Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/14649?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14649?format=api", "vulnerability_id": "VCID-mn45-w3s3-syej", "summary": "Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto\nApplications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass.\n\nThe documentation for ServerConfig.PublicKeyCallback says that \"A call to this function does not guarantee that the key offered is in fact used to authenticate.\" Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions.\n\nFor example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key.\n\nSince this API is widely misused, as a partial mitigation golang.org/x/crypto@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth.\n\nUsers should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.", "aliases": [ { "alias": "CVE-2024-45337" }, { "alias": "GHSA-v778-237x-gjrc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/435601?format=api", "purl": "pkg:apk/alpine/rclone@1.69.0-r0?arch=aarch64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.69.0-r0%3Farch=aarch64&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/435602?format=api", "purl": "pkg:apk/alpine/rclone@1.69.0-r0?arch=armhf&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.69.0-r0%3Farch=armhf&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/435609?format=api", "purl": "pkg:apk/alpine/rclone@1.69.0-r0?arch=x86_64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.69.0-r0%3Farch=x86_64&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/440263?format=api", "purl": "pkg:apk/alpine/rclone@1.69.0-r0?arch=aarch64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.69.0-r0%3Farch=aarch64&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/440269?format=api", "purl": "pkg:apk/alpine/rclone@1.69.0-r0?arch=s390x&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.69.0-r0%3Farch=s390x&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/440270?format=api", "purl": "pkg:apk/alpine/rclone@1.69.0-r0?arch=x86&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.69.0-r0%3Farch=x86&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/440271?format=api", "purl": "pkg:apk/alpine/rclone@1.69.0-r0?arch=x86_64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.69.0-r0%3Farch=x86_64&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/496520?format=api", "purl": "pkg:apk/alpine/rclone@1.69.0-r0?arch=armv7&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.69.0-r0%3Farch=armv7&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/496521?format=api", "purl": "pkg:apk/alpine/rclone@1.69.0-r0?arch=loongarch64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.69.0-r0%3Farch=loongarch64&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/496522?format=api", "purl": "pkg:apk/alpine/rclone@1.69.0-r0?arch=ppc64le&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.69.0-r0%3Farch=ppc64le&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/496523?format=api", "purl": "pkg:apk/alpine/rclone@1.69.0-r0?arch=riscv64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.69.0-r0%3Farch=riscv64&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/496524?format=api", "purl": "pkg:apk/alpine/rclone@1.69.0-r0?arch=s390x&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.69.0-r0%3Farch=s390x&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/496525?format=api", "purl": "pkg:apk/alpine/rclone@1.69.0-r0?arch=x86&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.69.0-r0%3Farch=x86&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/496526?format=api", "purl": "pkg:apk/alpine/rclone@1.69.0-r0?arch=x86_64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.69.0-r0%3Farch=x86_64&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/435603?format=api", "purl": "pkg:apk/alpine/rclone@1.69.0-r0?arch=armv7&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.69.0-r0%3Farch=armv7&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/435604?format=api", "purl": "pkg:apk/alpine/rclone@1.69.0-r0?arch=loongarch64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.69.0-r0%3Farch=loongarch64&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/435605?format=api", "purl": "pkg:apk/alpine/rclone@1.69.0-r0?arch=ppc64le&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.69.0-r0%3Farch=ppc64le&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/435606?format=api", "purl": "pkg:apk/alpine/rclone@1.69.0-r0?arch=riscv64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.69.0-r0%3Farch=riscv64&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/435607?format=api", "purl": "pkg:apk/alpine/rclone@1.69.0-r0?arch=s390x&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.69.0-r0%3Farch=s390x&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/435608?format=api", "purl": "pkg:apk/alpine/rclone@1.69.0-r0?arch=x86&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.69.0-r0%3Farch=x86&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/440264?format=api", "purl": "pkg:apk/alpine/rclone@1.69.0-r0?arch=armhf&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.69.0-r0%3Farch=armhf&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/440265?format=api", "purl": "pkg:apk/alpine/rclone@1.69.0-r0?arch=armv7&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.69.0-r0%3Farch=armv7&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/440266?format=api", "purl": "pkg:apk/alpine/rclone@1.69.0-r0?arch=loongarch64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.69.0-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/440267?format=api", "purl": "pkg:apk/alpine/rclone@1.69.0-r0?arch=ppc64le&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.69.0-r0%3Farch=ppc64le&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/440268?format=api", "purl": "pkg:apk/alpine/rclone@1.69.0-r0?arch=riscv64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.69.0-r0%3Farch=riscv64&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/496518?format=api", "purl": "pkg:apk/alpine/rclone@1.69.0-r0?arch=aarch64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.69.0-r0%3Farch=aarch64&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/496519?format=api", "purl": "pkg:apk/alpine/rclone@1.69.0-r0?arch=armhf&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.69.0-r0%3Farch=armhf&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/1054652?format=api", "purl": "pkg:deb/debian/golang-go.crypto@1:0.25.0-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.25.0-1~bpo12%252B1" }, { "url": "http://public2.vulnerablecode.io/api/packages/924155?format=api", "purl": "pkg:deb/debian/golang-go.crypto@1:0.42.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.42.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1054654?format=api", "purl": "pkg:deb/debian/golang-go.crypto@1:0.43.0-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.43.0-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/924148?format=api", "purl": "pkg:deb/debian/golang-go.crypto@1:0.47.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.47.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076070?format=api", "purl": "pkg:deb/debian/golang-go.crypto@1:0.50.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.50.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/51495?format=api", "purl": "pkg:golang/golang.org/x/crypto@0.31.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:golang/golang.org/x/crypto@0.31.0" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924147?format=api", "purl": "pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n1h-e2p4-9yhs" }, { "vulnerability": "VCID-cmts-6kz4-zkh8" }, { "vulnerability": "VCID-et4d-ak3r-1bfa" }, { "vulnerability": "VCID-hu5a-ewvg-6ya7" }, { "vulnerability": "VCID-jwxs-gteb-kfg5" }, { "vulnerability": "VCID-jzn6-bzzf-nugp" }, { "vulnerability": "VCID-mn45-w3s3-syej" }, { "vulnerability": "VCID-n34c-71wq-s3e4" }, { "vulnerability": "VCID-sty6-gwh1-hbcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/994457?format=api", "purl": "pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1n1h-e2p4-9yhs" }, { "vulnerability": "VCID-cmts-6kz4-zkh8" }, { "vulnerability": "VCID-et4d-ak3r-1bfa" }, { "vulnerability": "VCID-hu5a-ewvg-6ya7" }, { "vulnerability": "VCID-jwxs-gteb-kfg5" }, { "vulnerability": "VCID-jzn6-bzzf-nugp" }, { "vulnerability": "VCID-mn45-w3s3-syej" }, { "vulnerability": "VCID-n34c-71wq-s3e4" }, { "vulnerability": "VCID-sty6-gwh1-hbcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.0~git20201221.eec23a3-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/924145?format=api", "purl": "pkg:deb/debian/golang-go.crypto@1:0.4.0-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cmts-6kz4-zkh8" }, { "vulnerability": "VCID-hu5a-ewvg-6ya7" }, { "vulnerability": "VCID-jwxs-gteb-kfg5" }, { "vulnerability": "VCID-jzn6-bzzf-nugp" }, { "vulnerability": "VCID-mn45-w3s3-syej" }, { "vulnerability": "VCID-sty6-gwh1-hbcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.4.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/994458?format=api", "purl": "pkg:deb/debian/golang-go.crypto@1:0.4.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cmts-6kz4-zkh8" }, { "vulnerability": "VCID-hu5a-ewvg-6ya7" }, { "vulnerability": "VCID-jwxs-gteb-kfg5" }, { "vulnerability": "VCID-jzn6-bzzf-nugp" }, { "vulnerability": "VCID-mn45-w3s3-syej" }, { "vulnerability": "VCID-sty6-gwh1-hbcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.4.0-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/924149?format=api", "purl": "pkg:deb/debian/golang-go.crypto@1:0.25.0-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cmts-6kz4-zkh8" }, { "vulnerability": "VCID-hu5a-ewvg-6ya7" }, { "vulnerability": "VCID-jwxs-gteb-kfg5" }, { "vulnerability": "VCID-mn45-w3s3-syej" }, { "vulnerability": "VCID-sty6-gwh1-hbcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.25.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1054653?format=api", "purl": "pkg:deb/debian/golang-go.crypto@1:0.25.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cmts-6kz4-zkh8" }, { "vulnerability": "VCID-hu5a-ewvg-6ya7" }, { "vulnerability": "VCID-jwxs-gteb-kfg5" }, { "vulnerability": "VCID-mn45-w3s3-syej" }, { "vulnerability": "VCID-sty6-gwh1-hbcy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-go.crypto@1:0.25.0-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1082221?format=api", "purl": "pkg:rpm/redhat/openshift4/ose-ibmcloud-cluster-api-controllers-rhel8:ose-ibmcloud-cluster-api-controllers-container@4.14.0-202509151013.p2.g8607d6c.assembly.stream?arch=el8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cmts-6kz4-zkh8" }, { "vulnerability": "VCID-mn45-w3s3-syej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift4/ose-ibmcloud-cluster-api-controllers-rhel8:ose-ibmcloud-cluster-api-controllers-container@4.14.0-202509151013.p2.g8607d6c.assembly.stream%3Farch=el8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1082226?format=api", "purl": "pkg:rpm/redhat/openshift4/ose-ibmcloud-cluster-api-controllers-rhel9:ose-ibmcloud-cluster-api-controllers-container@4.15.0-202509151014.p2.g299435a.assembly.stream?arch=el9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cmts-6kz4-zkh8" }, { "vulnerability": "VCID-mn45-w3s3-syej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift4/ose-ibmcloud-cluster-api-controllers-rhel9:ose-ibmcloud-cluster-api-controllers-container@4.15.0-202509151014.p2.g299435a.assembly.stream%3Farch=el9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1082229?format=api", "purl": "pkg:rpm/redhat/openshift4/ose-ibmcloud-cluster-api-controllers-rhel9:ose-ibmcloud-cluster-api-controllers-container@4.16.0-202509091828.p2.gf19534d.assembly.stream?arch=el9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mn45-w3s3-syej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift4/ose-ibmcloud-cluster-api-controllers-rhel9:ose-ibmcloud-cluster-api-controllers-container@4.16.0-202509091828.p2.gf19534d.assembly.stream%3Farch=el9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1082230?format=api", "purl": "pkg:rpm/redhat/openshift4/ose-oauth-proxy-rhel9:golang-github-openshift-oauth-proxy-container@4.15.0-202510211321.p2.g2e0585d.assembly.stream?arch=el9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mn45-w3s3-syej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift4/ose-oauth-proxy-rhel9:golang-github-openshift-oauth-proxy-container@4.15.0-202510211321.p2.g2e0585d.assembly.stream%3Farch=el9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1082231?format=api", "purl": "pkg:rpm/redhat/openshift4/ose-oauth-proxy-rhel9:golang-github-openshift-oauth-proxy-container@4.16.0-202510061311.p2.g565f7ed.assembly.stream?arch=el9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mn45-w3s3-syej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift4/ose-oauth-proxy-rhel9:golang-github-openshift-oauth-proxy-container@4.16.0-202510061311.p2.g565f7ed.assembly.stream%3Farch=el9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1082232?format=api", "purl": "pkg:rpm/redhat/openshift4/ose-oauth-proxy-rhel9:golang-github-openshift-oauth-proxy-container@4.17.0-202510011451.p2.ga9f1a5c.assembly.stream?arch=el9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mn45-w3s3-syej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift4/ose-oauth-proxy-rhel9:golang-github-openshift-oauth-proxy-container@4.17.0-202510011451.p2.ga9f1a5c.assembly.stream%3Farch=el9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1082233?format=api", "purl": "pkg:rpm/redhat/openshift4/ose-oauth-proxy-rhel9:golang-github-openshift-oauth-proxy-container@4.18.0-202510060338.p2.g9225edb.assembly.stream?arch=el9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mn45-w3s3-syej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift4/ose-oauth-proxy-rhel9:golang-github-openshift-oauth-proxy-container@4.18.0-202510060338.p2.g9225edb.assembly.stream%3Farch=el9" } ], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45337.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45337.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45337", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.30296", "scoring_system": "epss", "scoring_elements": "0.96734", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.30296", "scoring_system": "epss", "scoring_elements": "0.96685", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.30296", "scoring_system": "epss", "scoring_elements": "0.96703", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.30296", "scoring_system": "epss", "scoring_elements": "0.96701", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.30296", "scoring_system": "epss", "scoring_elements": "0.96698", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.30296", "scoring_system": "epss", "scoring_elements": "0.96699", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.30296", "scoring_system": "epss", "scoring_elements": "0.96696", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.30296", "scoring_system": "epss", "scoring_elements": "0.9666", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.30296", "scoring_system": "epss", "scoring_elements": "0.96666", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.30296", "scoring_system": "epss", "scoring_elements": "0.9667", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.30296", "scoring_system": "epss", "scoring_elements": "0.96678", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.30296", "scoring_system": "epss", "scoring_elements": "0.96679", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.30296", "scoring_system": "epss", "scoring_elements": "0.96682", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.30296", "scoring_system": "epss", "scoring_elements": "0.96692", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.30296", "scoring_system": "epss", "scoring_elements": "0.96726", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.30296", "scoring_system": "epss", "scoring_elements": "0.96722", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.30296", "scoring_system": "epss", "scoring_elements": "0.96718", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.30296", "scoring_system": "epss", "scoring_elements": "0.96713", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.30296", "scoring_system": "epss", "scoring_elements": "0.9671", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45337" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45337", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45337" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/golang/crypto", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/golang/crypto" }, { "reference_url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-12T17:57:55Z/" } ], "url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909" }, { "reference_url": "https://go.dev/cl/635315", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-12T17:57:55Z/" } ], "url": "https://go.dev/cl/635315" }, { "reference_url": "https://go.dev/issue/70779", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-12T17:57:55Z/" } ], "url": "https://go.dev/issue/70779" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-12T17:57:55Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2024-3321", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-12T17:57:55Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2024-3321" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20250131-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20250131-0007" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/12/11/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/12/11/2" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089754", "reference_id": "1089754", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089754" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720", "reference_id": "2331720", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11037", "reference_id": "RHSA-2024:11037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11037" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11038", "reference_id": "RHSA-2024:11038", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11038" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6121", "reference_id": "RHSA-2024:6121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6121" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0370", "reference_id": "RHSA-2025:0370", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0370" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0385", "reference_id": "RHSA-2025:0385", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0385" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0386", "reference_id": "RHSA-2025:0386", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0386" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0390", "reference_id": "RHSA-2025:0390", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0390" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0444", "reference_id": "RHSA-2025:0444", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0444" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0445", "reference_id": "RHSA-2025:0445", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0445" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0485", "reference_id": "RHSA-2025:0485", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0485" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0522", "reference_id": "RHSA-2025:0522", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0522" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0535", "reference_id": "RHSA-2025:0535", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0535" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0536", "reference_id": "RHSA-2025:0536", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0536" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0552", "reference_id": "RHSA-2025:0552", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0552" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0560", "reference_id": "RHSA-2025:0560", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0560" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0576", "reference_id": "RHSA-2025:0576", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0576" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0577", "reference_id": "RHSA-2025:0577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0577" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0645", "reference_id": "RHSA-2025:0645", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0645" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0649", "reference_id": "RHSA-2025:0649", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0649" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0653", "reference_id": "RHSA-2025:0653", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0653" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0676", "reference_id": "RHSA-2025:0676", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0676" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0679", "reference_id": "RHSA-2025:0679", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0679" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0723", "reference_id": "RHSA-2025:0723", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0723" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0778", "reference_id": "RHSA-2025:0778", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0778" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0785", "reference_id": "RHSA-2025:0785", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0785" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0839", "reference_id": "RHSA-2025:0839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0851", "reference_id": "RHSA-2025:0851", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0851" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0892", "reference_id": "RHSA-2025:0892", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0892" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10771", "reference_id": "RHSA-2025:10771", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:10771" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11396", "reference_id": "RHSA-2025:11396", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:11396" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1285", "reference_id": "RHSA-2025:1285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1287", "reference_id": "RHSA-2025:1287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1289", "reference_id": "RHSA-2025:1289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1322", "reference_id": "RHSA-2025:1322", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1322" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1324", "reference_id": "RHSA-2025:1324", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1324" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1325", "reference_id": "RHSA-2025:1325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1326", "reference_id": "RHSA-2025:1326", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1326" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1327", "reference_id": "RHSA-2025:1327", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1327" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1331", "reference_id": "RHSA-2025:1331", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1331" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1332", "reference_id": "RHSA-2025:1332", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1332" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1333", "reference_id": "RHSA-2025:1333", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1333" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1448", "reference_id": "RHSA-2025:1448", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1451", "reference_id": "RHSA-2025:1451", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1451" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15680", "reference_id": "RHSA-2025:15680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16160", "reference_id": "RHSA-2025:16160", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16160" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16165", "reference_id": "RHSA-2025:16165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1710", "reference_id": "RHSA-2025:1710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17232", "reference_id": "RHSA-2025:17232", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17232" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17657", "reference_id": "RHSA-2025:17657", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17657" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17690", "reference_id": "RHSA-2025:17690", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1824", "reference_id": "RHSA-2025:1824", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1824" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1829", "reference_id": "RHSA-2025:1829", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1829" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1841", "reference_id": "RHSA-2025:1841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1845", "reference_id": "RHSA-2025:1845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1847", "reference_id": "RHSA-2025:1847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1848", "reference_id": "RHSA-2025:1848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1849", "reference_id": "RHSA-2025:1849", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1849" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19306", "reference_id": "RHSA-2025:19306", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19306" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22182", "reference_id": "RHSA-2025:22182", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22182" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22287", "reference_id": "RHSA-2025:22287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23061", "reference_id": "RHSA-2025:23061", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23061" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23064", "reference_id": "RHSA-2025:23064", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23064" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2588", "reference_id": "RHSA-2025:2588", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2588" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2652", "reference_id": "RHSA-2025:2652", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2652" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2903", "reference_id": "RHSA-2025:2903", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2903" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2933", "reference_id": "RHSA-2025:2933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3069", "reference_id": "RHSA-2025:3069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3542", "reference_id": "RHSA-2025:3542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3560", "reference_id": "RHSA-2025:3560", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3560" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3820", "reference_id": "RHSA-2025:3820", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3820" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8244", "reference_id": "RHSA-2025:8244", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8244" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1730", "reference_id": "RHSA-2026:1730", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1730" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2681", "reference_id": "RHSA-2026:2681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2754", "reference_id": "RHSA-2026:2754", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2754" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2762", "reference_id": "RHSA-2026:2762", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2762" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6568", "reference_id": "RHSA-2026:6568", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6568" }, { "reference_url": "https://usn.ubuntu.com/7839-1/", "reference_id": "USN-7839-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7839-1/" }, { "reference_url": "https://usn.ubuntu.com/7839-2/", "reference_id": "USN-7839-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7839-2/" } ], "weaknesses": [ { "cwe_id": 285, "name": "Improper Authorization", "description": "The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action." }, { "cwe_id": 1108, "name": "Excessive Reliance on Global Variables", "description": "The code is structured in a way that relies too much on using or setting global variables throughout various points in the code, instead of preserving the associated information in a narrower, more local context." } ], "exploits": [], "severity_range_score": "8.1 - 10.0", "exploitability": "0.5", "weighted_severity": "9.0", "risk_score": 4.5, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mn45-w3s3-syej" }