{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79515?format=json","vulnerability_id":"VCID-fnc6-wbe2-g3an","summary":"security update","aliases":[{"alias":"CVE-2022-26847"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/362253?format=json","purl":"pkg:deb/debian/spip@3.2.11-3%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/spip@3.2.11-3%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/362233?format=json","purl":"pkg:deb/debian/spip@3.2.11-3%2Bdeb11u10?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16ur-bz47-tbhf"},{"vulnerability":"VCID-1rpa-1a47-4kdh"},{"vulnerability":"VCID-2dud-ys3n-aqeq"},{"vulnerability":"VCID-2vt3-2dn9-qud9"},{"vulnerability":"VCID-63dn-uysy-5qd7"},{"vulnerability":"VCID-7vzq-9sk8-3fc4"},{"vulnerability":"VCID-83k3-y2y7-t3dn"},{"vulnerability":"VCID-88hp-dkae-1khj"},{"vulnerability":"VCID-au53-rjar-yqdz"},{"vulnerability":"VCID-f8jh-sgsn-mqgr"},{"vulnerability":"VCID-gffw-8mya-xyhb"},{"vulnerability":"VCID-hcqm-dw7s-v7cc"},{"vulnerability":"VCID-kufx-hnax-77hg"},{"vulnerability":"VCID-qbcv-7zaj-u7hw"},{"vulnerability":"VCID-ybb8-uf41-uyg8"},{"vulnerability":"VCID-zu4w-61q8-1uaz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/spip@3.2.11-3%252Bdeb11u10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/362254?format=json","purl":"pkg:deb/debian/spip@4.0.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/spip@4.0.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/362236?format=json","purl":"pkg:deb/debian/spip@4.4.13%2Bdfsg-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/spip@4.4.13%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/362235?format=json","purl":"pkg:deb/debian/spip@4.4.15%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/spip@4.4.15%252Bdfsg-1%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371360?format=json","purl":"pkg:composer/spip/spip@4.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4cyj-m5c1-sffs"},{"vulnerability":"VCID-4pjp-c9f8-zkcj"},{"vulnerability":"VCID-fnc6-wbe2-g3an"},{"vulnerability":"VCID-h1cb-yt3w-1kb2"},{"vulnerability":"VCID-p199-bctb-zkev"},{"vulnerability":"VCID-tyxs-va7p-9qbp"},{"vulnerability":"VCID-vtuw-zz4n-tked"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/spip/spip@4.0.0"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26847","reference_id":"","reference_type":"","scores":[{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.61116","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26847"},{"reference_url":"https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html","reference_id":"","reference_type":"","scores":[],"url":"https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26846","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26846"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26847","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26847"},{"reference_url":"https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2","reference_id":"","reference_type":"","scores":[],"url":"https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00020.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00020.html"},{"reference_url":"https://lists.debian.org/debian-security-announce/2022/msg00060.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-security-announce/2022/msg00060.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-26847","reference_id":"CVE-2022-26847","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-26847"},{"reference_url":"https://usn.ubuntu.com/5482-1/","reference_id":"USN-5482-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5482-1/"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":200,"name":"Exposure of Sensitive Information to an Unauthorized Actor","description":"The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fnc6-wbe2-g3an"}