{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3616?format=json","vulnerability_id":"VCID-7jb6-q4x1-cfbw","summary":"xml_parse() DTD validation can be used to read arbitrary filesmore details","aliases":[{"alias":"CVE-2012-3489"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/72082?format=json","purl":"pkg:ebuild/dev-db/postgresql-server@9.1.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-db/postgresql-server@9.1.5"},{"url":"http://public2.vulnerablecode.io/api/packages/429?format=json","purl":"pkg:generic/postgresql@8.3.20","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/postgresql@8.3.20"},{"url":"http://public2.vulnerablecode.io/api/packages/428?format=json","purl":"pkg:generic/postgresql@8.4.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/postgresql@8.4.13"},{"url":"http://public2.vulnerablecode.io/api/packages/427?format=json","purl":"pkg:generic/postgresql@9.0.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/postgresql@9.0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/426?format=json","purl":"pkg:generic/postgresql@9.1.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/postgresql@9.1.5"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/334?format=json","purl":"pkg:generic/postgresql@8.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qsp-wvwq-j3f5"},{"vulnerability":"VCID-1uzm-h9m3-akge"},{"vulnerability":"VCID-2nve-471m-17h6"},{"vulnerability":"VCID-35a3-5eq3-8bep"},{"vulnerability":"VCID-666x-ret3-xufr"},{"vulnerability":"VCID-6dmy-t1qp-nuf3"},{"vulnerability":"VCID-6mck-xykx-yuba"},{"vulnerability":"VCID-721k-9zdg-buhv"},{"vulnerability":"VCID-7jb6-q4x1-cfbw"},{"vulnerability":"VCID-7q99-jk4u-1fen"},{"vulnerability":"VCID-811b-x31n-tfch"},{"vulnerability":"VCID-bdq4-br3j-7kb8"},{"vulnerability":"VCID-c8ch-zd9x-kufn"},{"vulnerability":"VCID-cffd-gdpc-uqeb"},{"vulnerability":"VCID-quqr-bg9k-7yb5"},{"vulnerability":"VCID-s8a2-wbb4-dyda"},{"vulnerability":"VCID-u5h4-4p6j-wbay"},{"vulnerability":"VCID-v69z-cmag-xfaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/postgresql@8.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/335?format=json","purl":"pkg:generic/postgresql@8.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1uzm-h9m3-akge"},{"vulnerability":"VCID-2nve-471m-17h6"},{"vulnerability":"VCID-35a3-5eq3-8bep"},{"vulnerability":"VCID-666x-ret3-xufr"},{"vulnerability":"VCID-6mck-xykx-yuba"},{"vulnerability":"VCID-721k-9zdg-buhv"},{"vulnerability":"VCID-7jb6-q4x1-cfbw"},{"vulnerability":"VCID-7q99-jk4u-1fen"},{"vulnerability":"VCID-811b-x31n-tfch"},{"vulnerability":"VCID-8cbh-gwwy-n3eq"},{"vulnerability":"VCID-8j4f-u2tq-1qev"},{"vulnerability":"VCID-bdq4-br3j-7kb8"},{"vulnerability":"VCID-c8ch-zd9x-kufn"},{"vulnerability":"VCID-cffd-gdpc-uqeb"},{"vulnerability":"VCID-g4tm-8zhw-a7hn"},{"vulnerability":"VCID-kbgc-w2jw-auh8"},{"vulnerability":"VCID-nz16-gzhk-h3c1"},{"vulnerability":"VCID-pvxg-byvu-pbec"},{"vulnerability":"VCID-quqr-bg9k-7yb5"},{"vulnerability":"VCID-reab-s9cu-yudn"},{"vulnerability":"VCID-s8a2-wbb4-dyda"},{"vulnerability":"VCID-u5h4-4p6j-wbay"},{"vulnerability":"VCID-ux6m-dn6j-37dc"},{"vulnerability":"VCID-v69z-cmag-xfaf"},{"vulnerability":"VCID-w518-wkek-97ag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/postgresql@8.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/267?format=json","purl":"pkg:generic/postgresql@9.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qap-rdxz-4uer"},{"vulnerability":"VCID-2nve-471m-17h6"},{"vulnerability":"VCID-35a3-5eq3-8bep"},{"vulnerability":"VCID-625c-amyd-dybm"},{"vulnerability":"VCID-666x-ret3-xufr"},{"vulnerability":"VCID-6mck-xykx-yuba"},{"vulnerability":"VCID-7jb6-q4x1-cfbw"},{"vulnerability":"VCID-7q99-jk4u-1fen"},{"vulnerability":"VCID-811b-x31n-tfch"},{"vulnerability":"VCID-8cbh-gwwy-n3eq"},{"vulnerability":"VCID-8j4f-u2tq-1qev"},{"vulnerability":"VCID-a3sh-4t1e-tbh4"},{"vulnerability":"VCID-bdq4-br3j-7kb8"},{"vulnerability":"VCID-bqag-mh3g-fqe7"},{"vulnerability":"VCID-f976-dd3s-fuc8"},{"vulnerability":"VCID-fd5z-bj21-m3a5"},{"vulnerability":"VCID-g4tm-8zhw-a7hn"},{"vulnerability":"VCID-k38h-5crc-u3hr"},{"vulnerability":"VCID-kbgc-w2jw-auh8"},{"vulnerability":"VCID-mebz-9qb7-5bd2"},{"vulnerability":"VCID-n3ka-63rx-5fgk"},{"vulnerability":"VCID-nz16-gzhk-h3c1"},{"vulnerability":"VCID-pvxg-byvu-pbec"},{"vulnerability":"VCID-quqr-bg9k-7yb5"},{"vulnerability":"VCID-raqj-ezua-skeb"},{"vulnerability":"VCID-reab-s9cu-yudn"},{"vulnerability":"VCID-ux6m-dn6j-37dc"},{"vulnerability":"VCID-w518-wkek-97ag"},{"vulnerability":"VCID-zbj3-7xug-43f6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/postgresql@9.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/249?format=json","purl":"pkg:generic/postgresql@9.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qap-rdxz-4uer"},{"vulnerability":"VCID-2nve-471m-17h6"},{"vulnerability":"VCID-35a3-5eq3-8bep"},{"vulnerability":"VCID-625c-amyd-dybm"},{"vulnerability":"VCID-6mck-xykx-yuba"},{"vulnerability":"VCID-7jb6-q4x1-cfbw"},{"vulnerability":"VCID-811b-x31n-tfch"},{"vulnerability":"VCID-8bu8-zpfv-8bgg"},{"vulnerability":"VCID-8cbh-gwwy-n3eq"},{"vulnerability":"VCID-8j4f-u2tq-1qev"},{"vulnerability":"VCID-9b6v-1bt1-dfgy"},{"vulnerability":"VCID-a3sh-4t1e-tbh4"},{"vulnerability":"VCID-bdq4-br3j-7kb8"},{"vulnerability":"VCID-bqag-mh3g-fqe7"},{"vulnerability":"VCID-f976-dd3s-fuc8"},{"vulnerability":"VCID-fd5z-bj21-m3a5"},{"vulnerability":"VCID-g4tm-8zhw-a7hn"},{"vulnerability":"VCID-k38h-5crc-u3hr"},{"vulnerability":"VCID-kbgc-w2jw-auh8"},{"vulnerability":"VCID-mebz-9qb7-5bd2"},{"vulnerability":"VCID-n3ka-63rx-5fgk"},{"vulnerability":"VCID-nz16-gzhk-h3c1"},{"vulnerability":"VCID-pvxg-byvu-pbec"},{"vulnerability":"VCID-quqr-bg9k-7yb5"},{"vulnerability":"VCID-raqj-ezua-skeb"},{"vulnerability":"VCID-reab-s9cu-yudn"},{"vulnerability":"VCID-skb5-eeak-v7hz"},{"vulnerability":"VCID-t864-ytjh-nyg1"},{"vulnerability":"VCID-ux6m-dn6j-37dc"},{"vulnerability":"VCID-w518-wkek-97ag"},{"vulnerability":"VCID-z4t8-c8vc-ayhd"},{"vulnerability":"VCID-zbj3-7xug-43f6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:generic/postgresql@9.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/125851?format=json","purl":"pkg:rpm/redhat/postgresql@8.4.13-1?arch=el6_3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7jb6-q4x1-cfbw"},{"vulnerability":"VCID-bdq4-br3j-7kb8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/postgresql@8.4.13-1%3Farch=el6_3"},{"url":"http://public2.vulnerablecode.io/api/packages/125850?format=json","purl":"pkg:rpm/redhat/postgresql84@8.4.13-1?arch=el5_8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7jb6-q4x1-cfbw"},{"vulnerability":"VCID-bdq4-br3j-7kb8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/postgresql84@8.4.13-1%3Farch=el5_8"}],"references":[{"reference_url":"http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2012-1263.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2012-1263.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3489.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3489.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3489","reference_id":"","reference_type":"","scores":[{"value":"0.00956","scoring_system":"epss","scoring_elements":"0.76627","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00956","scoring_system":"epss","scoring_elements":"0.76619","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00956","scoring_system":"epss","scoring_elements":"0.76373","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00956","scoring_system":"epss","scoring_elements":"0.76376","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00956","scoring_system":"epss","scoring_elements":"0.76406","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00956","scoring_system":"epss","scoring_elements":"0.76388","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00956","scoring_system":"epss","scoring_elements":"0.7642","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00956","scoring_system":"epss","scoring_elements":"0.76434","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00956","scoring_system":"epss","scoring_elements":"0.76459","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00956","scoring_system":"epss","scoring_elements":"0.76437","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00956","scoring_system":"epss","scoring_elements":"0.76432","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00956","scoring_system":"epss","scoring_elements":"0.76472","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00956","scoring_system":"epss","scoring_elements":"0.76477","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00956","scoring_system":"epss","scoring_elements":"0.76462","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00956","scoring_system":"epss","scoring_elements":"0.76496","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00956","scoring_system":"epss","scoring_elements":"0.76503","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00956","scoring_system":"epss","scoring_elements":"0.76515","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00956","scoring_system":"epss","scoring_elements":"0.76502","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00956","scoring_system":"epss","scoring_elements":"0.76531","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00956","scoring_system":"epss","scoring_elements":"0.76549","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00956","scoring_system":"epss","scoring_elements":"0.76537","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00956","scoring_system":"epss","scoring_elements":"0.76554","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00956","scoring_system":"epss","scoring_elements":"0.76604","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3489"},{"reference_url":"https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_postgresql2","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_postgresql2"},{"reference_url":"http://secunia.com/advisories/50635","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/50635"},{"reference_url":"http://secunia.com/advisories/50718","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/50718"},{"reference_url":"http://secunia.com/advisories/50859","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/50859"},{"reference_url":"http://secunia.com/advisories/50946","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/50946"},{"reference_url":"https://www.postgresql.org/support/security/CVE-2012-3489/","reference_id":"","reference_type":"","scores":[],"url":"https://www.postgresql.org/support/security/CVE-2012-3489/"},{"reference_url":"http://www.debian.org/security/2012/dsa-2534","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2012/dsa-2534"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2012:139","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2012:139"},{"reference_url":"http://www.postgresql.org/about/news/1407/","reference_id":"","reference_type":"","scores":[],"url":"http://www.postgresql.org/about/news/1407/"},{"reference_url":"http://www.postgresql.org/docs/8.3/static/release-8-3-20.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.postgresql.org/docs/8.3/static/release-8-3-20.html"},{"reference_url":"http://www.postgresql.org/docs/8.4/static/release-8-4-13.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.postgresql.org/docs/8.4/static/release-8-4-13.html"},{"reference_url":"http://www.postgresql.org/docs/9.0/static/release-9-0-9.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.postgresql.org/docs/9.0/static/release-9-0-9.html"},{"reference_url":"http://www.postgresql.org/docs/9.1/static/release-9-1-5.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.postgresql.org/docs/9.1/static/release-9-1-5.html"},{"reference_url":"http://www.postgresql.org/support/security/","reference_id":"","reference_type":"","scores":[],"url":"http://www.postgresql.org/support/security/"},{"reference_url":"http://www.securityfocus.com/bid/55074","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/55074"},{"reference_url":"http://www.ubuntu.com/usn/USN-1542-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-1542-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=849173","reference_id":"849173","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=849173"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:10.6.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:mac_os_x_server:10.6.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:10.6.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3489","reference_id":"CVE-2012-3489","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3489"},{"reference_url":"https://security.gentoo.org/glsa/201209-24","reference_id":"GLSA-201209-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201209-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1263","reference_id":"RHSA-2012:1263","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1263"},{"reference_url":"https://usn.ubuntu.com/1542-1/","reference_id":"USN-1542-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1542-1/"}],"weaknesses":[{"cwe_id":611,"name":"Improper Restriction of XML External Entity Reference","description":"The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output."}],"exploits":[],"severity_range_score":"4.0 - 6.5","exploitability":"0.5","weighted_severity":"5.9","risk_score":3.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7jb6-q4x1-cfbw"}