{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25236?format=json","vulnerability_id":"VCID-qatc-a78d-8ufh","summary":"quic-go: Panic occurs when queuing undecryptable packets after handshake completion\n## Summary\n\nA misbehaving or malicious server can trigger an assertion in a quic-go client (and crash the process) by sending a premature HANDSHAKE_DONE frame during the handshake.\n\n## Impact\n\nA misbehaving or malicious server can cause a denial-of-service (DoS) attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requires no authentication and can be exploited during the handshake phase. Observed in the wild with certain server implementations (e.g. Solana's Firedancer QUIC).\n\n## Affected Versions\n\n- All versions prior to v0.49.1 (for the 0.49 branch)\n- Versions v0.50.0 to v0.54.0 (inclusive)\n- Fixed in v0.49.1, v0.54.1, and v0.55.0 onward\n\nUsers are recommended to upgrade to the latest patched version in their respective maintenance branch or to v0.55.0 or later.\n\n## Details\n\nFor a regular 1-RTT handshake, QUIC uses three sets of keys to encrypt / decrypt QUIC packets:\n\n- Initial keys (derived from a static key and the connection ID)\n- Handshake keys (derived from the client's and server's key shares in the TLS handshake)\n- 1-RTT keys (derived when the TLS handshake finishes)\n\nOn the client side, Initial keys are discarded when the first Handshake packet is sent. Handshake keys are discarded when the server's HANDSHAKE_DONE frame is received, as specified in section 4.9.2 of RFC 9001. Crucially, Initial keys are always dropped before Handshake keys in a standard handshake.\n\nDue to packet reordering, it is possible to receive a packet with a higher encryption level before the key for that encryption level has been derived. For example, the server's Handshake packets (containing, among others, the TLS certificate) might arrive before the server's Initial packet (which contains the TLS ServerHello). In that case, the client queues the Handshake packets and decrypts them as soon as it has processed the ServerHello and derived Handshake keys.\n\nAfter completion of the handshake, Initial and Handshake packets are not needed anymore and will be dropped. quic-go implements an [assertion](https://github.com/quic-go/quic-go/blob/v0.55.0/connection.go#L2682-L2685) that no packets are queued after completion of the handshake.\n\nA misbehaving or malicious server can trigger this assertion, and thereby cause a panic, by sending a HANDSHAKE_DONE frame before actually completing the handshake. In that case, Handshake keys would be dropped before Initial keys.\n\nThis can only happen if the server implementation is misbehaving: the server can only complete the handshake after receiving the client's TLS Finished message (which is sent in Handshake packets).\n\n## The Fix\n\nquic-go needs to be able to handle misbehaving server implementations, including those that prematurely send a HANDSHAKE_DONE frame. We now discard Initial keys when receiving a HANDSHAKE_DONE frame, thereby correctly handling premature HANDSHAKE_DONE frames. The fix was implemented in https://github.com/quic-go/quic-go/pull/5354.","aliases":[{"alias":"CVE-2025-59530"},{"alias":"GHSA-47m2-4cr7-mhcw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994851?format=json","purl":"pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.46.0-2~bpo12%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.46.0-2~bpo12%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/924035?format=json","purl":"pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.54.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.54.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924029?format=json","purl":"pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.59.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.59.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1088993?format=json","purl":"pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.59.0-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.59.0-2"},{"url":"http://public2.vulnerablecode.io/api/packages/68422?format=json","purl":"pkg:golang/github.com/quic-go/quic-go@0.49.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/quic-go/quic-go@0.49.1"},{"url":"http://public2.vulnerablecode.io/api/packages/68423?format=json","purl":"pkg:golang/github.com/quic-go/quic-go@0.54.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/quic-go/quic-go@0.54.1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994849?format=json","purl":"pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.19.3-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18gf-znwv-aubu"},{"vulnerability":"VCID-3vjt-1se3-rbhc"},{"vulnerability":"VCID-apqf-t7ew-5fgw"},{"vulnerability":"VCID-qatc-a78d-8ufh"},{"vulnerability":"VCID-tw5q-cn78-vyda"},{"vulnerability":"VCID-u6kw-zxc9-q7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.19.3-1"},{"url":"http://public2.vulnerablecode.io/api/packages/924028?format=json","purl":"pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.19.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18gf-znwv-aubu"},{"vulnerability":"VCID-3vjt-1se3-rbhc"},{"vulnerability":"VCID-apqf-t7ew-5fgw"},{"vulnerability":"VCID-qatc-a78d-8ufh"},{"vulnerability":"VCID-tw5q-cn78-vyda"},{"vulnerability":"VCID-u6kw-zxc9-q7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.19.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/924026?format=json","purl":"pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.29.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18gf-znwv-aubu"},{"vulnerability":"VCID-3vjt-1se3-rbhc"},{"vulnerability":"VCID-apqf-t7ew-5fgw"},{"vulnerability":"VCID-qatc-a78d-8ufh"},{"vulnerability":"VCID-tw5q-cn78-vyda"},{"vulnerability":"VCID-u6kw-zxc9-q7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.29.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/994850?format=json","purl":"pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.29.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18gf-znwv-aubu"},{"vulnerability":"VCID-3vjt-1se3-rbhc"},{"vulnerability":"VCID-apqf-t7ew-5fgw"},{"vulnerability":"VCID-qatc-a78d-8ufh"},{"vulnerability":"VCID-tw5q-cn78-vyda"},{"vulnerability":"VCID-u6kw-zxc9-q7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.29.0-1"},{"url":"http://public2.vulnerablecode.io/api/packages/994852?format=json","purl":"pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.50.1-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-apqf-t7ew-5fgw"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.50.1-2"},{"url":"http://public2.vulnerablecode.io/api/packages/924030?format=json","purl":"pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.50.1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-apqf-t7ew-5fgw"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.50.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88168?format=json","purl":"pkg:rpm/redhat/ansible-builder@3.1.1-1?arch=el9ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ansible-builder@3.1.1-1%3Farch=el9ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88205?format=json","purl":"pkg:rpm/redhat/ansible-builder@3.1.1-1?arch=el8ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ansible-builder@3.1.1-1%3Farch=el8ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88193?format=json","purl":"pkg:rpm/redhat/ansible-creator@25.12.0-1?arch=el9ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ansible-creator@25.12.0-1%3Farch=el9ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88159?format=json","purl":"pkg:rpm/redhat/ansible-creator@25.12.0-1?arch=el8ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ansible-creator@25.12.0-1%3Farch=el8ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88162?format=json","purl":"pkg:rpm/redhat/ansible-dev-environment@25.12.2-1.1?arch=el9ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ansible-dev-environment@25.12.2-1.1%3Farch=el9ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88189?format=json","purl":"pkg:rpm/redhat/ansible-dev-environment@25.12.2-1.1?arch=el8ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ansible-dev-environment@25.12.2-1.1%3Farch=el8ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88169?format=json","purl":"pkg:rpm/redhat/ansible-dev-tools@25.12.0-1?arch=el8ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ansible-dev-tools@25.12.0-1%3Farch=el8ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88204?format=json","purl":"pkg:rpm/redhat/ansible-dev-tools@25.12.0-1?arch=el9ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ansible-dev-tools@25.12.0-1%3Farch=el9ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88171?format=json","purl":"pkg:rpm/redhat/ansible-lint@25.12.0-1?arch=el9ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ansible-lint@25.12.0-1%3Farch=el9ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88207?format=json","purl":"pkg:rpm/redhat/ansible-lint@25.12.0-1?arch=el8ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ansible-lint@25.12.0-1%3Farch=el8ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88179?format=json","purl":"pkg:rpm/redhat/ansible-navigator@25.12.0-1?arch=el9ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ansible-navigator@25.12.0-1%3Farch=el9ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88214?format=json","purl":"pkg:rpm/redhat/ansible-navigator@25.12.0-1?arch=el8ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ansible-navigator@25.12.0-1%3Farch=el8ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88180?format=json","purl":"pkg:rpm/redhat/ansible-sign@0.1.4-1?arch=el9ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ansible-sign@0.1.4-1%3Farch=el9ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88215?format=json","purl":"pkg:rpm/redhat/ansible-sign@0.1.4-1?arch=el8ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ansible-sign@0.1.4-1%3Farch=el8ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88174?format=json","purl":"pkg:rpm/redhat/automation-hub@4.10.10-1?arch=el9ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/automation-hub@4.10.10-1%3Farch=el9ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88208?format=json","purl":"pkg:rpm/redhat/automation-hub@4.10.10-1?arch=el8ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/automation-hub@4.10.10-1%3Farch=el8ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88182?format=json","purl":"pkg:rpm/redhat/bindep@2.13.0-1?arch=el9ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/bindep@2.13.0-1%3Farch=el9ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88217?format=json","purl":"pkg:rpm/redhat/bindep@2.13.0-1?arch=el8ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/bindep@2.13.0-1%3Farch=el8ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88192?format=json","purl":"pkg:rpm/redhat/molecule@25.12.0-1?arch=el9ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/molecule@25.12.0-1%3Farch=el9ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88157?format=json","purl":"pkg:rpm/redhat/molecule@25.12.0-1?arch=el8ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/molecule@25.12.0-1%3Farch=el8ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88188?format=json","purl":"pkg:rpm/redhat/python3.11-ansible-compat@25.12.0-1?arch=el8ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-ansible-compat@25.12.0-1%3Farch=el8ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88153?format=json","purl":"pkg:rpm/redhat/python3.11-ansible-compat@25.12.0-1?arch=el9ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-ansible-compat@25.12.0-1%3Farch=el9ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88152?format=json","purl":"pkg:rpm/redhat/python3.11-distlib@0.4.0-1?arch=el8ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-distlib@0.4.0-1%3Farch=el8ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88181?format=json","purl":"pkg:rpm/redhat/python3.11-distlib@0.4.0-1?arch=el9ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-distlib@0.4.0-1%3Farch=el9ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88173?format=json","purl":"pkg:rpm/redhat/python3.11-django@4.2.26-1?arch=el9ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-django@4.2.26-1%3Farch=el9ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88209?format=json","purl":"pkg:rpm/redhat/python3.11-django@4.2.26-1?arch=el8ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-django@4.2.26-1%3Farch=el8ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88187?format=json","purl":"pkg:rpm/redhat/python3.11-execnet@2.1.2-1?arch=el8ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-execnet@2.1.2-1%3Farch=el8ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88154?format=json","purl":"pkg:rpm/redhat/python3.11-execnet@2.1.2-1?arch=el9ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-execnet@2.1.2-1%3Farch=el9ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88170?format=json","purl":"pkg:rpm/redhat/python3.11-galaxy-importer@0.4.36-2?arch=el8ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-galaxy-importer@0.4.36-2%3Farch=el8ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88211?format=json","purl":"pkg:rpm/redhat/python3.11-galaxy-importer@0.4.36-2?arch=el9ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-galaxy-importer@0.4.36-2%3Farch=el9ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88155?format=json","purl":"pkg:rpm/redhat/python3.11-galaxy-ng@4.10.10-1?arch=el8ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-galaxy-ng@4.10.10-1%3Farch=el8ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88190?format=json","purl":"pkg:rpm/redhat/python3.11-galaxy-ng@4.10.10-1?arch=el9ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-galaxy-ng@4.10.10-1%3Farch=el9ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88160?format=json","purl":"pkg:rpm/redhat/python3.11-gunicorn@23.0.0-1?arch=el8ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-gunicorn@23.0.0-1%3Farch=el8ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88196?format=json","purl":"pkg:rpm/redhat/python3.11-gunicorn@23.0.0-1?arch=el9ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-gunicorn@23.0.0-1%3Farch=el9ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88178?format=json","purl":"pkg:rpm/redhat/python3.11-pluggy@1.6.0-1?arch=el8ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-pluggy@1.6.0-1%3Farch=el8ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88203?format=json","purl":"pkg:rpm/redhat/python3.11-pluggy@1.6.0-1?arch=el9ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-pluggy@1.6.0-1%3Farch=el9ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88201?format=json","purl":"pkg:rpm/redhat/python3.11-pytest@9.0.1-1?arch=el9ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-pytest@9.0.1-1%3Farch=el9ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88163?format=json","purl":"pkg:rpm/redhat/python3.11-pytest@9.0.1-1?arch=el8ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-pytest@9.0.1-1%3Farch=el8ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88212?format=json","purl":"pkg:rpm/redhat/python3.11-pytest-ansible@25.12.0-1?arch=el8ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-pytest-ansible@25.12.0-1%3Farch=el8ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88177?format=json","purl":"pkg:rpm/redhat/python3.11-pytest-ansible@25.12.0-1?arch=el9ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-pytest-ansible@25.12.0-1%3Farch=el9ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88206?format=json","purl":"pkg:rpm/redhat/python3.11-pytest-xdist@3.8.0-1?arch=el9ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-pytest-xdist@3.8.0-1%3Farch=el9ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88191?format=json","purl":"pkg:rpm/redhat/python3.11-pytest-xdist@3.8.0-1?arch=el8ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-pytest-xdist@3.8.0-1%3Farch=el8ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88185?format=json","purl":"pkg:rpm/redhat/python3.11-ruamel-yaml-clib@0.2.15-1?arch=el9ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-ruamel-yaml-clib@0.2.15-1%3Farch=el9ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88151?format=json","purl":"pkg:rpm/redhat/python3.11-ruamel-yaml-clib@0.2.15-1?arch=el8ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-ruamel-yaml-clib@0.2.15-1%3Farch=el8ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88197?format=json","purl":"pkg:rpm/redhat/python3.11-subprocess-tee@0.4.2-1?arch=el9ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-subprocess-tee@0.4.2-1%3Farch=el9ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88164?format=json","purl":"pkg:rpm/redhat/python3.11-subprocess-tee@0.4.2-1?arch=el8ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-subprocess-tee@0.4.2-1%3Farch=el8ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88167?format=json","purl":"pkg:rpm/redhat/python3.11-tox-ansible@25.12.0-1.2?arch=el8ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-tox-ansible@25.12.0-1.2%3Farch=el8ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88202?format=json","purl":"pkg:rpm/redhat/python3.11-tox-ansible@25.12.0-1.2?arch=el9ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-tox-ansible@25.12.0-1.2%3Farch=el9ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88166?format=json","purl":"pkg:rpm/redhat/python3.11-typing-extensions@4.15.0-1?arch=el9ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-typing-extensions@4.15.0-1%3Farch=el9ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88199?format=json","purl":"pkg:rpm/redhat/python3.11-typing-extensions@4.15.0-1?arch=el8ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ahj-2e48-k3bq"},{"vulnerability":"VCID-6wx7-16zc-8qck"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-aq84-8cnz-byax"},{"vulnerability":"VCID-pvw1-t3hh-nyep"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3.11-typing-extensions@4.15.0-1%3Farch=el8ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88175?format=json","purl":"pkg:rpm/redhat/receptor@1.6.2-1?arch=el9ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/receptor@1.6.2-1%3Farch=el9ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88198?format=json","purl":"pkg:rpm/redhat/receptor@1.6.2-1?arch=el8ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/receptor@1.6.2-1%3Farch=el8ap"},{"url":"http://public2.vulnerablecode.io/api/packages/88507?format=json","purl":"pkg:rpm/redhat/receptor@1.6.2-2?arch=el9ap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qatc-a78d-8ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/receptor@1.6.2-2%3Farch=el9ap"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59530.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59530.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59530","reference_id":"","reference_type":"","scores":[{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08171","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10266","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10239","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10304","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10202","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10276","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10338","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10367","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10326","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10306","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.1018","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10153","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10286","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10259","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10203","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10152","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.1144","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11381","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11323","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11387","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11448","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11346","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59530"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59530","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59530"},{"reference_url":"https://github.com/quic-go/quic-go","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/quic-go/quic-go"},{"reference_url":"https://github.com/quic-go/quic-go/blob/v0.55.0/connection.go#L2682-L2685","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T16:31:32Z/"}],"url":"https://github.com/quic-go/quic-go/blob/v0.55.0/connection.go#L2682-L2685"},{"reference_url":"https://github.com/quic-go/quic-go/commit/bc5bccf10fd02728eef150683eb4dfaa5c0e749c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/quic-go/quic-go/commit/bc5bccf10fd02728eef150683eb4dfaa5c0e749c"},{"reference_url":"https://github.com/quic-go/quic-go/commit/ce7c9ea8834b9d2ed79efa9269467f02c0895d42","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/quic-go/quic-go/commit/ce7c9ea8834b9d2ed79efa9269467f02c0895d42"},{"reference_url":"https://github.com/quic-go/quic-go/pull/5354","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T16:31:32Z/"}],"url":"https://github.com/quic-go/quic-go/pull/5354"},{"reference_url":"https://github.com/quic-go/quic-go/security/advisories/GHSA-47m2-4cr7-mhcw","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-10T16:31:32Z/"}],"url":"https://github.com/quic-go/quic-go/security/advisories/GHSA-47m2-4cr7-mhcw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59530","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59530"},{"reference_url":"https://pkg.go.dev/vuln/GO-2025-4017","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2025-4017"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403125","reference_id":"2403125","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21706","reference_id":"RHSA-2025:21706","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21706"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21768","reference_id":"RHSA-2025:21768","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21768"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21775","reference_id":"RHSA-2025:21775","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21775"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21892","reference_id":"RHSA-2025:21892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22784","reference_id":"RHSA-2025:22784","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22784"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23069","reference_id":"RHSA-2025:23069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23131","reference_id":"RHSA-2025:23131","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23131"}],"weaknesses":[{"cwe_id":617,"name":"Reachable Assertion","description":"The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary."},{"cwe_id":755,"name":"Improper Handling of Exceptional Conditions","description":"The product does not handle or incorrectly handles an exceptional condition."}],"exploits":[],"severity_range_score":"5.3 - 8.9","exploitability":"0.5","weighted_severity":"8.0","risk_score":4.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qatc-a78d-8ufh"}