{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53496?format=json","vulnerability_id":"VCID-532v-5mum-qkdf","summary":"decode-uri-component vulnerable to Denial of Service (DoS)\ndecode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS.","aliases":[{"alias":"CVE-2022-38900"},{"alias":"GHSA-w573-4hg7-7wgq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55810?format=json","purl":"pkg:npm/decode-uri-component@0.2.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/decode-uri-component@0.2.1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/343179?format=json","purl":"pkg:npm/decode-uri-component@0.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-532v-5mum-qkdf"},{"vulnerability":"VCID-cn44-fsrw-kudb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/decode-uri-component@0.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/97524?format=json","purl":"pkg:rpm/redhat/pcs@0.11.6-3?arch=el9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-532v-5mum-qkdf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/pcs@0.11.6-3%3Farch=el9"},{"url":"http://public2.vulnerablecode.io/api/packages/97024?format=json","purl":"pkg:rpm/redhat/rh-nodejs14@3.6-2?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-532v-5mum-qkdf"},{"vulnerability":"VCID-5vh6-usw6-2qhy"},{"vulnerability":"VCID-7nnu-jtjx-u3ff"},{"vulnerability":"VCID-hnjv-fp2r-vqfq"},{"vulnerability":"VCID-m78y-81wr-y3cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-nodejs14@3.6-2%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/97025?format=json","purl":"pkg:rpm/redhat/rh-nodejs14-nodejs@14.21.3-2?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-532v-5mum-qkdf"},{"vulnerability":"VCID-5vh6-usw6-2qhy"},{"vulnerability":"VCID-7nnu-jtjx-u3ff"},{"vulnerability":"VCID-hnjv-fp2r-vqfq"},{"vulnerability":"VCID-m78y-81wr-y3cz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-nodejs14-nodejs@14.21.3-2%3Farch=el7"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38900.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38900.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-38900","reference_id":"","reference_type":"","scores":[{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.64043","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63992","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63965","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63999","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63951","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63907","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63934","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63908","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63918","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63936","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63924","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.69681","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.69687","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.69741","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.69754","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.69769","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.69748","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.69731","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.69704","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-38900"},{"reference_url":"https://github.com/SamVerschueren/decode-uri-component","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/SamVerschueren/decode-uri-component"},{"reference_url":"https://github.com/SamVerschueren/decode-uri-component/commit/746ca5dcb6667c5d364e782d53c542830e4c10b9","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/SamVerschueren/decode-uri-component/commit/746ca5dcb6667c5d364e782d53c542830e4c10b9"},{"reference_url":"https://github.com/SamVerschueren/decode-uri-component/issues/5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T19:49:56Z/"}],"url":"https://github.com/SamVerschueren/decode-uri-component/issues/5"},{"reference_url":"https://github.com/SamVerschueren/decode-uri-component/releases/tag/v0.2.1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/SamVerschueren/decode-uri-component/releases/tag/v0.2.1"},{"reference_url":"https://github.com/sindresorhus/query-string/issues/345","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T19:49:56Z/"}],"url":"https://github.com/sindresorhus/query-string/issues/345"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QABOUA2I542UTANVZIVFKWMRYVHLV32D","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QABOUA2I542UTANVZIVFKWMRYVHLV32D"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QABOUA2I542UTANVZIVFKWMRYVHLV32D/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QABOUA2I542UTANVZIVFKWMRYVHLV32D/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW4SCMT3SEUFVIL7YIADQ5K36GJEO6I5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW4SCMT3SEUFVIL7YIADQ5K36GJEO6I5"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW4SCMT3SEUFVIL7YIADQ5K36GJEO6I5/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW4SCMT3SEUFVIL7YIADQ5K36GJEO6I5/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-38900","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-38900"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170644","reference_id":"2170644","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170644"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM/","reference_id":"ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T19:49:56Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM/"},{"reference_url":"https://github.com/advisories/GHSA-w573-4hg7-7wgq","reference_id":"GHSA-w573-4hg7-7wgq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w573-4hg7-7wgq"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375/","reference_id":"KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T19:49:56Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QABOUA2I542UTANVZIVFKWMRYVHLV32D/","reference_id":"QABOUA2I542UTANVZIVFKWMRYVHLV32D","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T19:49:56Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QABOUA2I542UTANVZIVFKWMRYVHLV32D/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1428","reference_id":"RHSA-2023:1428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1533","reference_id":"RHSA-2023:1533","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1533"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1742","reference_id":"RHSA-2023:1742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1742"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1743","reference_id":"RHSA-2023:1743","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1743"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1744","reference_id":"RHSA-2023:1744","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1744"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3742","reference_id":"RHSA-2023:3742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3742"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4983","reference_id":"RHSA-2023:4983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6316","reference_id":"RHSA-2023:6316","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6316"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW4SCMT3SEUFVIL7YIADQ5K36GJEO6I5/","reference_id":"UW4SCMT3SEUFVIL7YIADQ5K36GJEO6I5","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T19:49:56Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW4SCMT3SEUFVIL7YIADQ5K36GJEO6I5/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU/","reference_id":"VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T19:49:56Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU/"}],"weaknesses":[{"cwe_id":20,"name":"Improper Input Validation","description":"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":"0.5","weighted_severity":"8.0","risk_score":4.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-532v-5mum-qkdf"}