Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-h3wz-rdkt-7ue6
Summary
Jetty SslConnection does not release pooled ByteBuffers in case of errors
### Impact
`SslConnection` does not release `ByteBuffer`s in case of error code paths.
For example, TLS handshakes that require client-auth with clients that send expired certificates will trigger a TLS handshake errors and the `ByteBuffer`s used to process the TLS handshake will be leaked.

### Workarounds
Configure explicitly a `RetainableByteBufferPool` with `max[Heap|Direct]Memory` to limit the amount of memory that is leaked.
Eventually the pool will be full of "active" entries (the leaked ones) and will provide `ByteBuffer`s that will be GCed normally.

_With embedded-jetty_

``` java
int maxBucketSize = 1000;
long maxHeapMemory = 128 * 1024L * 1024L; // 128 MB
long maxDirectMemory = 128 * 1024L * 1024L; // 128 MB
RetainableByteBufferPool rbbp = new ArrayRetainableByteBufferPool(0, -1, -1, maxBucketSize, maxHeapMemory, maxDirectMemory);

server.addBean(rbbp); // make sure the ArrayRetainableByteBufferPool is added before the server is started
server.start();
```

_With jetty-home/jetty-base_

Create a `${jetty.base}/etc/retainable-byte-buffer-config.xml`

``` xml
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "https://www.eclipse.org/jetty/configure_10_0.dtd">

<Configure id="Server" class="org.eclipse.jetty.server.Server">
  <Call name="addBean">
    <Arg>
      <New class="org.eclipse.jetty.io.ArrayRetainableByteBufferPool">
        <Arg type="int"><Property name="jetty.byteBufferPool.minCapacity" default="0"/></Arg>
        <Arg type="int"><Property name="jetty.byteBufferPool.factor" default="-1"/></Arg>
        <Arg type="int"><Property name="jetty.byteBufferPool.maxCapacity" default="-1"/></Arg>
        <Arg type="int"><Property name="jetty.byteBufferPool.maxBucketSize" default="1000"/></Arg>
        <Arg type="long"><Property name="jetty.byteBufferPool.maxHeapMemory" default="128000000"/></Arg>
        <Arg type="long"><Property name="jetty.byteBufferPool.maxDirectMemory" default="128000000"/></Arg>
      </New>
    </Arg>
  </Call>
</Configure>
```

And then reference it in `${jetty.base}/start.d/retainable-byte-buffer-config.ini`

```
etc/retainable-byte-buffer-config.xml
```


### References
https://github.com/eclipse/jetty.project/issues/8161

### For more information
* Email us at [security@webtide.com](mailto:security@webtide.com)
Aliases
0
alias CVE-2022-2191
1
alias GHSA-8mpp-f3f7-xc28
Fixed_packages
0
url pkg:deb/debian/jetty9@0?distro=trixie
purl pkg:deb/debian/jetty9@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@0%3Fdistro=trixie
1
url pkg:deb/debian/jetty9@9.4.50-4%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/jetty9@9.4.50-4%2Bdeb11u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.50-4%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1?distro=trixie
purl pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1%3Fdistro=trixie
3
url pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1?distro=trixie
purl pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/jetty9@9.4.58-1?distro=trixie
purl pkg:deb/debian/jetty9@9.4.58-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.58-1%3Fdistro=trixie
5
url pkg:deb/debian/jetty9@9.4.58-2?distro=trixie
purl pkg:deb/debian/jetty9@9.4.58-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.58-2%3Fdistro=trixie
6
url pkg:maven/org.eclipse.jetty/jetty-server@10.0.10
purl pkg:maven/org.eclipse.jetty/jetty-server@10.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9xw3-4a4u-hbbb
1
vulnerability VCID-q3k2-1x5q-buhy
2
vulnerability VCID-y3mv-vmwd-tydt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@10.0.10
7
url pkg:maven/org.eclipse.jetty/jetty-server@11.0.10
purl pkg:maven/org.eclipse.jetty/jetty-server@11.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9xw3-4a4u-hbbb
1
vulnerability VCID-q3k2-1x5q-buhy
2
vulnerability VCID-y3mv-vmwd-tydt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@11.0.10
Affected_packages
0
url pkg:maven/org.eclipse.jetty/jetty-server@10.0.0
purl pkg:maven/org.eclipse.jetty/jetty-server@10.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9xw3-4a4u-hbbb
1
vulnerability VCID-gq93-ctd4-aqbp
2
vulnerability VCID-h3wz-rdkt-7ue6
3
vulnerability VCID-kxtv-ma18-8fer
4
vulnerability VCID-prd3-mmuv-n3dc
5
vulnerability VCID-q35p-8qhp-aqec
6
vulnerability VCID-q3k2-1x5q-buhy
7
vulnerability VCID-uuju-ey95-tyfq
8
vulnerability VCID-y3mv-vmwd-tydt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@10.0.0
1
url pkg:maven/org.eclipse.jetty/jetty-server@10.0.1
purl pkg:maven/org.eclipse.jetty/jetty-server@10.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9xw3-4a4u-hbbb
1
vulnerability VCID-h3wz-rdkt-7ue6
2
vulnerability VCID-kxtv-ma18-8fer
3
vulnerability VCID-prd3-mmuv-n3dc
4
vulnerability VCID-q35p-8qhp-aqec
5
vulnerability VCID-q3k2-1x5q-buhy
6
vulnerability VCID-y3mv-vmwd-tydt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@10.0.1
2
url pkg:maven/org.eclipse.jetty/jetty-server@10.0.2
purl pkg:maven/org.eclipse.jetty/jetty-server@10.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9xw3-4a4u-hbbb
1
vulnerability VCID-h3wz-rdkt-7ue6
2
vulnerability VCID-q35p-8qhp-aqec
3
vulnerability VCID-q3k2-1x5q-buhy
4
vulnerability VCID-y3mv-vmwd-tydt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@10.0.2
3
url pkg:maven/org.eclipse.jetty/jetty-server@10.0.3
purl pkg:maven/org.eclipse.jetty/jetty-server@10.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9xw3-4a4u-hbbb
1
vulnerability VCID-h3wz-rdkt-7ue6
2
vulnerability VCID-q3k2-1x5q-buhy
3
vulnerability VCID-y3mv-vmwd-tydt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@10.0.3
4
url pkg:maven/org.eclipse.jetty/jetty-server@10.0.4
purl pkg:maven/org.eclipse.jetty/jetty-server@10.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9xw3-4a4u-hbbb
1
vulnerability VCID-h3wz-rdkt-7ue6
2
vulnerability VCID-q3k2-1x5q-buhy
3
vulnerability VCID-y3mv-vmwd-tydt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@10.0.4
5
url pkg:maven/org.eclipse.jetty/jetty-server@10.0.5
purl pkg:maven/org.eclipse.jetty/jetty-server@10.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9xw3-4a4u-hbbb
1
vulnerability VCID-h3wz-rdkt-7ue6
2
vulnerability VCID-q3k2-1x5q-buhy
3
vulnerability VCID-y3mv-vmwd-tydt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@10.0.5
6
url pkg:maven/org.eclipse.jetty/jetty-server@10.0.6
purl pkg:maven/org.eclipse.jetty/jetty-server@10.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9xw3-4a4u-hbbb
1
vulnerability VCID-h3wz-rdkt-7ue6
2
vulnerability VCID-q3k2-1x5q-buhy
3
vulnerability VCID-y3mv-vmwd-tydt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@10.0.6
7
url pkg:maven/org.eclipse.jetty/jetty-server@10.0.7
purl pkg:maven/org.eclipse.jetty/jetty-server@10.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9xw3-4a4u-hbbb
1
vulnerability VCID-h3wz-rdkt-7ue6
2
vulnerability VCID-q3k2-1x5q-buhy
3
vulnerability VCID-y3mv-vmwd-tydt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@10.0.7
8
url pkg:maven/org.eclipse.jetty/jetty-server@10.0.8
purl pkg:maven/org.eclipse.jetty/jetty-server@10.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9xw3-4a4u-hbbb
1
vulnerability VCID-h3wz-rdkt-7ue6
2
vulnerability VCID-q3k2-1x5q-buhy
3
vulnerability VCID-y3mv-vmwd-tydt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@10.0.8
9
url pkg:maven/org.eclipse.jetty/jetty-server@10.0.9
purl pkg:maven/org.eclipse.jetty/jetty-server@10.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9xw3-4a4u-hbbb
1
vulnerability VCID-h3wz-rdkt-7ue6
2
vulnerability VCID-q3k2-1x5q-buhy
3
vulnerability VCID-y3mv-vmwd-tydt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@10.0.9
10
url pkg:maven/org.eclipse.jetty/jetty-server@11.0.0
purl pkg:maven/org.eclipse.jetty/jetty-server@11.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9xw3-4a4u-hbbb
1
vulnerability VCID-gq93-ctd4-aqbp
2
vulnerability VCID-h3wz-rdkt-7ue6
3
vulnerability VCID-kxtv-ma18-8fer
4
vulnerability VCID-prd3-mmuv-n3dc
5
vulnerability VCID-q35p-8qhp-aqec
6
vulnerability VCID-q3k2-1x5q-buhy
7
vulnerability VCID-uuju-ey95-tyfq
8
vulnerability VCID-y3mv-vmwd-tydt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@11.0.0
11
url pkg:maven/org.eclipse.jetty/jetty-server@11.0.1
purl pkg:maven/org.eclipse.jetty/jetty-server@11.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9xw3-4a4u-hbbb
1
vulnerability VCID-h3wz-rdkt-7ue6
2
vulnerability VCID-kxtv-ma18-8fer
3
vulnerability VCID-prd3-mmuv-n3dc
4
vulnerability VCID-q35p-8qhp-aqec
5
vulnerability VCID-q3k2-1x5q-buhy
6
vulnerability VCID-y3mv-vmwd-tydt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@11.0.1
12
url pkg:maven/org.eclipse.jetty/jetty-server@11.0.2
purl pkg:maven/org.eclipse.jetty/jetty-server@11.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9xw3-4a4u-hbbb
1
vulnerability VCID-h3wz-rdkt-7ue6
2
vulnerability VCID-q35p-8qhp-aqec
3
vulnerability VCID-q3k2-1x5q-buhy
4
vulnerability VCID-y3mv-vmwd-tydt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@11.0.2
13
url pkg:maven/org.eclipse.jetty/jetty-server@11.0.3
purl pkg:maven/org.eclipse.jetty/jetty-server@11.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9xw3-4a4u-hbbb
1
vulnerability VCID-h3wz-rdkt-7ue6
2
vulnerability VCID-q3k2-1x5q-buhy
3
vulnerability VCID-y3mv-vmwd-tydt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@11.0.3
14
url pkg:maven/org.eclipse.jetty/jetty-server@11.0.4
purl pkg:maven/org.eclipse.jetty/jetty-server@11.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9xw3-4a4u-hbbb
1
vulnerability VCID-h3wz-rdkt-7ue6
2
vulnerability VCID-q3k2-1x5q-buhy
3
vulnerability VCID-y3mv-vmwd-tydt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@11.0.4
15
url pkg:maven/org.eclipse.jetty/jetty-server@11.0.5
purl pkg:maven/org.eclipse.jetty/jetty-server@11.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9xw3-4a4u-hbbb
1
vulnerability VCID-h3wz-rdkt-7ue6
2
vulnerability VCID-q3k2-1x5q-buhy
3
vulnerability VCID-y3mv-vmwd-tydt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@11.0.5
16
url pkg:maven/org.eclipse.jetty/jetty-server@11.0.6
purl pkg:maven/org.eclipse.jetty/jetty-server@11.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9xw3-4a4u-hbbb
1
vulnerability VCID-h3wz-rdkt-7ue6
2
vulnerability VCID-q3k2-1x5q-buhy
3
vulnerability VCID-y3mv-vmwd-tydt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@11.0.6
17
url pkg:maven/org.eclipse.jetty/jetty-server@11.0.7
purl pkg:maven/org.eclipse.jetty/jetty-server@11.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9xw3-4a4u-hbbb
1
vulnerability VCID-h3wz-rdkt-7ue6
2
vulnerability VCID-q3k2-1x5q-buhy
3
vulnerability VCID-y3mv-vmwd-tydt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@11.0.7
18
url pkg:maven/org.eclipse.jetty/jetty-server@11.0.8
purl pkg:maven/org.eclipse.jetty/jetty-server@11.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9xw3-4a4u-hbbb
1
vulnerability VCID-h3wz-rdkt-7ue6
2
vulnerability VCID-q3k2-1x5q-buhy
3
vulnerability VCID-y3mv-vmwd-tydt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@11.0.8
19
url pkg:maven/org.eclipse.jetty/jetty-server@11.0.9
purl pkg:maven/org.eclipse.jetty/jetty-server@11.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9xw3-4a4u-hbbb
1
vulnerability VCID-h3wz-rdkt-7ue6
2
vulnerability VCID-q3k2-1x5q-buhy
3
vulnerability VCID-y3mv-vmwd-tydt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@11.0.9
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2191.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2191.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2191
reference_id
reference_type
scores
0
value 0.00659
scoring_system epss
scoring_elements 0.71144
published_at 2026-05-05T12:55:00Z
1
value 0.00659
scoring_system epss
scoring_elements 0.7116
published_at 2026-04-29T12:55:00Z
2
value 0.00659
scoring_system epss
scoring_elements 0.71157
published_at 2026-04-26T12:55:00Z
3
value 0.00659
scoring_system epss
scoring_elements 0.71148
published_at 2026-04-24T12:55:00Z
4
value 0.00659
scoring_system epss
scoring_elements 0.71091
published_at 2026-04-21T12:55:00Z
5
value 0.00659
scoring_system epss
scoring_elements 0.71111
published_at 2026-04-18T12:55:00Z
6
value 0.00659
scoring_system epss
scoring_elements 0.71104
published_at 2026-04-16T12:55:00Z
7
value 0.00659
scoring_system epss
scoring_elements 0.71057
published_at 2026-04-13T12:55:00Z
8
value 0.00659
scoring_system epss
scoring_elements 0.71074
published_at 2026-04-12T12:55:00Z
9
value 0.00659
scoring_system epss
scoring_elements 0.7109
published_at 2026-04-11T12:55:00Z
10
value 0.00659
scoring_system epss
scoring_elements 0.71066
published_at 2026-04-09T12:55:00Z
11
value 0.00659
scoring_system epss
scoring_elements 0.71052
published_at 2026-04-08T12:55:00Z
12
value 0.00659
scoring_system epss
scoring_elements 0.71017
published_at 2026-04-02T12:55:00Z
13
value 0.00659
scoring_system epss
scoring_elements 0.71009
published_at 2026-04-07T12:55:00Z
14
value 0.00659
scoring_system epss
scoring_elements 0.71034
published_at 2026-04-04T12:55:00Z
15
value 0.01286
scoring_system epss
scoring_elements 0.7981
published_at 2026-05-14T12:55:00Z
16
value 0.01286
scoring_system epss
scoring_elements 0.79745
published_at 2026-05-07T12:55:00Z
17
value 0.01286
scoring_system epss
scoring_elements 0.79763
published_at 2026-05-09T12:55:00Z
18
value 0.01286
scoring_system epss
scoring_elements 0.79758
published_at 2026-05-11T12:55:00Z
19
value 0.01286
scoring_system epss
scoring_elements 0.79771
published_at 2026-05-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2191
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/eclipse/jetty.project
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse/jetty.project
4
reference_url https://github.com/eclipse/jetty.project/issues/8161
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse/jetty.project/issues/8161
5
reference_url https://github.com/eclipse/jetty.project/security/advisories/GHSA-8mpp-f3f7-xc28
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse/jetty.project/security/advisories/GHSA-8mpp-f3f7-xc28
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2191
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-2191
7
reference_url https://security.netapp.com/advisory/ntap-20220909-0003
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220909-0003
8
reference_url https://security.netapp.com/advisory/ntap-20220909-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220909-0003/
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2116953
reference_id 2116953
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2116953
10
reference_url https://github.com/advisories/GHSA-8mpp-f3f7-xc28
reference_id GHSA-8mpp-f3f7-xc28
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8mpp-f3f7-xc28
11
reference_url https://access.redhat.com/errata/RHSA-2023:0189
reference_id RHSA-2023:0189
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0189
Weaknesses
0
cwe_id 404
name Improper Resource Shutdown or Release
description The product does not release or incorrectly releases a resource before it is made available for re-use.
1
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score7.0 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-h3wz-rdkt-7ue6