Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/98148?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/98148?format=api", "purl": "pkg:rpm/redhat/grafana@7.5.15-3?arch=el8", "type": "rpm", "namespace": "redhat", "name": "grafana", "version": "7.5.15-3", "qualifiers": { "arch": "el8" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19260?format=api", "vulnerability_id": "VCID-29pd-1pjc-kuds", "summary": "Grafana proxy Cross-site Scripting\nToday we are releasing Grafana 8.3.5 and 7.5.15. This patch release includes MEDIUM severity security fix for XSS for Grafana.\n\nRelease v.8.3.5, only containing security fixes:\n\n- [Download Grafana 8.3.5](https://grafana.com/grafana/download/8.3.5)\n- [Release notes](https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-3-5/)\n\nRelease v.7.5.15, only containing security fixes:\n\n- [Download Grafana 7.5.15](https://grafana.com/grafana/download/7.5.15)\n- [Release notes](https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-5-15/)\n\n## XSS ([CVE-2022-21702](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21702))\n\n### Summary\n\nOn Jan. 16, an external security researcher, Jasu Viding contacted Grafana to disclose an XSS vulnerability in the way that Grafana handles data sources.\n\nAn attacker could serve HTML content through the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance.\n\nWe believe that this vulnerability is rated at CVSS 6.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N). \n\n### Impact\n\nShould an existing data source connected to Grafana be compromised, it could be used to inappropriately gain access to other data sources connected to the same Grafana org.\n\n### Affected versions with MEDIUM severity \n\nTo be impacted, all of the following must be applicable:\n\n**For data source proxy**:\n - A Grafana instance running version v2.0.0-beta1 up to v8.3.4.\n - A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set.\n - Attacker to be in control of the HTTP server serving the URL of above data source.\n - A specially crafted link pointing at http://host/api/datasources/proxy/\"data source id\" and attacker somehow tricks a user of the above Grafana instance to click/visit the link.\n - A user that’s already authenticated to above Grafana instance clicks on/visits the specially crafted link sent/provided by the attacker.\n\n**For plugin proxy**:\n- A Grafana instance running version v2.0.0-beta1 up to v8.3.4.\n- A Grafana HTTP-based app plugin configured and enabled with a URL set.\n- Attacker to be in control of the HTTP server serving the URL of above app.\n- A specially crafted link pointing at http://host/api/plugin-proxy/\"plugin id\" and attacker somehow tricks a user of the above Grafana instance to click/visit the link.\n- A user that’s already authenticated to above Grafana instance clicks on/visits the specially crafted link sent/provided by the attacker.\n\n**Backend plugin resource**:\n- A Grafana instance running version v7.0.0-beta1 up to v8.3.4.\n- Attacker potentially needs to craft a custom plugin to be able to pull this off, but if an attacker can compromise/control the backend service that a backend plugin connects to, it might be possible to serve HTML content via the /api/plugins/\"plugin Id\"/resources* or /api/datasources/\"id\"/resources* routes.\n- A specially crafted link pointing at /api/plugins/\"plugin Id\">/resources* or /api/datasources/\"id\"/resources* and attacker somehow tricks a user of the above Grafana instance to click/visit the link.\n- A user that’s already authenticated to above Grafana instance clicks on/visits the specially crafted link sent/provided by the attacker.\n\n### Root Causes\n#### Trigger\nReproduced and confirmed via this Golang app:\n\n```\npackage main\n\nimport (\n\t\"fmt\"\n\t\"log\"\n\t\"net/http\"\n)\n\nfunc main() {\n\thttp.HandleFunc(\"/\", func(w http.ResponseWriter, r *http.Request) {\n\t\tfmt.Fprintf(w, \"<html><body><script>alert('XSS');</script></body></html>\")\n\t})\n\n\tlog.Fatal(http.ListenAndServe(\":3011\", nil))\n}\n```\n\nA Prometheus datasource is configured in Grafana with URL http://localhost:3011.\n\nWhen visitining http://localhost:3000/api/datasources/proxy/170 the scripts declared in the HTML page executes. Confirmed in both Chrome and Firefox.\n\n### Solutions and mitigations\n\nAll installations between Grafana v2.0.0-beta1 up to v8.3.4 should be upgraded as soon as possible.\n\n#### Workarounds\n\nUsing a proxy, set a response header Content Security Policy: sandbox for the following routes:\n\n`/api/datasources/proxy*`\n`/api/plugin-proxy*`\n`/api/plugins/<pluginId>/resources*`\n`/api/datasources/<id>/resources*`\n\nAnother possible mitigation is setting the response header Content-Disposition: attachment; “proxy.txt”. Confirmed in both Chrome and Firefox.\n\n### Timeline and postmortem\n\nHere is a detailed timeline starting from when we originally learned of the issue. All times in UTC.\n\n- 2022-01-16 16:19 Issue submitted by Jasu Viding\n- 2022-01-17 14:40 CVSS score confirmed 6.8 at maximum and MEDIUM impact\n- 2022-01-17 15:15 Vulnerability confirmed reproducible \n- 2022-01-17 16:01 Begin mitigation for Grafana Cloud\n- 2022-01-18 15:12 Similar report received \n- 2022-01-19 09:57 CVE requested \n- 2022-01-19 13:21 PR with fix opened\n- 2022-01-19 19:53 GitHub issues CVE-2022-21702\n- 2022-01-20 12:43 Second similar report received\n- 2022-01-21 14:30 Private release planned for 2022-01-25, and public release planned for 2022-02-01\n- 2022-01-25 12:00 Private release with patches\n- 2022-02-01 12:00 During the public release process, we realized that private 7.x release was incomplete. Abort public release, send second private release to customers using 7.x\n- 2022-02-08 13:00 Public release\n\n### Acknowledgement\nWe would like to thank Jasu Viding for responsibly disclosing the vulnerability.\n\n### Reporting security issues\n\nIf you think you have found a security vulnerability, please send a report to security@grafana.com. This address can be used for all of Grafana Labs' open source and commercial products (including, but not limited to Grafana, Grafana Cloud, Grafana Enterprise, and grafana.com) We can accept only vulnerability reports at this address. We would prefer that you encrypt your message to us by using our PGP key. The key fingerprint is\n\nF988 7BEA 027A 049F AE8E 5CAA D125 8932 BE24 C5CA\n\nThe key is available from keyserver.ubuntu.com.\n\n### Security announcements\n\nWe maintain a [security category](https://community.grafana.com/c/support/security-announcements) on our blog, where we will always post a summary, remediation, and mitigation details for any patch containing security fixes.\n\nYou can also subscribe to our [RSS feed](https://grafana.com/tags/security/index.xml).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21702.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21702.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21702", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01184", "scoring_system": "epss", "scoring_elements": "0.78867", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01184", "scoring_system": "epss", "scoring_elements": "0.78889", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01184", "scoring_system": "epss", "scoring_elements": "0.78831", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01184", "scoring_system": "epss", "scoring_elements": "0.78825", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01184", "scoring_system": "epss", "scoring_elements": "0.78797", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01184", "scoring_system": "epss", "scoring_elements": "0.78848", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01244", "scoring_system": "epss", "scoring_elements": "0.79277", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01244", "scoring_system": "epss", "scoring_elements": "0.79301", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01244", "scoring_system": "epss", "scoring_elements": "0.79305", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01244", "scoring_system": "epss", "scoring_elements": "0.79289", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01244", "scoring_system": "epss", "scoring_elements": "0.79304", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01244", "scoring_system": "epss", "scoring_elements": "0.79262", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01244", "scoring_system": "epss", "scoring_elements": "0.79239", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01244", "scoring_system": "epss", "scoring_elements": "0.7928", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01244", "scoring_system": "epss", "scoring_elements": "0.79273", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01244", "scoring_system": "epss", "scoring_elements": "0.79247", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21702" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/grafana/grafana", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/grafana/grafana" }, { "reference_url": "https://github.com/grafana/grafana/commit/27726868b3d7c613844b55cd209ca93645c99b85", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:44Z/" } ], "url": "https://github.com/grafana/grafana/commit/27726868b3d7c613844b55cd209ca93645c99b85" }, { "reference_url": "https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:44Z/" } ], "url": "https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g" }, { "reference_url": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21702", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21702" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220303-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220303-0005" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050648", "reference_id": "2050648", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050648" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/", "reference_id": "2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:44Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/", "reference_id": "36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:44Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/" }, { "reference_url": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", "reference_id": "grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:44Z/" } ], "url": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/", "reference_id": "HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:44Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220303-0005/", "reference_id": "ntap-20220303-0005", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:49:44Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220303-0005/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7519", "reference_id": "RHSA-2022:7519", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7519" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8057", "reference_id": "RHSA-2022:8057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8057" } ], "fixed_packages": [], "aliases": [ "CVE-2022-21702", "GHSA-xc3p-28hw-q24g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-29pd-1pjc-kuds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36650?format=api", "vulnerability_id": "VCID-498g-zap2-vqag", "summary": "Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30635.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30635.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30635", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26617", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26447", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26662", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26516", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26565", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26571", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26526", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26468", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26475", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26445", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26407", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29798", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29685", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29623", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29484", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29546", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30635" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", "reference_id": "2107388", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388" }, { "reference_url": "https://go.dev/cl/417064", "reference_id": "417064", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-06T17:44:14Z/" } ], "url": "https://go.dev/cl/417064" }, { "reference_url": "https://go.dev/issue/53615", "reference_id": "53615", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-06T17:44:14Z/" } ], "url": "https://go.dev/issue/53615" }, { "reference_url": "https://go.googlesource.com/go/+/6fa37e98ea4382bf881428ee0c150ce591500eb7", "reference_id": "6fa37e98ea4382bf881428ee0c150ce591500eb7", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-06T17:44:14Z/" } ], "url": "https://go.googlesource.com/go/+/6fa37e98ea4382bf881428ee0c150ce591500eb7" }, { "reference_url": "https://security.gentoo.org/glsa/202208-02", "reference_id": "GLSA-202208-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-02" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2022-0526", "reference_id": "GO-2022-0526", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-06T17:44:14Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2022-0526" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "reference_id": "nqrv9fbR0zE", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-06T17:44:14Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5775", "reference_id": "RHSA-2022:5775", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5799", "reference_id": "RHSA-2022:5799", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5866", "reference_id": "RHSA-2022:5866", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6040", "reference_id": "RHSA-2022:6040", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6042", "reference_id": "RHSA-2022:6042", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6152", "reference_id": "RHSA-2022:6152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6283", "reference_id": "RHSA-2022:6283", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6283" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7129", "reference_id": "RHSA-2022:7129", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7129" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7519", "reference_id": "RHSA-2022:7519", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7519" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7648", "reference_id": "RHSA-2022:7648", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7648" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8057", "reference_id": "RHSA-2022:8057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8057" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8250", "reference_id": "RHSA-2022:8250", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8250" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8634", "reference_id": "RHSA-2022:8634", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8634" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:9047", "reference_id": "RHSA-2022:9047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:9047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0407", "reference_id": "RHSA-2023:0407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0407" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0408", "reference_id": "RHSA-2023:0408", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0408" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1042", "reference_id": "RHSA-2023:1042", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1275", "reference_id": "RHSA-2023:1275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2357", "reference_id": "RHSA-2023:2357", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2357" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2758", "reference_id": "RHSA-2023:2758", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2758" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2802", "reference_id": "RHSA-2023:2802", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2802" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3642", "reference_id": "RHSA-2023:3642", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3642" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3742", "reference_id": "RHSA-2023:3742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3742" }, { "reference_url": "https://usn.ubuntu.com/6038-1/", "reference_id": "USN-6038-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6038-1/" }, { "reference_url": "https://usn.ubuntu.com/6038-2/", "reference_id": "USN-6038-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6038-2/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-30635" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-498g-zap2-vqag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36642?format=api", "vulnerability_id": "VCID-5c67-zpsw-cyb2", "summary": "Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28131.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28131.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28131", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03218", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03227", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03234", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.0324", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03261", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03191", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.0317", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03143", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03153", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03273", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03267", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03265", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03305", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03255", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03278", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28131" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", "reference_id": "2107390", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390" }, { "reference_url": "https://security.gentoo.org/glsa/202208-02", "reference_id": "GLSA-202208-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5775", "reference_id": "RHSA-2022:5775", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5799", "reference_id": "RHSA-2022:5799", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5866", "reference_id": "RHSA-2022:5866", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6040", "reference_id": "RHSA-2022:6040", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6042", "reference_id": "RHSA-2022:6042", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6113", "reference_id": "RHSA-2022:6113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6152", "reference_id": "RHSA-2022:6152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6188", "reference_id": "RHSA-2022:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6283", "reference_id": "RHSA-2022:6283", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6283" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7519", "reference_id": "RHSA-2022:7519", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7519" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7529", "reference_id": "RHSA-2022:7529", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8057", "reference_id": "RHSA-2022:8057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8057" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:9047", "reference_id": "RHSA-2022:9047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:9047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0407", "reference_id": "RHSA-2023:0407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0407" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0408", "reference_id": "RHSA-2023:0408", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0408" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1042", "reference_id": "RHSA-2023:1042", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2758", "reference_id": "RHSA-2023:2758", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2758" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2802", "reference_id": "RHSA-2023:2802", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2802" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3642", "reference_id": "RHSA-2023:3642", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3642" }, { "reference_url": "https://usn.ubuntu.com/6038-1/", "reference_id": "USN-6038-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6038-1/" }, { "reference_url": "https://usn.ubuntu.com/6038-2/", "reference_id": "USN-6038-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6038-2/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-28131" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5c67-zpsw-cyb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36646?format=api", "vulnerability_id": "VCID-6189-d1tw-bfcp", "summary": "Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30630.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30630.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30630", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11554", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11371", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11609", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11398", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11482", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11541", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11551", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11517", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11486", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11347", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11471", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11307", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11237", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13886", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13913", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30630" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", "reference_id": "2107371", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371" }, { "reference_url": "https://go.dev/cl/417065", "reference_id": "417065", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T20:38:26Z/" } ], "url": "https://go.dev/cl/417065" }, { "reference_url": "https://go.dev/issue/53415", "reference_id": "53415", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T20:38:26Z/" } ], "url": "https://go.dev/issue/53415" }, { "reference_url": "https://go.googlesource.com/go/+/fa2d41d0ca736f3ad6b200b2a4e134364e9acc59", "reference_id": "fa2d41d0ca736f3ad6b200b2a4e134364e9acc59", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T20:38:26Z/" } ], "url": "https://go.googlesource.com/go/+/fa2d41d0ca736f3ad6b200b2a4e134364e9acc59" }, { "reference_url": "https://security.gentoo.org/glsa/202208-02", "reference_id": "GLSA-202208-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-02" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2022-0527", "reference_id": "GO-2022-0527", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T20:38:26Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2022-0527" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "reference_id": "nqrv9fbR0zE", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T20:38:26Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5775", "reference_id": "RHSA-2022:5775", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5799", "reference_id": "RHSA-2022:5799", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5866", "reference_id": "RHSA-2022:5866", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6040", "reference_id": "RHSA-2022:6040", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6042", "reference_id": "RHSA-2022:6042", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6113", "reference_id": "RHSA-2022:6113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6152", "reference_id": "RHSA-2022:6152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6188", "reference_id": "RHSA-2022:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6283", "reference_id": "RHSA-2022:6283", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6283" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6430", "reference_id": "RHSA-2022:6430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7129", "reference_id": "RHSA-2022:7129", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7129" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7519", "reference_id": "RHSA-2022:7519", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7519" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7529", "reference_id": "RHSA-2022:7529", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7648", "reference_id": "RHSA-2022:7648", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7648" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8057", "reference_id": "RHSA-2022:8057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8057" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8098", "reference_id": "RHSA-2022:8098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8250", "reference_id": "RHSA-2022:8250", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8250" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:9047", "reference_id": "RHSA-2022:9047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:9047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0407", "reference_id": "RHSA-2023:0407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0407" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0408", "reference_id": "RHSA-2023:0408", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0408" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1042", "reference_id": "RHSA-2023:1042", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1275", "reference_id": "RHSA-2023:1275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1529", "reference_id": "RHSA-2023:1529", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2357", "reference_id": "RHSA-2023:2357", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2357" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2758", "reference_id": "RHSA-2023:2758", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2758" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2802", "reference_id": "RHSA-2023:2802", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2802" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3642", "reference_id": "RHSA-2023:3642", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3642" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2180", "reference_id": "RHSA-2024:2180", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2180" }, { "reference_url": "https://usn.ubuntu.com/6038-1/", "reference_id": "USN-6038-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6038-1/" }, { "reference_url": "https://usn.ubuntu.com/6038-2/", "reference_id": "USN-6038-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6038-2/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-30630" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6189-d1tw-bfcp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36651?format=api", "vulnerability_id": "VCID-81aw-mk9s-eydd", "summary": "Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32148.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32148.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32148", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17672", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17267", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17589", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17605", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17558", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17505", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17449", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17458", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17496", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17406", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17382", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17314", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17177", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17718", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17438", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.1753", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32148" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", "reference_id": "2107383", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383" }, { "reference_url": "https://go.dev/cl/412857", "reference_id": "412857", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T08:15:49Z/" } ], "url": "https://go.dev/cl/412857" }, { "reference_url": "https://go.dev/issue/53423", "reference_id": "53423", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T08:15:49Z/" } ], "url": "https://go.dev/issue/53423" }, { "reference_url": "https://go.googlesource.com/go/+/b2cc0fecc2ccd80e6d5d16542cc684f97b3a9c8a", "reference_id": "b2cc0fecc2ccd80e6d5d16542cc684f97b3a9c8a", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T08:15:49Z/" } ], "url": "https://go.googlesource.com/go/+/b2cc0fecc2ccd80e6d5d16542cc684f97b3a9c8a" }, { "reference_url": "https://security.gentoo.org/glsa/202208-02", "reference_id": "GLSA-202208-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-02" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2022-0520", "reference_id": "GO-2022-0520", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T08:15:49Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2022-0520" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "reference_id": "nqrv9fbR0zE", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-23T08:15:49Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5775", "reference_id": "RHSA-2022:5775", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5799", "reference_id": "RHSA-2022:5799", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5866", "reference_id": "RHSA-2022:5866", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6040", "reference_id": "RHSA-2022:6040", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6042", "reference_id": "RHSA-2022:6042", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6113", "reference_id": "RHSA-2022:6113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6152", "reference_id": "RHSA-2022:6152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6183", "reference_id": "RHSA-2022:6183", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6183" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6188", "reference_id": "RHSA-2022:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6283", "reference_id": "RHSA-2022:6283", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6283" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6344", "reference_id": "RHSA-2022:6344", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6344" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6430", "reference_id": "RHSA-2022:6430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7129", "reference_id": "RHSA-2022:7129", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7129" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7398", "reference_id": "RHSA-2022:7398", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7398" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7399", "reference_id": "RHSA-2022:7399", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7399" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7519", "reference_id": "RHSA-2022:7519", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7519" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7529", "reference_id": "RHSA-2022:7529", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7648", "reference_id": "RHSA-2022:7648", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7648" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8057", "reference_id": "RHSA-2022:8057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8057" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8250", "reference_id": "RHSA-2022:8250", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8250" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8626", "reference_id": "RHSA-2022:8626", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8626" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:9047", "reference_id": "RHSA-2022:9047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:9047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0407", "reference_id": "RHSA-2023:0407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0407" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0408", "reference_id": "RHSA-2023:0408", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0408" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1042", "reference_id": "RHSA-2023:1042", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1275", "reference_id": "RHSA-2023:1275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2357", "reference_id": "RHSA-2023:2357", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2357" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2758", "reference_id": "RHSA-2023:2758", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2758" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2802", "reference_id": "RHSA-2023:2802", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2802" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3642", "reference_id": "RHSA-2023:3642", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3642" }, { "reference_url": "https://usn.ubuntu.com/6038-1/", "reference_id": "USN-6038-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6038-1/" }, { "reference_url": "https://usn.ubuntu.com/6038-2/", "reference_id": "USN-6038-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6038-2/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-32148" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-81aw-mk9s-eydd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36649?format=api", "vulnerability_id": "VCID-86mk-kwg6-63h6", "summary": "Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30633.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30633.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30633", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26617", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.2622", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26565", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26571", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26526", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26468", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26475", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26445", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26407", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26342", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26335", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26284", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26154", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26662", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26447", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26516", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", "reference_id": "2107392", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392" }, { "reference_url": "https://go.dev/cl/417061", "reference_id": "417061", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-09T16:53:05Z/" } ], "url": "https://go.dev/cl/417061" }, { "reference_url": "https://go.dev/issue/53611", "reference_id": "53611", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-09T16:53:05Z/" } ], "url": "https://go.dev/issue/53611" }, { "reference_url": "https://go.googlesource.com/go/+/c4c1993fd2a5b26fe45c09592af6d3388a3b2e08", "reference_id": "c4c1993fd2a5b26fe45c09592af6d3388a3b2e08", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-09T16:53:05Z/" } ], "url": "https://go.googlesource.com/go/+/c4c1993fd2a5b26fe45c09592af6d3388a3b2e08" }, { "reference_url": "https://security.gentoo.org/glsa/202208-02", "reference_id": "GLSA-202208-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-02" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2022-0523", "reference_id": "GO-2022-0523", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-09T16:53:05Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2022-0523" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "reference_id": "nqrv9fbR0zE", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-09T16:53:05Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5775", "reference_id": "RHSA-2022:5775", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5799", "reference_id": "RHSA-2022:5799", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5866", "reference_id": "RHSA-2022:5866", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6040", "reference_id": "RHSA-2022:6040", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6042", "reference_id": "RHSA-2022:6042", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6113", "reference_id": "RHSA-2022:6113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6152", "reference_id": "RHSA-2022:6152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6188", "reference_id": "RHSA-2022:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6283", "reference_id": "RHSA-2022:6283", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6283" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7519", "reference_id": "RHSA-2022:7519", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7519" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7529", "reference_id": "RHSA-2022:7529", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8057", "reference_id": "RHSA-2022:8057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8057" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:9047", "reference_id": "RHSA-2022:9047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:9047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0407", "reference_id": "RHSA-2023:0407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0407" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0408", "reference_id": "RHSA-2023:0408", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0408" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1042", "reference_id": "RHSA-2023:1042", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2758", "reference_id": "RHSA-2023:2758", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2758" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2802", "reference_id": "RHSA-2023:2802", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2802" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3642", "reference_id": "RHSA-2023:3642", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3642" }, { "reference_url": "https://usn.ubuntu.com/6038-1/", "reference_id": "USN-6038-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6038-1/" }, { "reference_url": "https://usn.ubuntu.com/6038-2/", "reference_id": "USN-6038-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6038-2/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-30633" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-86mk-kwg6-63h6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79263?format=api", "vulnerability_id": "VCID-as38-uuy9-5qhu", "summary": "golang: go/parser: stack exhaustion in all Parse* functions", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1962.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1962.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1962", "reference_id": "", "reference_type": "", "scores": [ { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00217", "published_at": "2026-04-08T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00219", "published_at": "2026-04-11T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00226", "published_at": "2026-05-07T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.0022", "published_at": "2026-04-04T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00218", "published_at": "2026-04-13T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00216", "published_at": "2026-04-09T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00221", "published_at": "2026-04-18T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00228", "published_at": "2026-04-26T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00229", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1962" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", "reference_id": "2107376", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376" }, { "reference_url": "https://go.dev/cl/417063", "reference_id": "417063", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T19:32:02Z/" } ], "url": "https://go.dev/cl/417063" }, { "reference_url": "https://go.dev/issue/53616", "reference_id": "53616", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T19:32:02Z/" } ], "url": "https://go.dev/issue/53616" }, { "reference_url": "https://go.googlesource.com/go/+/695be961d57508da5a82217f7415200a11845879", "reference_id": "695be961d57508da5a82217f7415200a11845879", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T19:32:02Z/" } ], "url": "https://go.googlesource.com/go/+/695be961d57508da5a82217f7415200a11845879" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2022-0515", "reference_id": "GO-2022-0515", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T19:32:02Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2022-0515" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "reference_id": "nqrv9fbR0zE", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T19:32:02Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5775", "reference_id": "RHSA-2022:5775", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5799", "reference_id": "RHSA-2022:5799", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5866", "reference_id": "RHSA-2022:5866", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6040", "reference_id": "RHSA-2022:6040", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6042", "reference_id": "RHSA-2022:6042", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6113", "reference_id": "RHSA-2022:6113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6152", "reference_id": "RHSA-2022:6152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6188", "reference_id": "RHSA-2022:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6283", "reference_id": "RHSA-2022:6283", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6283" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6430", "reference_id": "RHSA-2022:6430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7519", "reference_id": "RHSA-2022:7519", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7519" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7529", "reference_id": "RHSA-2022:7529", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8057", "reference_id": "RHSA-2022:8057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8057" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:9047", "reference_id": "RHSA-2022:9047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:9047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0407", "reference_id": "RHSA-2023:0407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0407" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0408", "reference_id": "RHSA-2023:0408", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0408" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1042", "reference_id": "RHSA-2023:1042", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2758", "reference_id": "RHSA-2023:2758", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2758" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2802", "reference_id": "RHSA-2023:2802", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2802" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0778", "reference_id": "RHSA-2024:0778", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0778" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1027", "reference_id": "RHSA-2024:1027", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1027" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1433", "reference_id": "RHSA-2024:1433", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1433" }, { "reference_url": "https://usn.ubuntu.com/6038-1/", "reference_id": "USN-6038-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6038-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-1962" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-as38-uuy9-5qhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53045?format=api", "vulnerability_id": "VCID-f5qg-jth9-hycf", "summary": "Uncontrolled Resource Consumption in promhttp\nThis is the Go client library for Prometheus. It has two separate parts, one for instrumenting application code, and one for creating clients that talk to the Prometheus HTTP API. client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients.\n\n### Impact\n\nHTTP server susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods.\n\n### Affected Configuration\n\nIn order to be affected, an instrumented software must\n\n* Use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`.\n* Do not filter any specific methods (e.g GET) before middleware.\n* Pass metric with `method` label name to our middleware.\n* Not have any firewall/LB/proxy that filters away requests with unknown `method`.\n\n### Patches\n\n* https://github.com/prometheus/client_golang/pull/962\n* https://github.com/prometheus/client_golang/pull/987\n\n### Workarounds\n\nIf you cannot upgrade to [v1.11.1 or above](https://github.com/prometheus/client_golang/releases/tag/v1.11.1), in order to stop being affected you can:\n\n* Remove `method` label name from counter/gauge you use in the InstrumentHandler.\n* Turn off affected promhttp handlers.\n* Add custom middleware before promhttp handler that will sanitize the request method given by Go http.Request.\n* Use a reverse proxy or web application firewall, configured to only allow a limited set of methods.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in https://github.com/prometheus/client_golang\n* Email us at `prometheus-team@googlegroups.com`", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21698.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21698.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21698", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.46627", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.46691", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51294", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51291", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51266", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51255", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51325", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51346", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51302", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51306", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51251", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51287", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.5134", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.5136", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51352", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51312", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21698" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21698", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21698" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/prometheus/client_golang", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/prometheus/client_golang" }, { "reference_url": "https://github.com/prometheus/client_golang/pull/962", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/" } ], "url": "https://github.com/prometheus/client_golang/pull/962" }, { "reference_url": "https://github.com/prometheus/client_golang/pull/987", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/" } ], "url": "https://github.com/prometheus/client_golang/pull/987" }, { "reference_url": "https://github.com/prometheus/client_golang/releases/tag/v1.11.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/" } ], "url": "https://github.com/prometheus/client_golang/releases/tag/v1.11.1" }, { "reference_url": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/" } ], "url": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IK53GWZ475OQ6ENABKMJMTOBZG6LXUR", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IK53GWZ475OQ6ENABKMJMTOBZG6LXUR" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3L6GDN5S5QZSCFKWD3GKL2RDZQ6B4UWA", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3L6GDN5S5QZSCFKWD3GKL2RDZQ6B4UWA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KDETHL5XCT6RZN2BBNOCEXRZ2W3SFU3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KDETHL5XCT6RZN2BBNOCEXRZ2W3SFU3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5OGNAFVXSMTTT2UPH6CS3IH6L3KM42Q7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5OGNAFVXSMTTT2UPH6CS3IH6L3KM42Q7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V7I72LSQ3IET3QJR6QPAVGJZ4CBDLN5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V7I72LSQ3IET3QJR6QPAVGJZ4CBDLN5" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AK7CJBCGERCRXYUR2EWDSSDVAQMTAZGX", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AK7CJBCGERCRXYUR2EWDSSDVAQMTAZGX" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FY3N7H6VSDZM37B4SKM2PFFCUWU7QYWN", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FY3N7H6VSDZM37B4SKM2PFFCUWU7QYWN" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KBMVIQFKQDSSTHVVJWJ4QH6TW3JVB7XZ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KBMVIQFKQDSSTHVVJWJ4QH6TW3JVB7XZ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MH6ALXEQXIFQRQFNJ5Y2MJ5DFPIX76VN", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MH6ALXEQXIFQRQFNJ5Y2MJ5DFPIX76VN" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RN7JGC2LVHPEGSJYODFUV5FEKPBVG4D7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RN7JGC2LVHPEGSJYODFUV5FEKPBVG4D7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SASRKYHT5ZFSVMJUQUG3UAEQRJYGJKAR", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SASRKYHT5ZFSVMJUQUG3UAEQRJYGJKAR" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKORFJTRRDJCWBTJPISKKCVMMMJBIRLG", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKORFJTRRDJCWBTJPISKKCVMMMJBIRLG" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2022-0322", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pkg.go.dev/vuln/GO-2022-0322" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008008", "reference_id": "1008008", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008008" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880", "reference_id": "2045880", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IK53GWZ475OQ6ENABKMJMTOBZG6LXUR/", "reference_id": "2IK53GWZ475OQ6ENABKMJMTOBZG6LXUR", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IK53GWZ475OQ6ENABKMJMTOBZG6LXUR/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/", "reference_id": "2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/", "reference_id": "36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3L6GDN5S5QZSCFKWD3GKL2RDZQ6B4UWA/", "reference_id": "3L6GDN5S5QZSCFKWD3GKL2RDZQ6B4UWA", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3L6GDN5S5QZSCFKWD3GKL2RDZQ6B4UWA/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KDETHL5XCT6RZN2BBNOCEXRZ2W3SFU3/", "reference_id": "4KDETHL5XCT6RZN2BBNOCEXRZ2W3SFU3", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KDETHL5XCT6RZN2BBNOCEXRZ2W3SFU3/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OGNAFVXSMTTT2UPH6CS3IH6L3KM42Q7/", "reference_id": "5OGNAFVXSMTTT2UPH6CS3IH6L3KM42Q7", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OGNAFVXSMTTT2UPH6CS3IH6L3KM42Q7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7V7I72LSQ3IET3QJR6QPAVGJZ4CBDLN5/", "reference_id": "7V7I72LSQ3IET3QJR6QPAVGJZ4CBDLN5", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7V7I72LSQ3IET3QJR6QPAVGJZ4CBDLN5/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AK7CJBCGERCRXYUR2EWDSSDVAQMTAZGX/", "reference_id": "AK7CJBCGERCRXYUR2EWDSSDVAQMTAZGX", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AK7CJBCGERCRXYUR2EWDSSDVAQMTAZGX/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/", "reference_id": "DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FY3N7H6VSDZM37B4SKM2PFFCUWU7QYWN/", "reference_id": "FY3N7H6VSDZM37B4SKM2PFFCUWU7QYWN", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FY3N7H6VSDZM37B4SKM2PFFCUWU7QYWN/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/", "reference_id": "HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/", "reference_id": "J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KBMVIQFKQDSSTHVVJWJ4QH6TW3JVB7XZ/", "reference_id": "KBMVIQFKQDSSTHVVJWJ4QH6TW3JVB7XZ", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KBMVIQFKQDSSTHVVJWJ4QH6TW3JVB7XZ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MH6ALXEQXIFQRQFNJ5Y2MJ5DFPIX76VN/", "reference_id": "MH6ALXEQXIFQRQFNJ5Y2MJ5DFPIX76VN", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MH6ALXEQXIFQRQFNJ5Y2MJ5DFPIX76VN/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1356", "reference_id": "RHSA-2022:1356", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1356" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1461", "reference_id": "RHSA-2022:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1762", "reference_id": "RHSA-2022:1762", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1762" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:2216", "reference_id": "RHSA-2022:2216", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:2216" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:2217", "reference_id": "RHSA-2022:2217", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:2217" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:2218", "reference_id": "RHSA-2022:2218", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:2218" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:2280", "reference_id": "RHSA-2022:2280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:2280" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4667", "reference_id": "RHSA-2022:4667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5026", "reference_id": "RHSA-2022:5026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5026" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5068", "reference_id": "RHSA-2022:5068", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5068" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5069", "reference_id": "RHSA-2022:5069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5070", "reference_id": "RHSA-2022:5070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6040", "reference_id": "RHSA-2022:6040", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6042", "reference_id": "RHSA-2022:6042", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6051", "reference_id": "RHSA-2022:6051", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6051" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6061", "reference_id": "RHSA-2022:6061", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6061" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6066", "reference_id": "RHSA-2022:6066", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6066" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6156", "reference_id": "RHSA-2022:6156", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6156" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6290", "reference_id": "RHSA-2022:6290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6430", "reference_id": "RHSA-2022:6430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6537", "reference_id": "RHSA-2022:6537", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6537" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7261", "reference_id": "RHSA-2022:7261", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7261" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7399", "reference_id": "RHSA-2022:7399", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7399" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7519", "reference_id": "RHSA-2022:7519", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7519" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7529", "reference_id": "RHSA-2022:7529", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8057", "reference_id": "RHSA-2022:8057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8057" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:9096", "reference_id": "RHSA-2022:9096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:9096" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0566", "reference_id": "RHSA-2023:0566", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0566" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0652", "reference_id": "RHSA-2023:0652", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0652" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1158", "reference_id": "RHSA-2023:1158", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1158" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1326", "reference_id": "RHSA-2023:1326", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1326" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2014", "reference_id": "RHSA-2023:2014", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2014" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5314", "reference_id": "RHSA-2023:5314", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5314" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0564", "reference_id": "RHSA-2024:0564", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0564" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2944", "reference_id": "RHSA-2024:2944", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2944" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4631", "reference_id": "RHSA-2024:4631", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4631" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RN7JGC2LVHPEGSJYODFUV5FEKPBVG4D7/", "reference_id": "RN7JGC2LVHPEGSJYODFUV5FEKPBVG4D7", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RN7JGC2LVHPEGSJYODFUV5FEKPBVG4D7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SASRKYHT5ZFSVMJUQUG3UAEQRJYGJKAR/", "reference_id": "SASRKYHT5ZFSVMJUQUG3UAEQRJYGJKAR", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SASRKYHT5ZFSVMJUQUG3UAEQRJYGJKAR/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKORFJTRRDJCWBTJPISKKCVMMMJBIRLG/", "reference_id": "ZKORFJTRRDJCWBTJPISKKCVMMMJBIRLG", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKORFJTRRDJCWBTJPISKKCVMMMJBIRLG/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/", "reference_id": "ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-21698", "GHSA-cg3q-j54f-5p7p" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f5qg-jth9-hycf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15681?format=api", "vulnerability_id": "VCID-g45u-nf13-euee", "summary": "Grafana Cross Site Request Forgery (CSRF)\nToday we are releasing Grafana 8.3.5 and 7.5.15. This patch release includes MEDIUM severity security fix for Cross Site Request Forgery for Grafana.\n\nRelease v.8.3.5, only containing security fixes:\n\n- [Download Grafana 8.3.5](https://grafana.com/grafana/download/8.3.5)\n- [Release notes](https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-3-5/)\n\nRelease v.7.5.15, only containing security fixes:\n\n- [Download Grafana 7.5.15](https://grafana.com/grafana/download/7.5.15)\n- [Release notes](https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-5-15/)\n\n## CSRF ([CVE-2022-21703](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21703))\n\n### Summary\nOn Jan. 18, security researchers [jub0bs](https://twitter.com/jub0bs) and [abrahack](https://twitter.com/theabrahack) contacted Grafana to disclose a CSRF vulnerability which allows anonymous attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). \n\nWe believe that this vulnerability is rated at CVSS 6.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N). \n\n### Impact\nAn attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. \n\n### Affected versions with MEDIUM severity \nAll Grafana >=3.0-beta1 versions are affected by this vulnerability.\n\n### Solutions and mitigations\n\nAll installations after Grafana v3.0-beta1 should be upgraded as soon as possible.\n\nNote that if you are running Grafana behind any reverse proxy, you need to make sure that you are passing the original Host and Origin headers from the client request to Grafana.\n\nIn the case of Apache Server, you need to add `ProxyPreserveHost on` in your proxy [configuration](https://httpd.apache.org/docs/2.4/mod/mod_proxy.html). In case of NGINX, you can need to add `proxy_set_header Host $http_host;` in your [configuration](http://nginx.org/en/docs/http/ngx_http_proxy_module.html).\n\nAppropriate patches have been applied to [Grafana Cloud](https://grafana.com/cloud) and as always, we closely coordinated with all cloud providers licensed to offer Grafana Pro. They have received early notification under embargo and confirmed that their offerings are secure at the time of this announcement. This is applicable to Amazon Managed Grafana.\n\n### Timeline and postmortem\n\nHere is a detailed timeline starting from when we originally learned of the issue. All times in UTC.\n- 2022-01-18 03:00 Issue submitted by external researchers\n- 2022-01-18 17:25 Vulnerability confirmed reproducible \n- 2022-01-19 07:40 CVSS score confirmed 6.8 at maximum and MEDIUM impact\n- 2022-01-19 07:40 Begin mitigation for Grafana Cloud\n- 2022-01-19 17:00 CVE requested \n- 2022-01-19 19:50 GitHub issues CVE-2022-21703\n- 2022-01-21 10:50 PR with fix opened\n- 2022-01-21 14:13 Private release planned for 2022-01-25, and public release planned for 2022-02-01.\n- 2022-01-25 12:00 Private release\n- 2022-02-01 12:00 During the public release process, we realized that private 7.x release was incomplete. Abort public release, send second private release to customers using 7.x\n- 2022-02-08 12:00 Public release\n\n### Acknowledgement\n\nWe would like to thank [jub0bs](https://twitter.com/jub0bs) and [abrahack](https://twitter.com/theabrahack) for responsibly disclosing the vulnerability.\n\n### Reporting security issues\n\nIf you think you have found a security vulnerability, please send a report to security@grafana.com. This address can be used for all of Grafana Labs' open source and commercial products (including, but not limited to Grafana, Grafana Cloud, Grafana Enterprise, and grafana.com) We can accept only vulnerability reports at this address. We would prefer that you encrypt your message to us by using our PGP key. The key fingerprint is\n\nF988 7BEA 027A 049F AE8E 5CAA D125 8932 BE24 C5CA\n\nThe key is available from keyserver.ubuntu.com.\n\n### Security announcements\n\nWe maintain a [security category](https://community.grafana.com/c/support/security-announcements) on our blog, where we will always post a summary, remediation, and mitigation details for any patch containing security fixes.\n\nYou can also subscribe to our [RSS feed](https://grafana.com/tags/security/index.xml).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21703.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21703.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21703", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01422", "scoring_system": "epss", "scoring_elements": "0.80637", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01422", "scoring_system": "epss", "scoring_elements": "0.80681", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01422", "scoring_system": "epss", "scoring_elements": "0.80665", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01422", "scoring_system": "epss", "scoring_elements": "0.80662", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01869", "scoring_system": "epss", "scoring_elements": "0.83103", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01869", "scoring_system": "epss", "scoring_elements": "0.83087", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01869", "scoring_system": "epss", "scoring_elements": "0.8308", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01869", "scoring_system": "epss", "scoring_elements": "0.83055", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01869", "scoring_system": "epss", "scoring_elements": "0.83057", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01869", "scoring_system": "epss", "scoring_elements": "0.83044", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01869", "scoring_system": "epss", "scoring_elements": "0.83092", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01869", "scoring_system": "epss", "scoring_elements": "0.83216", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01869", "scoring_system": "epss", "scoring_elements": "0.83195", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01869", "scoring_system": "epss", "scoring_elements": "0.83131", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01869", "scoring_system": "epss", "scoring_elements": "0.83097", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21703" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/grafana/grafana/pull/45083", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:04Z/" } ], "url": "https://github.com/grafana/grafana/pull/45083" }, { "reference_url": "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:04Z/" } ], "url": "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w" }, { "reference_url": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21703", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21703" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220303-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220303-0005" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050742", "reference_id": "2050742", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050742" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/", "reference_id": "2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:04Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/", "reference_id": "36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:04Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/" }, { "reference_url": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", "reference_id": "grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:04Z/" } ], "url": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/", "reference_id": "HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:04Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220303-0005/", "reference_id": "ntap-20220303-0005", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:04Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220303-0005/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7519", "reference_id": "RHSA-2022:7519", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7519" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8057", "reference_id": "RHSA-2022:8057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8057" } ], "fixed_packages": [], "aliases": [ "CVE-2022-21703", "GHSA-cmf4-h3xc-jw8w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g45u-nf13-euee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36648?format=api", "vulnerability_id": "VCID-g8y7-jdy7-afdh", "summary": "Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30632.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30632.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30632", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26617", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26662", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26447", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26516", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26565", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26571", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26526", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26468", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26475", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26445", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26407", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.2622", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26284", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26154", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29798", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29685", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30632" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", "reference_id": "2107386", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386" }, { "reference_url": "https://security.gentoo.org/glsa/202208-02", "reference_id": "GLSA-202208-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5775", "reference_id": "RHSA-2022:5775", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5799", "reference_id": "RHSA-2022:5799", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5866", "reference_id": "RHSA-2022:5866", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6040", "reference_id": "RHSA-2022:6040", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6042", "reference_id": "RHSA-2022:6042", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6113", "reference_id": "RHSA-2022:6113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6152", "reference_id": "RHSA-2022:6152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6188", "reference_id": "RHSA-2022:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6283", "reference_id": "RHSA-2022:6283", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6283" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7058", "reference_id": "RHSA-2022:7058", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7058" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7129", "reference_id": "RHSA-2022:7129", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7129" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7519", "reference_id": "RHSA-2022:7519", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7519" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7529", "reference_id": "RHSA-2022:7529", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7648", "reference_id": "RHSA-2022:7648", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7648" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8057", "reference_id": "RHSA-2022:8057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8057" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8098", "reference_id": "RHSA-2022:8098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8250", "reference_id": "RHSA-2022:8250", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8250" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8634", "reference_id": "RHSA-2022:8634", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8634" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:9047", "reference_id": "RHSA-2022:9047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:9047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0407", "reference_id": "RHSA-2023:0407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0407" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0408", "reference_id": "RHSA-2023:0408", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0408" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1042", "reference_id": "RHSA-2023:1042", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1275", "reference_id": "RHSA-2023:1275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1529", "reference_id": "RHSA-2023:1529", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2357", "reference_id": "RHSA-2023:2357", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2357" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2758", "reference_id": "RHSA-2023:2758", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2758" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2802", "reference_id": "RHSA-2023:2802", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2802" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3642", "reference_id": "RHSA-2023:3642", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3642" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2180", "reference_id": "RHSA-2024:2180", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2180" }, { "reference_url": "https://usn.ubuntu.com/6038-1/", "reference_id": "USN-6038-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6038-1/" }, { "reference_url": "https://usn.ubuntu.com/6038-2/", "reference_id": "USN-6038-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6038-2/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-30632" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g8y7-jdy7-afdh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19626?format=api", "vulnerability_id": "VCID-kgdc-2fzk-1uc6", "summary": "Grafana API IDOR\nToday we are releasing Grafana 8.3.5 and 7.5.14. This patch release includes MEDIUM severity security fix for Grafana Teams API IDOR.\n\nRelease v.8.3.5, only containing security fixes:\n\n- [Download Grafana 8.3.5](https://grafana.com/grafana/download/8.3.5)\n- [Release notes](https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-3-5/)\n\nRelease v.7.5.15, only containing security fixes:\n\n- [Download Grafana 7.5.15](https://grafana.com/grafana/download/7.5.15)\n- [Release notes](https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-5-15/)\n\n## Teams API IDOR([CVE-2022-21713](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21713))\n\nOn Jan. 18, an external security researcher, Kürşad ALSAN from [NSPECT.IO](https://www.nspect.io) ([@nspectio](https://twitter.com/nspectio) on Twitter), contacted Grafana to disclose an IDOR (Insecure Direct Object Reference) vulnerability on Grafana Teams APIs.\n\nWe believe that this vulnerability is rated at CVSS 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). \n\n### Impact\n\nThis vulnerability only impacts the following API endpoints:\n\n- `/teams/:teamId` - an authenticated attacker can view unintended data by querying for the specific team ID.\n- `/teams/:search` - an authenticated attacker can search for teams and see the total number of available teams, including for those teams that the user does not have access to.\n- `/teams/:teamId/members` - when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID.\n\n### Affected versions with MEDIUM severity \nAll Grafana >=5.0.0-beta1 versions are affected by this vulnerability.\n\n### Solutions and mitigations\n\nAll installations after Grafana v5.0.0-beta1 should be upgraded as soon as possible.\n\nAppropriate patches have been applied to [Grafana Cloud](https://grafana.com/cloud) and as always, we closely coordinated with all cloud providers licensed to offer Grafana Pro. They have received early notification under embargo and confirmed that their offerings are secure at the time of this announcement. This is applicable to Amazon Managed Grafana.\n\n### Timeline and postmortem\n\nHere is a detailed timeline starting from when we originally learned of the issue. All times in UTC.\n\n- 2022-01-18 05:000 Issue submitted by external researcher\n- 2022-01-21 17:45 Issue escalated and the vulnerability confirmed reproducible\n- 2022-01-24 13:37 CVE requested\n- 2022-01-24 14:40 Private release planned for 2022-01-25, and public release planned for 2022-02-01.\n- 2022-01-24 17:00 PR with fix opened\n- 2022-01-24 19:00 GitHub has issued CVE-2022-21713 \n- 2022-01-25 12:00 Private release\n- 2022-02-01 12:00 During public release process, we realized that private 7.x release was incomplete. Abort public release, send second private release to customers using 7.x\n- 2022-02-08 13:00 Public release\n\n### Acknowledgements\nWe would like to thank Kürşad ALSAN from [NSPECT.IO](https://www.nspect.io) ([@nspectio](https://twitter.com/nspectio) on Twitter) for responsibly disclosing the vulnerability.\n\n### Reporting security issues\n\nIf you think you have found a security vulnerability, please send a report to security@grafana.com. This address can be used for all of Grafana Labs' open source and commercial products (including, but not limited to Grafana, Grafana Cloud, Grafana Enterprise, and grafana.com) We can accept only vulnerability reports at this address. We would prefer that you encrypt your message to us by using our PGP key. The key fingerprint is\n\nF988 7BEA 027A 049F AE8E 5CAA D125 8932 BE24 C5CA\n\nThe key is available from keyserver.ubuntu.com.\n\n### Security announcements\n\nWe maintain a [security category](https://community.grafana.com/c/support/security-announcements) on our blog, where we will always post a summary, remediation, and mitigation details for any patch containing security fixes.\n\nYou can also subscribe to our [RSS feed](https://grafana.com/tags/security/index.xml).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21713.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21713.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21713", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.39836", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.39771", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.39899", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.3998", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.39994", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40168", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40244", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40275", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40228", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40248", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40264", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40263", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.4021", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40288", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40286", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40274", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21713" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/grafana/grafana", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/grafana/grafana" }, { "reference_url": "https://github.com/grafana/grafana/pull/45083", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:00Z/" } ], "url": "https://github.com/grafana/grafana/pull/45083" }, { "reference_url": "https://github.com/grafana/grafana/security/advisories/GHSA-63g3-9jq3-mccv", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:00Z/" } ], "url": "https://github.com/grafana/grafana/security/advisories/GHSA-63g3-9jq3-mccv" }, { "reference_url": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21713", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21713" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220303-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220303-0005" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050743", "reference_id": "2050743", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050743" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/", "reference_id": "2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:00Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/", "reference_id": "36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:00Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/" }, { "reference_url": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/", "reference_id": "grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:00Z/" } ], "url": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/", "reference_id": "HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:00Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220303-0005/", "reference_id": "ntap-20220303-0005", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:11:00Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220303-0005/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7519", "reference_id": "RHSA-2022:7519", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7519" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8057", "reference_id": "RHSA-2022:8057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8057" } ], "fixed_packages": [], "aliases": [ "CVE-2022-21713", "GHSA-63g3-9jq3-mccv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kgdc-2fzk-1uc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36635?format=api", "vulnerability_id": "VCID-ps89-8u5a-kfc8", "summary": "Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1705.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1705.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1705", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.11944", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16637", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.1681", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16652", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16737", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16791", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16771", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16727", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.1667", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16606", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16615", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16653", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16555", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16544", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16509", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16374", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16867", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1705" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", "reference_id": "2107374", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374" }, { "reference_url": "https://go.dev/cl/409874", "reference_id": "409874", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T20:38:47Z/" } ], "url": "https://go.dev/cl/409874" }, { "reference_url": "https://go.dev/cl/410714", "reference_id": "410714", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T20:38:47Z/" } ], "url": "https://go.dev/cl/410714" }, { "reference_url": "https://go.dev/issue/53188", "reference_id": "53188", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T20:38:47Z/" } ], "url": "https://go.dev/issue/53188" }, { "reference_url": "https://go.googlesource.com/go/+/e5017a93fcde94f09836200bca55324af037ee5f", "reference_id": "e5017a93fcde94f09836200bca55324af037ee5f", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T20:38:47Z/" } ], "url": "https://go.googlesource.com/go/+/e5017a93fcde94f09836200bca55324af037ee5f" }, { "reference_url": "https://security.gentoo.org/glsa/202208-02", "reference_id": "GLSA-202208-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-02" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2022-0525", "reference_id": "GO-2022-0525", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T20:38:47Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2022-0525" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "reference_id": "nqrv9fbR0zE", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T20:38:47Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5068", "reference_id": "RHSA-2022:5068", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5068" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5775", "reference_id": "RHSA-2022:5775", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5799", "reference_id": "RHSA-2022:5799", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5866", "reference_id": "RHSA-2022:5866", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6040", "reference_id": "RHSA-2022:6040", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6042", "reference_id": "RHSA-2022:6042", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6113", "reference_id": "RHSA-2022:6113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6152", "reference_id": "RHSA-2022:6152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6183", "reference_id": "RHSA-2022:6183", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6183" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6187", "reference_id": "RHSA-2022:6187", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6187" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6188", "reference_id": "RHSA-2022:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6283", "reference_id": "RHSA-2022:6283", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6283" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6344", "reference_id": "RHSA-2022:6344", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6344" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6430", "reference_id": "RHSA-2022:6430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7129", "reference_id": "RHSA-2022:7129", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7129" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7398", "reference_id": "RHSA-2022:7398", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7398" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7399", "reference_id": "RHSA-2022:7399", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7399" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7519", "reference_id": "RHSA-2022:7519", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7519" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7529", "reference_id": "RHSA-2022:7529", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7648", "reference_id": "RHSA-2022:7648", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7648" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8057", "reference_id": "RHSA-2022:8057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8057" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8098", "reference_id": "RHSA-2022:8098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8250", "reference_id": "RHSA-2022:8250", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8250" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8626", "reference_id": "RHSA-2022:8626", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8626" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:9047", "reference_id": "RHSA-2022:9047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:9047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0407", "reference_id": "RHSA-2023:0407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0407" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0408", "reference_id": "RHSA-2023:0408", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0408" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1042", "reference_id": "RHSA-2023:1042", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1275", "reference_id": "RHSA-2023:1275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1529", "reference_id": "RHSA-2023:1529", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2357", "reference_id": "RHSA-2023:2357", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2357" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2758", "reference_id": "RHSA-2023:2758", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2758" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2802", "reference_id": "RHSA-2023:2802", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2802" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3642", "reference_id": "RHSA-2023:3642", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3642" }, { "reference_url": "https://usn.ubuntu.com/6038-1/", "reference_id": "USN-6038-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6038-1/" }, { "reference_url": "https://usn.ubuntu.com/6038-2/", "reference_id": "USN-6038-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6038-2/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-1705" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ps89-8u5a-kfc8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79806?format=api", "vulnerability_id": "VCID-v8hn-wm59-kugt", "summary": "grafana: Forward OAuth Identity Token can allow users to access some data sources", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21673.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21673.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21673", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66828", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.6694", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66853", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66825", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66874", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66888", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66908", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66894", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66862", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66895", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66909", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66891", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66916", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66929", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66927", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66898", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21673" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044628", "reference_id": "2044628", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044628" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/", "reference_id": "2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:12:04Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/", "reference_id": "36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:12:04Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/" }, { "reference_url": "https://github.com/grafana/grafana/security/advisories/GHSA-8wjh-59cw-9xh4", "reference_id": "GHSA-8wjh-59cw-9xh4", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:12:04Z/" } ], "url": "https://github.com/grafana/grafana/security/advisories/GHSA-8wjh-59cw-9xh4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/", "reference_id": "HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:12:04Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220303-0004/", "reference_id": "ntap-20220303-0004", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:12:04Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220303-0004/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0056", "reference_id": "RHSA-2022:0056", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0056" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6024", "reference_id": "RHSA-2022:6024", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6024" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7519", "reference_id": "RHSA-2022:7519", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7519" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8057", "reference_id": "RHSA-2022:8057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8057" }, { "reference_url": "https://github.com/grafana/grafana/releases/tag/v7.5.13", "reference_id": "v7.5.13", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:12:04Z/" } ], "url": "https://github.com/grafana/grafana/releases/tag/v7.5.13" }, { "reference_url": "https://github.com/grafana/grafana/releases/tag/v8.3.4", "reference_id": "v8.3.4", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:12:04Z/" } ], "url": "https://github.com/grafana/grafana/releases/tag/v8.3.4" } ], "fixed_packages": [], "aliases": [ "CVE-2022-21673" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v8hn-wm59-kugt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36647?format=api", "vulnerability_id": "VCID-vxks-1bkp-6bd5", "summary": "Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30631.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30631.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30631", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12478", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12297", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12408", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12458", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12464", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12425", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12385", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12286", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12389", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.1239", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12357", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12246", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12161", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12521", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12328", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30631" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", "reference_id": "2107342", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342" }, { "reference_url": "https://go.dev/cl/417067", "reference_id": "417067", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-20T17:51:07Z/" } ], "url": "https://go.dev/cl/417067" }, { "reference_url": "https://go.dev/issue/53168", "reference_id": "53168", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-20T17:51:07Z/" } ], "url": "https://go.dev/issue/53168" }, { "reference_url": "https://go.googlesource.com/go/+/b2b8872c876201eac2d0707276c6999ff3eb185e", "reference_id": "b2b8872c876201eac2d0707276c6999ff3eb185e", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-20T17:51:07Z/" } ], "url": "https://go.googlesource.com/go/+/b2b8872c876201eac2d0707276c6999ff3eb185e" }, { "reference_url": "https://security.gentoo.org/glsa/202208-02", "reference_id": "GLSA-202208-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-02" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2022-0524", "reference_id": "GO-2022-0524", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-20T17:51:07Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2022-0524" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "reference_id": "nqrv9fbR0zE", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-20T17:51:07Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5775", "reference_id": "RHSA-2022:5775", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5799", "reference_id": "RHSA-2022:5799", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5866", "reference_id": "RHSA-2022:5866", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5875", "reference_id": "RHSA-2022:5875", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5875" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5879", "reference_id": "RHSA-2022:5879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5923", "reference_id": "RHSA-2022:5923", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5923" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5924", "reference_id": "RHSA-2022:5924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6040", "reference_id": "RHSA-2022:6040", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6042", "reference_id": "RHSA-2022:6042", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6051", "reference_id": "RHSA-2022:6051", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6051" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6053", "reference_id": "RHSA-2022:6053", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6053" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6061", "reference_id": "RHSA-2022:6061", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6061" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6062", "reference_id": "RHSA-2022:6062", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6062" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6065", "reference_id": "RHSA-2022:6065", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6065" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6066", "reference_id": "RHSA-2022:6066", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6066" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6103", "reference_id": "RHSA-2022:6103", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6103" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6113", "reference_id": "RHSA-2022:6113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6152", "reference_id": "RHSA-2022:6152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6182", "reference_id": "RHSA-2022:6182", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6182" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6183", "reference_id": "RHSA-2022:6183", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6183" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6184", "reference_id": "RHSA-2022:6184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6187", "reference_id": "RHSA-2022:6187", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6187" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6188", "reference_id": "RHSA-2022:6188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6262", "reference_id": "RHSA-2022:6262", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6262" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6290", "reference_id": "RHSA-2022:6290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6308", "reference_id": "RHSA-2022:6308", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6308" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6344", "reference_id": "RHSA-2022:6344", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6344" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6429", "reference_id": "RHSA-2022:6429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6430", "reference_id": "RHSA-2022:6430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6517", "reference_id": "RHSA-2022:6517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6560", "reference_id": "RHSA-2022:6560", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6560" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6714", "reference_id": "RHSA-2022:6714", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6714" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7398", "reference_id": "RHSA-2022:7398", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7398" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7519", "reference_id": "RHSA-2022:7519", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7519" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7529", "reference_id": "RHSA-2022:7529", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7648", "reference_id": "RHSA-2022:7648", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7648" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8057", "reference_id": "RHSA-2022:8057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8057" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8098", "reference_id": "RHSA-2022:8098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8250", "reference_id": "RHSA-2022:8250", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8250" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0407", "reference_id": "RHSA-2023:0407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0407" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0408", "reference_id": "RHSA-2023:0408", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0408" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0727", "reference_id": "RHSA-2023:0727", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0727" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1042", "reference_id": "RHSA-2023:1042", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1529", "reference_id": "RHSA-2023:1529", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2758", "reference_id": "RHSA-2023:2758", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2758" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2802", "reference_id": "RHSA-2023:2802", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2802" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3642", "reference_id": "RHSA-2023:3642", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3642" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2180", "reference_id": "RHSA-2024:2180", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2180" }, { "reference_url": "https://usn.ubuntu.com/6038-1/", "reference_id": "USN-6038-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6038-1/" }, { "reference_url": "https://usn.ubuntu.com/6038-2/", "reference_id": "USN-6038-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6038-2/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-30631" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vxks-1bkp-6bd5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13400?format=api", "vulnerability_id": "VCID-x4cs-g2jz-eqb5", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nThe package @braintree/sanitize-url before 6.0.0 is vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23648.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23648.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-23648", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30299", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30317", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30301", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30348", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30392", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.3039", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30356", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30297", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30486", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30441", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30412", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31408", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31917", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31747", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31621", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31538", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31338", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-23648" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23648", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23648" }, { "reference_url": "https://github.com/braintree/sanitize-url", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/braintree/sanitize-url" }, { "reference_url": "https://github.com/braintree/sanitize-url/blob/main/src/index.ts%23L11", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/braintree/sanitize-url/blob/main/src/index.ts%23L11" }, { "reference_url": "https://github.com/braintree/sanitize-url/pull/40", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/braintree/sanitize-url/pull/40" }, { "reference_url": "https://github.com/braintree/sanitize-url/pull/40/commits/e5afda45d9833682b705f73fc2c1265d34832183", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/braintree/sanitize-url/pull/40/commits/e5afda45d9833682b705f73fc2c1265d34832183" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/" }, { "reference_url": "https://snyk.io/vuln/SNYK-JS-BRAINTREESANITIZEURL-2339882", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-JS-BRAINTREESANITIZEURL-2339882" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065290", "reference_id": "2065290", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065290" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23648", "reference_id": "CVE-2021-23648", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23648" }, { "reference_url": "https://github.com/advisories/GHSA-hqq7-2q2v-82xq", "reference_id": "GHSA-hqq7-2q2v-82xq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hqq7-2q2v-82xq" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5069", "reference_id": "RHSA-2022:5069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7519", "reference_id": "RHSA-2022:7519", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7519" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8057", "reference_id": "RHSA-2022:8057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8057" } ], "fixed_packages": [], "aliases": [ "CVE-2021-23648", "GHSA-hqq7-2q2v-82xq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x4cs-g2jz-eqb5" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/grafana@7.5.15-3%3Farch=el8" }