{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79469?format=json","vulnerability_id":"VCID-cqby-hxsb-skgm","summary":"java-11-openj9,java-1_8_0-openj9: unverified methods can be invoked using MethodHandles","aliases":[{"alias":"CVE-2021-41041"}],"fixed_packages":[],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/99054?format=json","purl":"pkg:rpm/redhat/java-1.8.0-ibm@1:1.8.0.7.10-1?arch=el8_6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1d6t-ndfc-m7hg"},{"vulnerability":"VCID-cqby-hxsb-skgm"},{"vulnerability":"VCID-he8f-erpk-sqh8"},{"vulnerability":"VCID-y5qu-j3wt-wuej"},{"vulnerability":"VCID-zh9v-47ue-p7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/java-1.8.0-ibm@1:1.8.0.7.10-1%3Farch=el8_6"},{"url":"http://public2.vulnerablecode.io/api/packages/99053?format=json","purl":"pkg:rpm/redhat/java-1.8.0-ibm@1:1.8.0.7.10-1jpp.1?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1d6t-ndfc-m7hg"},{"vulnerability":"VCID-cqby-hxsb-skgm"},{"vulnerability":"VCID-he8f-erpk-sqh8"},{"vulnerability":"VCID-y5qu-j3wt-wuej"},{"vulnerability":"VCID-zh9v-47ue-p7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/java-1.8.0-ibm@1:1.8.0.7.10-1jpp.1%3Farch=el7"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41041.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41041.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41041","reference_id":"","reference_type":"","scores":[{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21872","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22035","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22087","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23433","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23504","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23553","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23571","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23528","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23474","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23488","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.2348","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23459","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23274","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23263","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23253","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41041"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2080954","reference_id":"2080954","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2080954"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4959","reference_id":"RHSA-2022:4959","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4959"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5837","reference_id":"RHSA-2022:5837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5837"}],"weaknesses":[{"cwe_id":252,"name":"Unchecked Return Value","description":"The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions."},{"cwe_id":843,"name":"Access of Resource Using Incompatible Type ('Type Confusion')","description":"The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type."},{"cwe_id":908,"name":"Use of Uninitialized Resource","description":"The product uses or accesses a resource that has not been initialized."}],"exploits":[],"severity_range_score":"5.3 - 5.3","exploitability":"0.5","weighted_severity":"4.8","risk_score":2.4,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cqby-hxsb-skgm"}