{"url":"http://public2.vulnerablecode.io/api/packages/99904?format=json","purl":"pkg:rpm/redhat/rh-nodejs14-nodejs-nodemon@2.0.3-6?arch=el7","type":"rpm","namespace":"redhat","name":"rh-nodejs14-nodejs-nodemon","version":"2.0.3-6","qualifiers":{"arch":"el7"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11159?format=json","vulnerability_id":"VCID-1tz4-bphw-rbd3","summary":"Path Traversal\nThis npm package has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37701.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37701.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37701","reference_id":"","reference_type":"","scores":[{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29567","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29453","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29519","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28903","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.2905","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29119","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29231","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29345","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.2939","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29417","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29398","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.2945","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29495","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29492","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29452","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29388","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37701"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37712","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37712"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/npm/node-tar","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/npm/node-tar"},{"reference_url":"https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00023.html","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00023.html"},{"reference_url":"https://www.debian.org/security/2021/dsa-5008","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-5008"},{"reference_url":"https://www.npmjs.com/package/tar","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/package/tar"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1999731","reference_id":"1999731","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1999731"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37701","reference_id":"CVE-2021-37701","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37701"},{"reference_url":"https://github.com/advisories/GHSA-9r2w-394v-53qc","reference_id":"GHSA-9r2w-394v-53qc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9r2w-394v-53qc"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5086","reference_id":"RHSA-2021:5086","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5086"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0041","reference_id":"RHSA-2022:0041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0246","reference_id":"RHSA-2022:0246","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0246"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0350","reference_id":"RHSA-2022:0350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4914","reference_id":"RHSA-2022:4914","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4914"}],"fixed_packages":[],"aliases":["CVE-2021-37701","GHSA-9r2w-394v-53qc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1tz4-bphw-rbd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11153?format=json","vulnerability_id":"VCID-7mtb-yaq7-77ep","summary":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nThe npm package \"tar\" (aka node-tar) has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37712.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37712.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37712","reference_id":"","reference_type":"","scores":[{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24623","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24643","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24626","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.2458","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24509","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24737","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24698","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24288","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24413","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24454","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24468","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24523","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24548","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24557","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24545","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.246","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37712"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37712","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37712"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/isaacs/node-tar/commit/1739408d3122af897caefd09662bce2ea477533b","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/isaacs/node-tar/commit/1739408d3122af897caefd09662bce2ea477533b"},{"reference_url":"https://github.com/isaacs/node-tar/commit/2f1bca027286c23e110b8dfc7efc10756fa3db5a","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/isaacs/node-tar/commit/2f1bca027286c23e110b8dfc7efc10756fa3db5a"},{"reference_url":"https://github.com/isaacs/node-tar/commit/3aaf19b2501bbddb145d92b3322c80dcaed3c35f","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/isaacs/node-tar/commit/3aaf19b2501bbddb145d92b3322c80dcaed3c35f"},{"reference_url":"https://github.com/isaacs/node-tar/commit/b6162c7fafe797f856564ef37f4b82747f051455","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/isaacs/node-tar/commit/b6162c7fafe797f856564ef37f4b82747f051455"},{"reference_url":"https://github.com/isaacs/node-tar/commit/bb93ba243746f705092905da1955ac3b0509ba1e","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/isaacs/node-tar/commit/bb93ba243746f705092905da1955ac3b0509ba1e"},{"reference_url":"https://github.com/isaacs/node-tar/commit/d56f790bda9fea807dd80c5083f24771dbdd6eb1","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/isaacs/node-tar/commit/d56f790bda9fea807dd80c5083f24771dbdd6eb1"},{"reference_url":"https://github.com/npm/node-tar","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/npm/node-tar"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00023.html","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00023.html"},{"reference_url":"https://www.debian.org/security/2021/dsa-5008","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-5008"},{"reference_url":"https://www.npmjs.com/package/tar","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/package/tar"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1999739","reference_id":"1999739","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1999739"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993981","reference_id":"993981","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993981"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37712","reference_id":"CVE-2021-37712","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37712"},{"reference_url":"https://github.com/advisories/GHSA-qq89-hq3f-393p","reference_id":"GHSA-qq89-hq3f-393p","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qq89-hq3f-393p"},{"reference_url":"https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p","reference_id":"GHSA-qq89-hq3f-393p","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5086","reference_id":"RHSA-2021:5086","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5086"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0041","reference_id":"RHSA-2022:0041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0246","reference_id":"RHSA-2022:0246","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0246"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0350","reference_id":"RHSA-2022:0350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4914","reference_id":"RHSA-2022:4914","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4914"}],"fixed_packages":[],"aliases":["CVE-2021-37712","GHSA-qq89-hq3f-393p"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7mtb-yaq7-77ep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11245?format=json","vulnerability_id":"VCID-c86y-234c-s3hu","summary":"ansi-regex is vulnerable to Inefficient Regular Expression Complexity","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3807.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3807.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3807","reference_id":"","reference_type":"","scores":[{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43777","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43899","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43984","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43981","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.4403","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44096","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44105","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44043","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44059","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44076","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44074","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44023","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44092","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44069","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44021","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3807"},{"reference_url":"https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3807"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/chalk/ansi-regex","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/chalk/ansi-regex"},{"reference_url":"https://github.com/chalk/ansi-regex/commit/419250fa510bf31b4cc672e76537a64f9332e1f1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/chalk/ansi-regex/commit/419250fa510bf31b4cc672e76537a64f9332e1f1"},{"reference_url":"https://github.com/chalk/ansi-regex/commit/75a657da7af875b2e2724fd6331bf0a4b23d3c9a","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/chalk/ansi-regex/commit/75a657da7af875b2e2724fd6331bf0a4b23d3c9a"},{"reference_url":"https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9"},{"reference_url":"https://github.com/chalk/ansi-regex/commit/c3c0b3f2736b9c01feec0fef33980c43720dcde8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/chalk/ansi-regex/commit/c3c0b3f2736b9c01feec0fef33980c43720dcde8"},{"reference_url":"https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311"},{"reference_url":"https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774"},{"reference_url":"https://github.com/chalk/ansi-regex/releases/tag/v6.0.1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/chalk/ansi-regex/releases/tag/v6.0.1"},{"reference_url":"https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221014-0002","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20221014-0002"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221014-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20221014-0002/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2007557","reference_id":"2007557","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2007557"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994568","reference_id":"994568","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994568"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3807","reference_id":"CVE-2021-3807","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3807"},{"reference_url":"https://github.com/advisories/GHSA-93q8-gq69-wqmw","reference_id":"GHSA-93q8-gq69-wqmw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-93q8-gq69-wqmw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5171","reference_id":"RHSA-2021:5171","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5171"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0041","reference_id":"RHSA-2022:0041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0246","reference_id":"RHSA-2022:0246","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0246"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0350","reference_id":"RHSA-2022:0350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4711","reference_id":"RHSA-2022:4711","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4711"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4814","reference_id":"RHSA-2022:4814","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4814"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5483","reference_id":"RHSA-2022:5483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5483"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5532","reference_id":"RHSA-2022:5532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5555","reference_id":"RHSA-2022:5555","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5555"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6449","reference_id":"RHSA-2022:6449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6595","reference_id":"RHSA-2022:6595","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6595"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3742","reference_id":"RHSA-2023:3742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3742"}],"fixed_packages":[],"aliases":["CVE-2021-3807","GHSA-93q8-gq69-wqmw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c86y-234c-s3hu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11561?format=json","vulnerability_id":"VCID-gwyr-ac4e-dqfa","summary":"Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')\nThe llhttp parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22959.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22959.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22959","reference_id":"","reference_type":"","scores":[{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43692","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43446","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43657","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43574","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43747","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43772","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43706","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43756","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43759","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43779","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43746","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.4373","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43791","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43783","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43715","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43652","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22959"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1238709","reference_id":"","reference_type":"","scores":[],"url":"https://hackerone.com/reports/1238709"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2014057","reference_id":"2014057","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2014057"},{"reference_url":"https://security.archlinux.org/ASA-202110-4","reference_id":"ASA-202110-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202110-4"},{"reference_url":"https://security.archlinux.org/AVG-2460","reference_id":"AVG-2460","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2460"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22959","reference_id":"CVE-2021-22959","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22959"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5171","reference_id":"RHSA-2021:5171","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5171"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0041","reference_id":"RHSA-2022:0041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0246","reference_id":"RHSA-2022:0246","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0246"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0350","reference_id":"RHSA-2022:0350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4914","reference_id":"RHSA-2022:4914","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4914"}],"fixed_packages":[],"aliases":["CVE-2021-22959"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gwyr-ac4e-dqfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11608?format=json","vulnerability_id":"VCID-hwk3-sg9p-wqe7","summary":"json-schema is vulnerable to Prototype Pollution\njson-schema before version 0.4.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution').","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3918.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3918.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3918","reference_id":"","reference_type":"","scores":[{"value":"0.01262","scoring_system":"epss","scoring_elements":"0.79535","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01262","scoring_system":"epss","scoring_elements":"0.7952","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01262","scoring_system":"epss","scoring_elements":"0.79504","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01262","scoring_system":"epss","scoring_elements":"0.79497","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01262","scoring_system":"epss","scoring_elements":"0.79466","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01262","scoring_system":"epss","scoring_elements":"0.79462","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01262","scoring_system":"epss","scoring_elements":"0.79464","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01262","scoring_system":"epss","scoring_elements":"0.79433","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01262","scoring_system":"epss","scoring_elements":"0.79443","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01262","scoring_system":"epss","scoring_elements":"0.7946","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01262","scoring_system":"epss","scoring_elements":"0.79437","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01262","scoring_system":"epss","scoring_elements":"0.79428","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01262","scoring_system":"epss","scoring_elements":"0.794","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01262","scoring_system":"epss","scoring_elements":"0.79413","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01262","scoring_system":"epss","scoring_elements":"0.79391","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01262","scoring_system":"epss","scoring_elements":"0.79384","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3918"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3918","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3918"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/kriszyp/json-schema","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/kriszyp/json-schema"},{"reference_url":"https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741"},{"reference_url":"https://github.com/kriszyp/json-schema/commit/b62f1da1ff5442f23443d6be6a92d00e65cba93a","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/kriszyp/json-schema/commit/b62f1da1ff5442f23443d6be6a92d00e65cba93a"},{"reference_url":"https://github.com/kriszyp/json-schema/commit/f6f6a3b02d667aa4ba2d5d50cc19208c4462abfa","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/kriszyp/json-schema/commit/f6f6a3b02d667aa4ba2d5d50cc19208c4462abfa"},{"reference_url":"https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00013.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20250117-0004","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20250117-0004"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2024702","reference_id":"2024702","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2024702"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999765","reference_id":"999765","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999765"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3918","reference_id":"CVE-2021-3918","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3918"},{"reference_url":"https://github.com/advisories/GHSA-896r-f27r-55mw","reference_id":"GHSA-896r-f27r-55mw","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-896r-f27r-55mw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5171","reference_id":"RHSA-2021:5171","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5171"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0041","reference_id":"RHSA-2022:0041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0246","reference_id":"RHSA-2022:0246","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0246"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0350","reference_id":"RHSA-2022:0350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4914","reference_id":"RHSA-2022:4914","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4914"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4956","reference_id":"RHSA-2022:4956","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4956"},{"reference_url":"https://usn.ubuntu.com/6103-1/","reference_id":"USN-6103-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6103-1/"}],"fixed_packages":[],"aliases":["CVE-2021-3918","GHSA-896r-f27r-55mw"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hwk3-sg9p-wqe7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11473?format=json","vulnerability_id":"VCID-tnhd-rr89-9udh","summary":"Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')\nThe parse function in llhttp ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22960.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22960.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22960","reference_id":"","reference_type":"","scores":[{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45642","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45493","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.4566","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.456","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45709","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45729","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45677","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45733","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45751","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45721","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45779","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45773","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.4572","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45651","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-22960"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22959"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22960"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44533"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21824"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1238099","reference_id":"","reference_type":"","scores":[],"url":"https://hackerone.com/reports/1238099"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2014059","reference_id":"2014059","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2014059"},{"reference_url":"https://security.archlinux.org/ASA-202110-4","reference_id":"ASA-202110-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202110-4"},{"reference_url":"https://security.archlinux.org/AVG-2460","reference_id":"AVG-2460","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2460"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22960","reference_id":"CVE-2021-22960","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22960"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5171","reference_id":"RHSA-2021:5171","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5171"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0041","reference_id":"RHSA-2022:0041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0246","reference_id":"RHSA-2022:0246","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0246"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0350","reference_id":"RHSA-2022:0350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4914","reference_id":"RHSA-2022:4914","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4914"}],"fixed_packages":[],"aliases":["CVE-2021-22960"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tnhd-rr89-9udh"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-nodejs14-nodejs-nodemon@2.0.3-6%3Farch=el7"}