Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/52164?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52164?format=api", "vulnerability_id": "VCID-7rfx-9car-wkcs", "summary": "jsoup may not sanitize code injection XSS attempts if SafeList.preserveRelativeLinks is enabled\njsoup may incorrectly sanitize HTML including `javascript:` URL expressions, which could allow cross-site scripting (XSS) attacks when a reader subsequently clicks that link. If the non-default `SafeList.preserveRelativeLinks` option is enabled, HTML including `javascript:` URLs that have been crafted with control characters will not be sanitized. If the site that this HTML is published on does not set a Content Security Policy, an XSS attack is then possible.\n\n### Impact\nSites that accept input HTML from users and use jsoup to sanitize that HTML, may be vulnerable to cross-site scripting (XSS) attacks, if they have enabled `SafeList.preserveRelativeLinks` and do not set an appropriate Content Security Policy.\n\n### Patches\nThis issue is patched in jsoup 1.15.3.\n\nUsers should upgrade to this version. Additionally, as the unsanitized input may have been persisted, old content should be cleaned again using the updated version.\n\n### Workarounds\nTo remediate this issue without immediately upgrading:\n\n- disable `SafeList.preserveRelativeLinks`, which will rewrite input URLs as absolute URLs\n- ensure an appropriate [Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) is defined. (This should be used regardless of upgrading, as a defence-in-depth best practice.)\n\n### Background and root cause\njsoup includes a [Cleaner](https://jsoup.org/apidocs/org/jsoup/safety/Cleaner.html) component, which is designed to [sanitize input HTML](https://jsoup.org/cookbook/cleaning-html/safelist-sanitizer) against configurable safe-lists of acceptable tags, attributes, and attribute values.\n\nThis includes removing potentially malicious attributes such as `<a href=\"javascript:...\">`, which may enable XSS attacks. It does this by validating URL attributes against allowed URL protocols (e.g. `http`, `https`).\n\nHowever, an attacker may be able to bypass this check by embedding control characters into the href attribute value. This causes the Java URL class, which is used to resolve relative URLs to absolute URLs before checking the URL's protocol, to treat the URL as a relative URL. It is then resolved into an absolute URL with the configured base URI.\n\nFor example, `java\\tscript:...` would resolve to `https://example.com/java\\tscript:...`.\n\nBy default, when using a safe-list that allows `a` tags, jsoup will rewrite any relative URLs (e.g. `/foo/`) to an absolute URL (e.g. `https://example.com/foo/`). Therefore, this attack attempt would be successfully mitigated. However, if the option [SafeList.preserveRelativeLinks](https://jsoup.org/apidocs/org/jsoup/safety/Safelist.html#preserveRelativeLinks(boolean)) is enabled (which does not rewrite relative links to absolute), the input is left as-is.\n\nWhile Java will treat a path like `java\\tscript:` as a relative path, as it does not match the allowed characters of a URL spec, browsers may normalize out the control characters, and subsequently evaluate it as a `javascript:` spec inline expression. That disparity then leads to an XSS opportunity.\n\nSites defining a Content Security Policy that does not allow javascript expressions in link URLs will not be impacted, as the policy will prevent the script's execution.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [jsoup](https://github.com/jhy/jsoup)\n* Email the author of jsoup at [jonathan@hedley.net](mailto:jonathan@hedley.net)\n\n### Credits\nThanks to Jens Häderer, who reported this issue, and contributed to its resolution.", "aliases": [ { "alias": "CVE-2022-36033" }, { "alias": "GHSA-gp7f-rwcx-9369" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994763?format=api", "purl": "pkg:deb/debian/jsoup@1.15.3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/jsoup@1.15.3-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/926024?format=api", "purl": "pkg:deb/debian/jsoup@1.15.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/jsoup@1.15.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/80007?format=api", "purl": "pkg:maven/org.jsoup/jsoup@1.15.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@1.15.3" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/926026?format=api", "purl": "pkg:deb/debian/jsoup@1.10.2-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rxk-nhwr-ffad" }, { "vulnerability": "VCID-7rfx-9car-wkcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/jsoup@1.10.2-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/994762?format=api", "purl": "pkg:deb/debian/jsoup@1.10.2-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rxk-nhwr-ffad" }, { "vulnerability": "VCID-7rfx-9car-wkcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/jsoup@1.10.2-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/258368?format=api", "purl": "pkg:maven/org.jsoup/jsoup@0.2.1b", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rxk-nhwr-ffad" }, { "vulnerability": "VCID-7rfx-9car-wkcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@0.2.1b" }, { "url": "http://public2.vulnerablecode.io/api/packages/258369?format=api", "purl": "pkg:maven/org.jsoup/jsoup@0.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rxk-nhwr-ffad" }, { "vulnerability": "VCID-7rfx-9car-wkcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@0.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/258370?format=api", "purl": "pkg:maven/org.jsoup/jsoup@0.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rxk-nhwr-ffad" }, { "vulnerability": "VCID-7rfx-9car-wkcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@0.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/258371?format=api", "purl": "pkg:maven/org.jsoup/jsoup@1.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rxk-nhwr-ffad" }, { "vulnerability": "VCID-7rfx-9car-wkcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@1.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/258372?format=api", "purl": "pkg:maven/org.jsoup/jsoup@1.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rxk-nhwr-ffad" }, { "vulnerability": "VCID-7rfx-9car-wkcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@1.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/258373?format=api", "purl": "pkg:maven/org.jsoup/jsoup@1.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rxk-nhwr-ffad" }, { "vulnerability": "VCID-7rfx-9car-wkcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@1.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/258374?format=api", "purl": "pkg:maven/org.jsoup/jsoup@1.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rxk-nhwr-ffad" }, { "vulnerability": "VCID-7rfx-9car-wkcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@1.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/258375?format=api", "purl": "pkg:maven/org.jsoup/jsoup@1.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rxk-nhwr-ffad" }, { "vulnerability": "VCID-7rfx-9car-wkcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@1.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/258376?format=api", "purl": "pkg:maven/org.jsoup/jsoup@1.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rxk-nhwr-ffad" }, { "vulnerability": "VCID-7rfx-9car-wkcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@1.3.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/258377?format=api", "purl": "pkg:maven/org.jsoup/jsoup@1.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rxk-nhwr-ffad" }, { "vulnerability": "VCID-7rfx-9car-wkcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@1.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/258378?format=api", "purl": "pkg:maven/org.jsoup/jsoup@1.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rxk-nhwr-ffad" }, { "vulnerability": "VCID-7rfx-9car-wkcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@1.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/258379?format=api", "purl": "pkg:maven/org.jsoup/jsoup@1.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rxk-nhwr-ffad" }, { "vulnerability": "VCID-7rfx-9car-wkcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@1.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/258380?format=api", "purl": "pkg:maven/org.jsoup/jsoup@1.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rxk-nhwr-ffad" }, { "vulnerability": "VCID-7rfx-9car-wkcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@1.5.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/54112?format=api", "purl": "pkg:maven/org.jsoup/jsoup@1.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rxk-nhwr-ffad" }, { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-v8c6-w47r-6bcg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@1.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/258381?format=api", "purl": "pkg:maven/org.jsoup/jsoup@1.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rxk-nhwr-ffad" }, { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-v8c6-w47r-6bcg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@1.6.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/258382?format=api", "purl": "pkg:maven/org.jsoup/jsoup@1.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rxk-nhwr-ffad" }, { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-v8c6-w47r-6bcg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@1.6.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/258383?format=api", "purl": "pkg:maven/org.jsoup/jsoup@1.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rxk-nhwr-ffad" }, { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-v8c6-w47r-6bcg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@1.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/258384?format=api", "purl": "pkg:maven/org.jsoup/jsoup@1.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rxk-nhwr-ffad" }, { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-v8c6-w47r-6bcg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@1.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/258385?format=api", "purl": "pkg:maven/org.jsoup/jsoup@1.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rxk-nhwr-ffad" }, { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-v8c6-w47r-6bcg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@1.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/258386?format=api", "purl": "pkg:maven/org.jsoup/jsoup@1.7.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rxk-nhwr-ffad" }, { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-v8c6-w47r-6bcg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@1.7.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/258387?format=api", "purl": "pkg:maven/org.jsoup/jsoup@1.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rxk-nhwr-ffad" }, { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-v8c6-w47r-6bcg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@1.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/54114?format=api", "purl": "pkg:maven/org.jsoup/jsoup@1.8.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rxk-nhwr-ffad" }, { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-v8c6-w47r-6bcg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@1.8.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/54116?format=api", "purl": "pkg:maven/org.jsoup/jsoup@1.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rxk-nhwr-ffad" }, { "vulnerability": "VCID-7rfx-9car-wkcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@1.8.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/258388?format=api", "purl": "pkg:maven/org.jsoup/jsoup@1.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rxk-nhwr-ffad" }, { "vulnerability": "VCID-7rfx-9car-wkcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@1.9.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/258389?format=api", "purl": "pkg:maven/org.jsoup/jsoup@1.9.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rxk-nhwr-ffad" }, { "vulnerability": "VCID-7rfx-9car-wkcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@1.9.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/258390?format=api", "purl": "pkg:maven/org.jsoup/jsoup@1.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rxk-nhwr-ffad" }, { "vulnerability": "VCID-7rfx-9car-wkcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@1.10.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/258391?format=api", "purl": "pkg:maven/org.jsoup/jsoup@1.10.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rxk-nhwr-ffad" }, { "vulnerability": "VCID-7rfx-9car-wkcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@1.10.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/258392?format=api", "purl": "pkg:maven/org.jsoup/jsoup@1.10.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rxk-nhwr-ffad" }, { "vulnerability": "VCID-7rfx-9car-wkcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@1.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/258393?format=api", "purl": "pkg:maven/org.jsoup/jsoup@1.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rxk-nhwr-ffad" }, { "vulnerability": "VCID-7rfx-9car-wkcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@1.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/258394?format=api", "purl": "pkg:maven/org.jsoup/jsoup@1.11.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rxk-nhwr-ffad" }, { "vulnerability": "VCID-7rfx-9car-wkcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@1.11.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/258395?format=api", "purl": "pkg:maven/org.jsoup/jsoup@1.11.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rxk-nhwr-ffad" }, { "vulnerability": "VCID-7rfx-9car-wkcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@1.11.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/258396?format=api", "purl": "pkg:maven/org.jsoup/jsoup@1.12.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rxk-nhwr-ffad" }, { "vulnerability": "VCID-7rfx-9car-wkcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@1.12.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/258397?format=api", "purl": "pkg:maven/org.jsoup/jsoup@1.12.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rxk-nhwr-ffad" }, { "vulnerability": "VCID-7rfx-9car-wkcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@1.12.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/258398?format=api", "purl": "pkg:maven/org.jsoup/jsoup@1.13.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rxk-nhwr-ffad" }, { "vulnerability": "VCID-7rfx-9car-wkcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@1.13.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/258399?format=api", "purl": "pkg:maven/org.jsoup/jsoup@1.14.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rxk-nhwr-ffad" }, { "vulnerability": "VCID-7rfx-9car-wkcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@1.14.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/38185?format=api", "purl": "pkg:maven/org.jsoup/jsoup@1.14.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@1.14.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/326616?format=api", "purl": "pkg:maven/org.jsoup/jsoup@1.14.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@1.14.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/326617?format=api", "purl": "pkg:maven/org.jsoup/jsoup@1.15.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@1.15.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/326618?format=api", "purl": "pkg:maven/org.jsoup/jsoup@1.15.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jsoup/jsoup@1.15.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/93387?format=api", "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.24-1.Final_redhat_00001.1?arch=el8eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-ftf5-r1db-9qfq" }, { "vulnerability": "VCID-mssa-dgz3-w7fh" }, { "vulnerability": "VCID-rfs8-njaq-qkc8" }, { "vulnerability": "VCID-wfmh-pkck-yfb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-hal-console@3.3.24-1.Final_redhat_00001.1%3Farch=el8eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/93381?format=api", "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.24-1.Final_redhat_00001.1?arch=el7eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-ftf5-r1db-9qfq" }, { "vulnerability": "VCID-mssa-dgz3-w7fh" }, { "vulnerability": "VCID-rfs8-njaq-qkc8" }, { "vulnerability": "VCID-wfmh-pkck-yfb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-hal-console@3.3.24-1.Final_redhat_00001.1%3Farch=el7eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/93375?format=api", "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.24-1.Final_redhat_00001.1?arch=el9eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-ftf5-r1db-9qfq" }, { "vulnerability": "VCID-mssa-dgz3-w7fh" }, { "vulnerability": "VCID-rfs8-njaq-qkc8" }, { "vulnerability": "VCID-wfmh-pkck-yfb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-hal-console@3.3.24-1.Final_redhat_00001.1%3Farch=el9eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/93385?format=api", "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-2.SP1_redhat_00001.1?arch=el8eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-ftf5-r1db-9qfq" }, { "vulnerability": "VCID-mssa-dgz3-w7fh" }, { "vulnerability": "VCID-rfs8-njaq-qkc8" }, { "vulnerability": "VCID-wfmh-pkck-yfb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-2.SP1_redhat_00001.1%3Farch=el8eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/93363?format=api", "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-2.SP1_redhat_00001.1?arch=el9eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-ftf5-r1db-9qfq" }, { "vulnerability": "VCID-mssa-dgz3-w7fh" }, { "vulnerability": "VCID-rfs8-njaq-qkc8" }, { "vulnerability": "VCID-wfmh-pkck-yfb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-2.SP1_redhat_00001.1%3Farch=el9eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/93372?format=api", "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-2.SP1_redhat_00001.1?arch=el7eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-ftf5-r1db-9qfq" }, { "vulnerability": "VCID-mssa-dgz3-w7fh" }, { "vulnerability": "VCID-rfs8-njaq-qkc8" }, { "vulnerability": "VCID-wfmh-pkck-yfb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-2.SP1_redhat_00001.1%3Farch=el7eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/93365?format=api", "purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.3-1.redhat_00001.1?arch=el7eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-ftf5-r1db-9qfq" }, { "vulnerability": "VCID-mssa-dgz3-w7fh" }, { "vulnerability": "VCID-rfs8-njaq-qkc8" }, { "vulnerability": "VCID-wfmh-pkck-yfb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-insights-java-client@1.1.3-1.redhat_00001.1%3Farch=el7eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/93370?format=api", "purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.3-1.redhat_00001.1?arch=el8eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-ftf5-r1db-9qfq" }, { "vulnerability": "VCID-mssa-dgz3-w7fh" }, { "vulnerability": "VCID-rfs8-njaq-qkc8" }, { "vulnerability": "VCID-wfmh-pkck-yfb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-insights-java-client@1.1.3-1.redhat_00001.1%3Farch=el8eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/93392?format=api", "purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.3-1.redhat_00001.1?arch=el9eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-ftf5-r1db-9qfq" }, { "vulnerability": "VCID-mssa-dgz3-w7fh" }, { "vulnerability": "VCID-rfs8-njaq-qkc8" }, { "vulnerability": "VCID-wfmh-pkck-yfb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-insights-java-client@1.1.3-1.redhat_00001.1%3Farch=el9eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/93384?format=api", "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.18-1.Final_redhat_00001.1?arch=el8eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-ftf5-r1db-9qfq" }, { "vulnerability": "VCID-mssa-dgz3-w7fh" }, { "vulnerability": "VCID-rfs8-njaq-qkc8" }, { "vulnerability": "VCID-wfmh-pkck-yfb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-ironjacamar@1.5.18-1.Final_redhat_00001.1%3Farch=el8eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/93389?format=api", "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.18-1.Final_redhat_00001.1?arch=el9eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-ftf5-r1db-9qfq" }, { "vulnerability": "VCID-mssa-dgz3-w7fh" }, { "vulnerability": "VCID-rfs8-njaq-qkc8" }, { "vulnerability": "VCID-wfmh-pkck-yfb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-ironjacamar@1.5.18-1.Final_redhat_00001.1%3Farch=el9eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/93359?format=api", "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.18-1.Final_redhat_00001.1?arch=el7eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-ftf5-r1db-9qfq" }, { "vulnerability": "VCID-mssa-dgz3-w7fh" }, { "vulnerability": "VCID-rfs8-njaq-qkc8" }, { "vulnerability": "VCID-wfmh-pkck-yfb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-ironjacamar@1.5.18-1.Final_redhat_00001.1%3Farch=el7eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/93357?format=api", "purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.3-1.redhat_00001.1?arch=el8eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-ftf5-r1db-9qfq" }, { "vulnerability": "VCID-mssa-dgz3-w7fh" }, { "vulnerability": "VCID-rfs8-njaq-qkc8" }, { "vulnerability": "VCID-wfmh-pkck-yfb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.3-1.redhat_00001.1%3Farch=el8eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/93380?format=api", "purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.3-1.redhat_00001.1?arch=el7eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-ftf5-r1db-9qfq" }, { "vulnerability": "VCID-mssa-dgz3-w7fh" }, { "vulnerability": "VCID-rfs8-njaq-qkc8" }, { "vulnerability": "VCID-wfmh-pkck-yfb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.3-1.redhat_00001.1%3Farch=el7eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/93368?format=api", "purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.3-1.redhat_00001.1?arch=el9eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-ftf5-r1db-9qfq" }, { "vulnerability": "VCID-mssa-dgz3-w7fh" }, { "vulnerability": "VCID-rfs8-njaq-qkc8" }, { "vulnerability": "VCID-wfmh-pkck-yfb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.3-1.redhat_00001.1%3Farch=el9eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/93376?format=api", "purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.55-1.Final_redhat_00001.1?arch=el8eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-ftf5-r1db-9qfq" }, { "vulnerability": "VCID-mssa-dgz3-w7fh" }, { "vulnerability": "VCID-rfs8-njaq-qkc8" }, { "vulnerability": "VCID-wfmh-pkck-yfb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.55-1.Final_redhat_00001.1%3Farch=el8eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/93360?format=api", "purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.55-1.Final_redhat_00001.1?arch=el7eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-ftf5-r1db-9qfq" }, { "vulnerability": "VCID-mssa-dgz3-w7fh" }, { "vulnerability": "VCID-rfs8-njaq-qkc8" }, { "vulnerability": "VCID-wfmh-pkck-yfb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.55-1.Final_redhat_00001.1%3Farch=el7eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/93388?format=api", "purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.55-1.Final_redhat_00001.1?arch=el9eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-ftf5-r1db-9qfq" }, { "vulnerability": "VCID-mssa-dgz3-w7fh" }, { "vulnerability": "VCID-rfs8-njaq-qkc8" }, { "vulnerability": "VCID-wfmh-pkck-yfb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.55-1.Final_redhat_00001.1%3Farch=el9eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/93377?format=api", "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-39.Final_redhat_00039.1?arch=el9eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-ftf5-r1db-9qfq" }, { "vulnerability": "VCID-mssa-dgz3-w7fh" }, { "vulnerability": "VCID-rfs8-njaq-qkc8" }, { "vulnerability": "VCID-wfmh-pkck-yfb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-39.Final_redhat_00039.1%3Farch=el9eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/93373?format=api", "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-39.Final_redhat_00039.1?arch=el8eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-ftf5-r1db-9qfq" }, { "vulnerability": "VCID-mssa-dgz3-w7fh" }, { "vulnerability": "VCID-rfs8-njaq-qkc8" }, { "vulnerability": "VCID-wfmh-pkck-yfb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-39.Final_redhat_00039.1%3Farch=el8eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/93386?format=api", "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-39.Final_redhat_00039.1?arch=el7eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-ftf5-r1db-9qfq" }, { "vulnerability": "VCID-mssa-dgz3-w7fh" }, { "vulnerability": "VCID-rfs8-njaq-qkc8" }, { "vulnerability": "VCID-wfmh-pkck-yfb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-39.Final_redhat_00039.1%3Farch=el7eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/93374?format=api", "purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.12-1.Final_redhat_00001.1?arch=el9eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-ftf5-r1db-9qfq" }, { "vulnerability": "VCID-mssa-dgz3-w7fh" }, { "vulnerability": "VCID-rfs8-njaq-qkc8" }, { "vulnerability": "VCID-wfmh-pkck-yfb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-jbossws-cxf@5.4.12-1.Final_redhat_00001.1%3Farch=el9eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/93358?format=api", "purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.12-1.Final_redhat_00001.1?arch=el8eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-ftf5-r1db-9qfq" }, { "vulnerability": "VCID-mssa-dgz3-w7fh" }, { "vulnerability": "VCID-rfs8-njaq-qkc8" }, { "vulnerability": "VCID-wfmh-pkck-yfb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-jbossws-cxf@5.4.12-1.Final_redhat_00001.1%3Farch=el8eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/93382?format=api", "purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.12-1.Final_redhat_00001.1?arch=el7eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-ftf5-r1db-9qfq" }, { "vulnerability": "VCID-mssa-dgz3-w7fh" }, { "vulnerability": "VCID-rfs8-njaq-qkc8" }, { "vulnerability": "VCID-wfmh-pkck-yfb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-jbossws-cxf@5.4.12-1.Final_redhat_00001.1%3Farch=el7eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/93367?format=api", "purl": "pkg:rpm/redhat/eap7-jsoup@1.15.4-1.redhat_00003.1?arch=el8eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-ftf5-r1db-9qfq" }, { "vulnerability": "VCID-mssa-dgz3-w7fh" }, { "vulnerability": "VCID-rfs8-njaq-qkc8" }, { "vulnerability": "VCID-wfmh-pkck-yfb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-jsoup@1.15.4-1.redhat_00003.1%3Farch=el8eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/93390?format=api", "purl": "pkg:rpm/redhat/eap7-jsoup@1.15.4-1.redhat_00003.1?arch=el9eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-ftf5-r1db-9qfq" }, { "vulnerability": "VCID-mssa-dgz3-w7fh" }, { "vulnerability": "VCID-rfs8-njaq-qkc8" }, { "vulnerability": "VCID-wfmh-pkck-yfb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-jsoup@1.15.4-1.redhat_00003.1%3Farch=el9eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/93362?format=api", "purl": "pkg:rpm/redhat/eap7-jsoup@1.15.4-1.redhat_00003.1?arch=el7eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-ftf5-r1db-9qfq" }, { "vulnerability": "VCID-mssa-dgz3-w7fh" }, { "vulnerability": "VCID-rfs8-njaq-qkc8" }, { "vulnerability": "VCID-wfmh-pkck-yfb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-jsoup@1.15.4-1.redhat_00003.1%3Farch=el7eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/93379?format=api", "purl": "pkg:rpm/redhat/eap7-undertow-jastow@2.0.15-1.Final_redhat_00001.1?arch=el7eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-ftf5-r1db-9qfq" }, { "vulnerability": "VCID-mssa-dgz3-w7fh" }, { "vulnerability": "VCID-rfs8-njaq-qkc8" }, { "vulnerability": "VCID-wfmh-pkck-yfb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-undertow-jastow@2.0.15-1.Final_redhat_00001.1%3Farch=el7eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/93366?format=api", "purl": "pkg:rpm/redhat/eap7-undertow-jastow@2.0.15-1.Final_redhat_00001.1?arch=el8eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-ftf5-r1db-9qfq" }, { "vulnerability": "VCID-mssa-dgz3-w7fh" }, { "vulnerability": "VCID-rfs8-njaq-qkc8" }, { "vulnerability": "VCID-wfmh-pkck-yfb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-undertow-jastow@2.0.15-1.Final_redhat_00001.1%3Farch=el8eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/93371?format=api", "purl": "pkg:rpm/redhat/eap7-undertow-jastow@2.0.15-1.Final_redhat_00001.1?arch=el9eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-ftf5-r1db-9qfq" }, { "vulnerability": "VCID-mssa-dgz3-w7fh" }, { "vulnerability": "VCID-rfs8-njaq-qkc8" }, { "vulnerability": "VCID-wfmh-pkck-yfb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-undertow-jastow@2.0.15-1.Final_redhat_00001.1%3Farch=el9eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/93361?format=api", "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.19-1.GA_redhat_00002.1?arch=el8eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-ftf5-r1db-9qfq" }, { "vulnerability": "VCID-mssa-dgz3-w7fh" }, { "vulnerability": "VCID-rfs8-njaq-qkc8" }, { "vulnerability": "VCID-wfmh-pkck-yfb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-wildfly@7.4.19-1.GA_redhat_00002.1%3Farch=el8eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/93391?format=api", "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.19-1.GA_redhat_00002.1?arch=el7eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-ftf5-r1db-9qfq" }, { "vulnerability": "VCID-mssa-dgz3-w7fh" }, { "vulnerability": "VCID-rfs8-njaq-qkc8" }, { "vulnerability": "VCID-wfmh-pkck-yfb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-wildfly@7.4.19-1.GA_redhat_00002.1%3Farch=el7eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/93383?format=api", "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.19-1.GA_redhat_00002.1?arch=el9eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-ftf5-r1db-9qfq" }, { "vulnerability": "VCID-mssa-dgz3-w7fh" }, { "vulnerability": "VCID-rfs8-njaq-qkc8" }, { "vulnerability": "VCID-wfmh-pkck-yfb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-wildfly@7.4.19-1.GA_redhat_00002.1%3Farch=el9eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/93364?format=api", "purl": "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-37.redhat_00015.1?arch=el8eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-ftf5-r1db-9qfq" }, { "vulnerability": "VCID-mssa-dgz3-w7fh" }, { "vulnerability": "VCID-rfs8-njaq-qkc8" }, { "vulnerability": "VCID-wfmh-pkck-yfb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-xalan-j2@2.7.1-37.redhat_00015.1%3Farch=el8eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/93378?format=api", "purl": "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-37.redhat_00015.1?arch=el9eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-ftf5-r1db-9qfq" }, { "vulnerability": "VCID-mssa-dgz3-w7fh" }, { "vulnerability": "VCID-rfs8-njaq-qkc8" }, { "vulnerability": "VCID-wfmh-pkck-yfb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-xalan-j2@2.7.1-37.redhat_00015.1%3Farch=el9eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/93369?format=api", "purl": "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-37.redhat_00015.1?arch=el7eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7rfx-9car-wkcs" }, { "vulnerability": "VCID-ftf5-r1db-9qfq" }, { "vulnerability": "VCID-mssa-dgz3-w7fh" }, { "vulnerability": "VCID-rfs8-njaq-qkc8" }, { "vulnerability": "VCID-wfmh-pkck-yfb3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-xalan-j2@2.7.1-37.redhat_00015.1%3Farch=el7eap" } ], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36033.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36033.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36033", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01637", "scoring_system": "epss", "scoring_elements": "0.82121", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.01637", "scoring_system": "epss", "scoring_elements": "0.8208", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.01637", "scoring_system": "epss", "scoring_elements": "0.82064", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.01637", "scoring_system": "epss", "scoring_elements": "0.81943", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01637", "scoring_system": "epss", "scoring_elements": "0.81961", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01637", "scoring_system": "epss", "scoring_elements": "0.81925", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01637", "scoring_system": "epss", "scoring_elements": "0.81894", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01637", "scoring_system": "epss", "scoring_elements": "0.8189", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01637", "scoring_system": "epss", "scoring_elements": "0.81916", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01637", "scoring_system": "epss", "scoring_elements": "0.81923", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01637", "scoring_system": "epss", "scoring_elements": "0.8193", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01637", "scoring_system": "epss", "scoring_elements": "0.82067", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01637", "scoring_system": "epss", "scoring_elements": "0.82042", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01637", "scoring_system": "epss", "scoring_elements": "0.82021", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01637", "scoring_system": "epss", "scoring_elements": "0.82003", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01637", "scoring_system": "epss", "scoring_elements": "0.81997", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01637", "scoring_system": "epss", "scoring_elements": "0.81871", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01637", "scoring_system": "epss", "scoring_elements": "0.81986", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01637", "scoring_system": "epss", "scoring_elements": "0.81963", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36033" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36033", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36033" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/jhy/jsoup", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jhy/jsoup" }, { "reference_url": "https://github.com/jhy/jsoup/releases/tag/jsoup-1.15.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:44:56Z/" } ], "url": "https://github.com/jhy/jsoup/releases/tag/jsoup-1.15.3" }, { "reference_url": "https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:44:56Z/" } ], "url": "https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369" }, { "reference_url": "https://jsoup.org/news/release-1.15.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:44:56Z/" } ], "url": "https://jsoup.org/news/release-1.15.3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36033", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36033" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20221104-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20221104-0006" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20221104-0006/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:44:56Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20221104-0006/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018931", "reference_id": "1018931", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018931" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127078", "reference_id": "2127078", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127078" }, { "reference_url": "https://github.com/advisories/GHSA-gp7f-rwcx-9369", "reference_id": "GHSA-gp7f-rwcx-9369", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gp7f-rwcx-9369" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6656", "reference_id": "RHSA-2024:6656", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6656" } ], "weaknesses": [ { "cwe_id": 79, "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "description": "The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 87, "name": "Improper Neutralization of Alternate XSS Syntax", "description": "The product does not neutralize or incorrectly neutralizes user-controlled input for alternate script syntax." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": "0.5", "weighted_severity": "6.2", "risk_score": 3.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7rfx-9car-wkcs" }