Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/99266?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/99266?format=api", "purl": "pkg:rpm/redhat/servicemesh@2.0.9-3?arch=el8", "type": "rpm", "namespace": "redhat", "name": "servicemesh", "version": "2.0.9-3", "qualifiers": { "arch": "el8" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36617?format=api", "vulnerability_id": "VCID-63v8-dt23-9ue7", "summary": "Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29923.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29923.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29923", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48625", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48619", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48641", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48557", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48666", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48687", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.4864", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48694", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.4869", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48708", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48682", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48743", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48739", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48696", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48681", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48691", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29923" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29923", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29923" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992006", "reference_id": "1992006", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992006" }, { "reference_url": "https://security.archlinux.org/AVG-1357", "reference_id": "AVG-1357", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1357" }, { "reference_url": "https://security.gentoo.org/glsa/202208-02", "reference_id": "GLSA-202208-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3431", "reference_id": "RHSA-2021:3431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3585", "reference_id": "RHSA-2021:3585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4722", "reference_id": "RHSA-2021:4722", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4722" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4725", "reference_id": "RHSA-2021:4725", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4725" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4902", "reference_id": "RHSA-2021:4902", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4902" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4910", "reference_id": "RHSA-2021:4910", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4910" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0237", "reference_id": "RHSA-2022:0237", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0237" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0260", "reference_id": "RHSA-2022:0260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0431", "reference_id": "RHSA-2022:0431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0432", "reference_id": "RHSA-2022:0432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0434", "reference_id": "RHSA-2022:0434", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0434" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0557", "reference_id": "RHSA-2022:0557", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0557" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0561", "reference_id": "RHSA-2022:0561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0561" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0577", "reference_id": "RHSA-2022:0577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0577" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0988", "reference_id": "RHSA-2022:0988", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0988" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0989", "reference_id": "RHSA-2022:0989", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0989" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0997", "reference_id": "RHSA-2022:0997", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0997" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0998", "reference_id": "RHSA-2022:0998", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0998" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1276", "reference_id": "RHSA-2022:1276", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1276" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1372", "reference_id": "RHSA-2022:1372", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1372" } ], "fixed_packages": [], "aliases": [ "CVE-2021-29923" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-63v8-dt23-9ue7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79599?format=api", "vulnerability_id": "VCID-ad5y-3exv-y7bq", "summary": "istio: Unauthenticated control plane denial of service attack due to stack exhaustion", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24726.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24726.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24726", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61288", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61306", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61374", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61378", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61358", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61347", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61362", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61355", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61317", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61285", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61333", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61348", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61368", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61354", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61335", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24726" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061638", "reference_id": "2061638", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061638" }, { "reference_url": "https://github.com/golang/go/issues/51112", "reference_id": "51112", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:46Z/" } ], "url": "https://github.com/golang/go/issues/51112" }, { "reference_url": "https://github.com/istio/istio/commit/6ca5055a4db6695ef5504eabdfde3799f2ea91fd", "reference_id": "6ca5055a4db6695ef5504eabdfde3799f2ea91fd", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:46Z/" } ], "url": "https://github.com/istio/istio/commit/6ca5055a4db6695ef5504eabdfde3799f2ea91fd" }, { "reference_url": "https://github.com/istio/istio/security/advisories/GHSA-8w5h-qr4r-2h6g", "reference_id": "GHSA-8w5h-qr4r-2h6g", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:46Z/" } ], "url": "https://github.com/istio/istio/security/advisories/GHSA-8w5h-qr4r-2h6g" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1275", "reference_id": "RHSA-2022:1275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1276", "reference_id": "RHSA-2022:1276", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1276" } ], "fixed_packages": [], "aliases": [ "CVE-2022-24726" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ad5y-3exv-y7bq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48532?format=api", "vulnerability_id": "VCID-esea-tj2b-h7ey", "summary": "github.com/ulikunitz/xz fixes readUvarint Denial of Service (DoS)\n### Impact\n\nxz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input.\n\n### Patches\n\nThe problem has been fixed in release v0.5.8.\n\n### Workarounds\n\nLimit the size of the compressed file input to a reasonable size for your use case.\n\n### References\n\nThe standard library had recently the same issue and got the [CVE-2020-16845](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16845) allocated.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [xz](https://github.com/ulikunitz/xz/issues).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29482.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29482.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29482", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.62788", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.62728", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.62744", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.62762", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.62752", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.62769", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.62777", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.62758", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.62773", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.62789", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.6274", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.62621", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.62679", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.62712", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.62676", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29482" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29482", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29482" }, { "reference_url": "https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b" }, { "reference_url": "https://github.com/ulikunitz/xz/issues/35", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ulikunitz/xz/issues/35" }, { "reference_url": "https://github.com/ulikunitz/xz/security/advisories/GHSA-25xm-hr59-7c27", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ulikunitz/xz/security/advisories/GHSA-25xm-hr59-7c27" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29482", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29482" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2020-0016", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pkg.go.dev/vuln/GO-2020-0016" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954368", "reference_id": "1954368", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954368" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988243", "reference_id": "988243", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988243" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2920", "reference_id": "RHSA-2021:2920", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2920" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0687", "reference_id": "RHSA-2022:0687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1276", "reference_id": "RHSA-2022:1276", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1276" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:2183", "reference_id": "RHSA-2022:2183", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:2183" } ], "fixed_packages": [], "aliases": [ "CVE-2021-29482", "GHSA-25xm-hr59-7c27" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-esea-tj2b-h7ey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80672?format=api", "vulnerability_id": "VCID-hvfd-h9rm-jkbw", "summary": "golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28852.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28852.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28852", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28995", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.29072", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.29123", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28934", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28999", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.29042", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.29046", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.29001", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28952", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28976", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28954", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28908", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28787", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28676", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28607", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28452", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28513", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28852" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913338", "reference_id": "1913338", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913338" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980002", "reference_id": "980002", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980002" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2438", "reference_id": "RHSA-2021:2438", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2438" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0577", "reference_id": "RHSA-2022:0577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0577" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1276", "reference_id": "RHSA-2022:1276", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1276" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7129", "reference_id": "RHSA-2022:7129", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7129" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7954", "reference_id": "RHSA-2022:7954", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7954" }, { "reference_url": "https://usn.ubuntu.com/5873-1/", "reference_id": "USN-5873-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5873-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2020-28852" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hvfd-h9rm-jkbw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36628?format=api", "vulnerability_id": "VCID-qn4v-xah4-fya7", "summary": "Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36221.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36221.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36221", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.45869", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.45916", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.45937", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.45885", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.45941", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.45938", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.45961", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.45932", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.45939", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.45991", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.45987", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.45882", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.45892", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.45835", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.45733", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.45796", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36221" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36221", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36221" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995656", "reference_id": "1995656", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995656" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991961", "reference_id": "991961", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991961" }, { "reference_url": "https://security.archlinux.org/AVG-2259", "reference_id": "AVG-2259", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2259" }, { "reference_url": "https://security.gentoo.org/glsa/202208-02", "reference_id": "GLSA-202208-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4156", "reference_id": "RHSA-2021:4156", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4156" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4765", "reference_id": "RHSA-2021:4765", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4765" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4766", "reference_id": "RHSA-2021:4766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0557", "reference_id": "RHSA-2022:0557", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0557" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0561", "reference_id": "RHSA-2022:0561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0561" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0577", "reference_id": "RHSA-2022:0577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0577" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0855", "reference_id": "RHSA-2022:0855", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0855" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1276", "reference_id": "RHSA-2022:1276", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1276" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1361", "reference_id": "RHSA-2022:1361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1372", "reference_id": "RHSA-2022:1372", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1372" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1396", "reference_id": "RHSA-2022:1396", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1396" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7457", "reference_id": "RHSA-2022:7457", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7457" } ], "fixed_packages": [], "aliases": [ "CVE-2021-36221" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qn4v-xah4-fya7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80671?format=api", "vulnerability_id": "VCID-r52s-2crw-tfbx", "summary": "golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28851.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28851.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28851", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.3356", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33894", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33926", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33779", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33822", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33855", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33853", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33811", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33787", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33825", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33412", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33393", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33311", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33202", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33267", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28851" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913333", "reference_id": "1913333", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913333" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980001", "reference_id": "980001", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980001" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0577", "reference_id": "RHSA-2022:0577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0577" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1276", "reference_id": "RHSA-2022:1276", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1276" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1762", "reference_id": "RHSA-2022:1762", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1762" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7129", "reference_id": "RHSA-2022:7129", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7129" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7954", "reference_id": "RHSA-2022:7954", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7954" }, { "reference_url": "https://usn.ubuntu.com/5873-1/", "reference_id": "USN-5873-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5873-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2020-28851" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r52s-2crw-tfbx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52971?format=api", "vulnerability_id": "VCID-xref-9byg-nkdw", "summary": "Unauthenticated control plane denial of service attack in Istio\n### Impact\nThe Istio control plane, `istiod`, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the attacker.\n\nFor simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [multicluster](https://istio.io/latest/docs/setup/install/multicluster/primary-remote/) topologies, this port is exposed over the public internet.\n\n### Patches\n\n- Istio 1.13.1 and above\n- Istio 1.12.4 and above\n- Istio 1.11.7 and above\n\n### Workarounds\nThere are no effective workarounds, beyond upgrading. Limiting network access to Istiod to the minimal set of clients can help lessen the scope of the vulnerability to some extent.\n\n### References\nMore details can be found in the [Istio Security Bulletin](https://istio.io/latest/news/security/istio-security-2022-003)\n\n### For more information\nIf you have any questions or comments about this advisory, please email us at [istio-security-vulnerability-reports@googlegroups.com](mailto:istio-security-vulnerability-reports@googlegroups.com)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23635.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23635.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23635", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71672", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71637", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71653", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71648", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71644", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71593", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71613", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71609", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71524", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71564", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71533", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71582", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71598", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71575", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71551", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23635" }, { "reference_url": "https://github.com/istio/istio", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/istio/istio" }, { "reference_url": "https://github.com/istio/istio/commit/5f3b5ed958ae75156f8656fe7b3794f78e94db84", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:30Z/" } ], "url": "https://github.com/istio/istio/commit/5f3b5ed958ae75156f8656fe7b3794f78e94db84" }, { "reference_url": "https://github.com/istio/istio/security/advisories/GHSA-856q-xv3c-7f2f", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:30Z/" } ], "url": "https://github.com/istio/istio/security/advisories/GHSA-856q-xv3c-7f2f" }, { "reference_url": "https://istio.io/latest/news/security/istio-security-2022-003", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:30Z/" } ], "url": "https://istio.io/latest/news/security/istio-security-2022-003" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23635", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23635" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057277", "reference_id": "2057277", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057277" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1275", "reference_id": "RHSA-2022:1275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1276", "reference_id": "RHSA-2022:1276", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1276" } ], "fixed_packages": [], "aliases": [ "CVE-2022-23635", "GHSA-856q-xv3c-7f2f" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xref-9byg-nkdw" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/servicemesh@2.0.9-3%3Farch=el8" }