{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6197?format=json","vulnerability_id":"VCID-jeu8-p6h8-8ffx","summary":"It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.","aliases":[{"alias":"CVE-2020-25658"},{"alias":"GHSA-xrx6-fmxq-rjj2"},{"alias":"PYSEC-2020-100"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/14017?format=json","purl":"pkg:pypi/rsa@4.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rsa@4.7"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/569561?format=json","purl":"pkg:pypi/rsa@2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jeu8-p6h8-8ffx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rsa@2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/4141?format=json","purl":"pkg:pypi/rsa@3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f4rp-ce4j-xkd3"},{"vulnerability":"VCID-jeu8-p6h8-8ffx"},{"vulnerability":"VCID-nqxh-d5pz-tuc1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rsa@3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/4142?format=json","purl":"pkg:pypi/rsa@3.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f4rp-ce4j-xkd3"},{"vulnerability":"VCID-jeu8-p6h8-8ffx"},{"vulnerability":"VCID-nqxh-d5pz-tuc1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rsa@3.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/4143?format=json","purl":"pkg:pypi/rsa@3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f4rp-ce4j-xkd3"},{"vulnerability":"VCID-jeu8-p6h8-8ffx"},{"vulnerability":"VCID-nqxh-d5pz-tuc1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rsa@3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/4144?format=json","purl":"pkg:pypi/rsa@3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f4rp-ce4j-xkd3"},{"vulnerability":"VCID-jeu8-p6h8-8ffx"},{"vulnerability":"VCID-nqxh-d5pz-tuc1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rsa@3.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/4145?format=json","purl":"pkg:pypi/rsa@3.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f4rp-ce4j-xkd3"},{"vulnerability":"VCID-jeu8-p6h8-8ffx"},{"vulnerability":"VCID-nqxh-d5pz-tuc1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rsa@3.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/4146?format=json","purl":"pkg:pypi/rsa@3.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f4rp-ce4j-xkd3"},{"vulnerability":"VCID-jeu8-p6h8-8ffx"},{"vulnerability":"VCID-nqxh-d5pz-tuc1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rsa@3.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/4147?format=json","purl":"pkg:pypi/rsa@3.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f4rp-ce4j-xkd3"},{"vulnerability":"VCID-jeu8-p6h8-8ffx"},{"vulnerability":"VCID-nqxh-d5pz-tuc1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rsa@3.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/4148?format=json","purl":"pkg:pypi/rsa@3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f4rp-ce4j-xkd3"},{"vulnerability":"VCID-jeu8-p6h8-8ffx"},{"vulnerability":"VCID-nqxh-d5pz-tuc1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rsa@3.2"},{"url":"http://public2.vulnerablecode.io/api/packages/4149?format=json","purl":"pkg:pypi/rsa@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f4rp-ce4j-xkd3"},{"vulnerability":"VCID-jeu8-p6h8-8ffx"},{"vulnerability":"VCID-nqxh-d5pz-tuc1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rsa@3.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/4150?format=json","purl":"pkg:pypi/rsa@3.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f4rp-ce4j-xkd3"},{"vulnerability":"VCID-jeu8-p6h8-8ffx"},{"vulnerability":"VCID-nqxh-d5pz-tuc1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rsa@3.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/4151?format=json","purl":"pkg:pypi/rsa@3.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f4rp-ce4j-xkd3"},{"vulnerability":"VCID-jeu8-p6h8-8ffx"},{"vulnerability":"VCID-nqxh-d5pz-tuc1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rsa@3.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/4152?format=json","purl":"pkg:pypi/rsa@3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f4rp-ce4j-xkd3"},{"vulnerability":"VCID-jeu8-p6h8-8ffx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rsa@3.3"},{"url":"http://public2.vulnerablecode.io/api/packages/11549?format=json","purl":"pkg:pypi/rsa@3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f4rp-ce4j-xkd3"},{"vulnerability":"VCID-jeu8-p6h8-8ffx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rsa@3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/11550?format=json","purl":"pkg:pypi/rsa@3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f4rp-ce4j-xkd3"},{"vulnerability":"VCID-jeu8-p6h8-8ffx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rsa@3.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/11551?format=json","purl":"pkg:pypi/rsa@3.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f4rp-ce4j-xkd3"},{"vulnerability":"VCID-jeu8-p6h8-8ffx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rsa@3.4.2"},{"url":"http://public2.vulnerablecode.io/api/packages/11552?format=json","purl":"pkg:pypi/rsa@4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f4rp-ce4j-xkd3"},{"vulnerability":"VCID-jeu8-p6h8-8ffx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rsa@4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/11553?format=json","purl":"pkg:pypi/rsa@4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jeu8-p6h8-8ffx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rsa@4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/14010?format=json","purl":"pkg:pypi/rsa@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jeu8-p6h8-8ffx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rsa@4.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/14011?format=json","purl":"pkg:pypi/rsa@4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jeu8-p6h8-8ffx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rsa@4.2"},{"url":"http://public2.vulnerablecode.io/api/packages/14012?format=json","purl":"pkg:pypi/rsa@4.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jeu8-p6h8-8ffx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rsa@4.3"},{"url":"http://public2.vulnerablecode.io/api/packages/14013?format=json","purl":"pkg:pypi/rsa@4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jeu8-p6h8-8ffx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rsa@4.4"},{"url":"http://public2.vulnerablecode.io/api/packages/14014?format=json","purl":"pkg:pypi/rsa@4.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jeu8-p6h8-8ffx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rsa@4.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/14015?format=json","purl":"pkg:pypi/rsa@4.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jeu8-p6h8-8ffx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rsa@4.5"},{"url":"http://public2.vulnerablecode.io/api/packages/14016?format=json","purl":"pkg:pypi/rsa@4.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jeu8-p6h8-8ffx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/rsa@4.6"},{"url":"http://public2.vulnerablecode.io/api/packages/101415?format=json","purl":"pkg:rpm/redhat/python-rsa@4.5-3?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jeu8-p6h8-8ffx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-rsa@4.5-3%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/98699?format=json","purl":"pkg:rpm/redhat/python-rsa@4.7-1?arch=el8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jeu8-p6h8-8ffx"},{"vulnerability":"VCID-x63z-bjr8-j7d7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-rsa@4.7-1%3Farch=el8"},{"url":"http://public2.vulnerablecode.io/api/packages/101416?format=json","purl":"pkg:rpm/redhat/python-rsa@4.8-1?arch=el8cp","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jeu8-p6h8-8ffx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-rsa@4.8-1%3Farch=el8cp"}],"references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5634","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:5634"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0637","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2021:0637"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1716","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2022:1716"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25658.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25658.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2020-25658","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2020-25658"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25658","reference_id":"","reference_type":"","scores":[{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34696","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34303","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34681","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34641","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34407","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34388","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48884","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48876","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48901","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48888","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48833","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.4888","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48854","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48818","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25658"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1889972","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1889972"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25658","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25658"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-xrx6-fmxq-rjj2","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xrx6-fmxq-rjj2"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/rsa/PYSEC-2020-100.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/rsa/PYSEC-2020-100.yaml"},{"reference_url":"https://github.com/sybrenstuvel/python-rsa","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sybrenstuvel/python-rsa"},{"reference_url":"https://github.com/sybrenstuvel/python-rsa/commit/dae8ce0d85478e16f2368b2341632775313d41ed","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sybrenstuvel/python-rsa/commit/dae8ce0d85478e16f2368b2341632775313d41ed"},{"reference_url":"https://github.com/sybrenstuvel/python-rsa/issues/165","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sybrenstuvel/python-rsa/issues/165"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJP","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJP","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25658","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25658"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974685","reference_id":"974685","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974685"}],"weaknesses":[{"cwe_id":327,"name":"Use of a Broken or Risky Cryptographic Algorithm","description":"The product uses a broken or risky cryptographic algorithm or protocol."},{"cwe_id":385,"name":"Covert Timing Channel","description":"Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":"5.9 - 8.9","exploitability":"0.5","weighted_severity":"8.0","risk_score":4.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jeu8-p6h8-8ffx"}