":"RHSA-2022:7417","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7417"}],"fixed_packages":[],"aliases":["CVE-2022-0853"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sk2v-nmmr-h7d1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11708?format=json","vulnerability_id":"VCID-swu5-a9h5-ffex","summary":"Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')\nThis CVE has been marked as a False Positive and has been removed.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43797.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43797.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43797","reference_id":"","reference_type":"","scores":[{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59682","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59612","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59584","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59627","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59569","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.5952","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59558","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59572","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59552","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59579","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59596","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59589","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59556","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59575","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59592","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59573","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59561","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59509","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59541","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59515","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.59443","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43797"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37136","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37136"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37137","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37137"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43797","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43797"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41881","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41881"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41915","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41915"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/netty/netty","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/netty/netty"},{"reference_url":"https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323"},{"reference_url":"https://github.com/netty/netty/pull/11891","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/netty/netty/pull/11891"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220107-0003","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220107-0003"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220107-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220107-0003/"},{"reference_url":"https://www.debian.org/security/2023/dsa-5316","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2023/dsa-5316"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001437","reference_id":"1001437","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001437"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2031958","reference_id":"2031958","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2031958"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43797","reference_id":"CVE-2021-43797","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43797"},{"reference_url":"https://github.com/advisories/GHSA-wx5j-54mm-rqqq","reference_id":"GHSA-wx5j-54mm-rqqq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wx5j-54mm-rqqq"},{"reference_url":"https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq","reference_id":"GHSA-wx5j-54mm-rqqq","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0520","reference_id":"RHSA-2022:0520","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0520"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1345","reference_id":"RHSA-2022:1345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1345"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2216","reference_id":"RHSA-2022:2216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2217","reference_id":"RHSA-2022:2217","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2217"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2218","reference_id":"RHSA-2022:2218","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2218"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4623","reference_id":"RHSA-2022:4623","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4623"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4918","reference_id":"RHSA-2022:4918","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4918"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4919","reference_id":"RHSA-2022:4919","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4919"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4922","reference_id":"RHSA-2022:4922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5101","reference_id":"RHSA-2022:5101","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5101"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5498","reference_id":"RHSA-2022:5498","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5498"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5532","reference_id":"RHSA-2022:5532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5903","reference_id":"RHSA-2022:5903","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5903"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6782","reference_id":"RHSA-2022:6782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6783","reference_id":"RHSA-2022:6783","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6783"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6787","reference_id":"RHSA-2022:6787","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6787"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7409","reference_id":"RHSA-2022:7409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7410","reference_id":"RHSA-2022:7410","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7410"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7411","reference_id":"RHSA-2022:7411","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7411"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7417","reference_id":"RHSA-2022:7417","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7417"},{"reference_url":"https://usn.ubuntu.com/6049-1/","reference_id":"USN-6049-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6049-1/"}],"fixed_packages":[],"aliases":["CVE-2021-43797","GHSA-wx5j-54mm-rqqq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-swu5-a9h5-ffex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79454?format=json","vulnerability_id":"VCID-v45q-vzz5-4bgd","summary":"wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0866.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0866.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0866","reference_id":"","reference_type":"","scores":[{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50524","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50581","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50608","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50561","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50615","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50612","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50655","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50632","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50618","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.5066","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50665","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50644","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50592","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.506","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50554","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50477","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50531","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50514","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50545","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50622","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0866"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2060929","reference_id":"2060929","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2060929"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4918","reference_id":"RHSA-2022:4918","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4918"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4919","reference_id":"RHSA-2022:4919","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4919"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4922","reference_id":"RHSA-2022:4922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6782","reference_id":"RHSA-2022:6782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6783","reference_id":"RHSA-2022:6783","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6783"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6787","reference_id":"RHSA-2022:6787","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6787"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7409","reference_id":"RHSA-2022:7409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7410","reference_id":"RHSA-2022:7410","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7410"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7411","reference_id":"RHSA-2022:7411","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7411"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7417","reference_id":"RHSA-2022:7417","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7417"}],"fixed_packages":[],"aliases":["CVE-2022-0866"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v45q-vzz5-4bgd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13270?format=json","vulnerability_id":"VCID-v6ek-y7cn-kycd","summary":"Uncontrolled Resource Consumption\njackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36518.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36518.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36518","reference_id":"","reference_type":"","scores":[{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64923","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66688","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66714","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66671","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66627","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66653","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66654","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66639","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66615","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66631","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66613","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66505","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66541","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66708","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66569","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66544","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66577","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66609","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66621","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66603","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66589","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/0a8157c6ca478b1bc7be4ba7dccdb3863275f0de","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/0a8157c6ca478b1bc7be4ba7dccdb3863275f0de"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/3cc52f82ecf943e06c1d7c3b078e405fb3923d2b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/3cc52f82ecf943e06c1d7c3b078e405fb3923d2b"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/8238ab41d0350fb915797c89d46777b4496b74fd","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/8238ab41d0350fb915797c89d46777b4496b74fd"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/b3587924ee5d8695942f364d0d404d48d0ea6126","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/b3587924ee5d8695942f364d0d404d48d0ea6126"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/fcfc4998ec23f0b1f7f8a9521c2b317b6c25892b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/fcfc4998ec23f0b1f7f8a9521c2b317b6c25892b"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2816","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/"}],"url":"https://github.com/FasterXML/jackson-databind/issues/2816"},{"reference_url":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.12","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.12"},{"reference_url":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.13","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.13"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220506-0004","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220506-0004"},{"reference_url":"https://www.debian.org/security/2022/dsa-5283","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/"}],"url":"https://www.debian.org/security/2022/dsa-5283"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007109","reference_id":"1007109","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007109"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064698","reference_id":"2064698","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064698"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36518","reference_id":"CVE-2020-36518","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36518"},{"reference_url":"https://github.com/advisories/GHSA-57j2-w4cx-62h2","reference_id":"GHSA-57j2-w4cx-62h2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-57j2-w4cx-62h2"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220506-0004/","reference_id":"ntap-20220506-0004","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/"}],"url":"https://security.netapp.com/advisory/ntap-20220506-0004/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2232","reference_id":"RHSA-2022:2232","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2232"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4918","reference_id":"RHSA-2022:4918","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4918"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4919","reference_id":"RHSA-2022:4919","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4919"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4922","reference_id":"RHSA-2022:4922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5029","reference_id":"RHSA-2022:5029","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5029"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5101","reference_id":"RHSA-2022:5101","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5101"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5532","reference_id":"RHSA-2022:5532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5596","reference_id":"RHSA-2022:5596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6407","reference_id":"RHSA-2022:6407","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6407"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6782","reference_id":"RHSA-2022:6782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6783","reference_id":"RHSA-2022:6783","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6783"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6787","reference_id":"RHSA-2022:6787","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6787"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6819","reference_id":"RHSA-2022:6819","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6819"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7409","reference_id":"RHSA-2022:7409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7410","reference_id":"RHSA-2022:7410","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7410"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7411","reference_id":"RHSA-2022:7411","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7411"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7417","reference_id":"RHSA-2022:7417","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7417"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7435","reference_id":"RHSA-2022:7435","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7435"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8781","reference_id":"RHSA-2022:8781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8889","reference_id":"RHSA-2022:8889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0264","reference_id":"RHSA-2023:0264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0264"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2312","reference_id":"RHSA-2023:2312","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2312"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3223","reference_id":"RHSA-2023:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3061","reference_id":"RHSA-2024:3061","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3061"}],"fixed_packages":[],"aliases":["CVE-2020-36518","GHSA-57j2-w4cx-62h2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v6ek-y7cn-kycd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12491?format=json","vulnerability_id":"VCID-zy5r-wxv8-g3e8","summary":"Uncontrolled Resource Consumption\nIn Apache ActiveMQ Artemis, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23913.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23913.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23913","reference_id":"","reference_type":"","scores":[{"value":"0.02409","scoring_system":"epss","scoring_elements":"0.85244","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02409","scoring_system":"epss","scoring_elements":"0.85027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02409","scoring_system":"epss","scoring_elements":"0.85044","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02409","scoring_system":"epss","scoring_elements":"0.85048","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02409","scoring_system":"epss","scoring_elements":"0.8507","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02409","scoring_system":"epss","scoring_elements":"0.85078","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02409","scoring_system":"epss","scoring_elements":"0.85094","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02409","scoring_system":"epss","scoring_elements":"0.85092","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02409","scoring_system":"epss","scoring_elements":"0.85088","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02409","scoring_system":"epss","scoring_elements":"0.8511","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02409","scoring_system":"epss","scoring_elements":"0.85112","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02409","scoring_system":"epss","scoring_elements":"0.85133","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02409","scoring_system":"epss","scoring_elements":"0.85142","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02409","scoring_system":"epss","scoring_elements":"0.85139","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02409","scoring_system":"epss","scoring_elements":"0.85153","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02409","scoring_system":"epss","scoring_elements":"0.8518","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02409","scoring_system":"epss","scoring_elements":"0.85199","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02409","scoring_system":"epss","scoring_elements":"0.85195","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02409","scoring_system":"epss","scoring_elements":"0.85209","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23913"},{"reference_url":"https://github.com/apache/activemq-artemis","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq-artemis"},{"reference_url":"https://github.com/apache/activemq-artemis/pull/3862","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq-artemis/pull/3862"},{"reference_url":"https://github.com/apache/activemq-artemis/pull/3862/commits/1f92368240229b8f5db92a92a72c703faf83e9b7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq-artemis/pull/3862/commits/1f92368240229b8f5db92a92a72c703faf83e9b7"},{"reference_url":"https://github.com/apache/activemq-artemis/pull/3871","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq-artemis/pull/3871"},{"reference_url":"https://github.com/apache/activemq-artemis/pull/3871/commits/153d2e9a979aead8dff95fbc91d659ecc7d0fb82","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq-artemis/pull/3871/commits/153d2e9a979aead8dff95fbc91d659ecc7d0fb82"},{"reference_url":"https://github.com/github/codeql-java-CVE-coverage/issues/1061","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/github/codeql-java-CVE-coverage/issues/1061"},{"reference_url":"https://issues.apache.org/jira/browse/ARTEMIS-3593","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/ARTEMIS-3593"},{"reference_url":"https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220303-0003","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220303-0003"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220303-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220303-0003/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2063601","reference_id":"2063601","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2063601"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23913","reference_id":"CVE-2022-23913","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23913"},{"reference_url":"https://github.com/advisories/GHSA-pr38-qpxm-g88x","reference_id":"GHSA-pr38-qpxm-g88x","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pr38-qpxm-g88x"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4918","reference_id":"RHSA-2022:4918","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4918"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4919","reference_id":"RHSA-2022:4919","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4919"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4922","reference_id":"RHSA-2022:4922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5101","reference_id":"RHSA-2022:5101","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5101"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5532","reference_id":"RHSA-2022:5532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7409","reference_id":"RHSA-2022:7409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7410","reference_id":"RHSA-2022:7410","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7410"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7411","reference_id":"RHSA-2022:7411","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7411"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7417","reference_id":"RHSA-2022:7417","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7417"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4437","reference_id":"RHSA-2025:4437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4437"}],"fixed_packages":[],"aliases":["CVE-2022-23913","GHSA-pr38-qpxm-g88x"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zy5r-wxv8-g3e8"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1%3Farch=el7sso"}