{"resultsPerPage":6,"startIndex":0,"totalResults":6,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-27T21:46:29.011","vulnerabilities":[{"cve":{"id":"CVE-2023-26314","sourceIdentifier":"cve@mitre.org","published":"2023-02-22T07:15:10.900","lastModified":"2026-05-20T02:16:34.933","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter."},{"lang":"es","value":"El paquete mono anterior a 6.8.0.105+dfsg-3.3 para Debian permite la ejecución de código arbitrario porque el tipo MIME application/x-ms-dos-executable está asociado con un intérprete Mono CLR un-sandboxed."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mono-project:mono:5.18.0.240\\+dfsg-3:*:*:*:*:*:*:*","matchCriteriaId":"84F44FDC-98EA-4A66-8317-6F2F1EE42460"},{"vulnerable":true,"criteria":"cpe:2.3:a:mono-project:mono:6.8.0.105\\+dfsg-3:*:*:*:*:*:*:*","matchCriteriaId":"C03D54BC-10BC-4694-9488-6260F82E6D78"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}]}]}],"references":[{"url":"https://bugs.debian.org/972146","source":"cve@mitre.org","tags":["Mailing List","Mitigation"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00037.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://www.openwall.com/lists/oss-security/2023/01/05/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/19/2","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2026/05/19/41","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugs.debian.org/972146","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Mitigation"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00037.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://www.openwall.com/lists/oss-security/2023/01/05/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2025-15070","sourceIdentifier":"09832df1-09c1-45b4-8a85-16c601d30feb","published":"2025-12-29T06:15:51.947","lastModified":"2026-05-20T02:16:35.200","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization vulnerability in Gmission Web Fax allows Authentication Abuse.\n\nThis issue affects Web Fax: from 3.0 before 3.0.1"}],"metrics":{"cvssMetricV40":[{"source":"09832df1-09c1-45b4-8a85-16c601d30feb","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"09832df1-09c1-45b4-8a85-16c601d30feb","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"09832df1-09c1-45b4-8a85-16c601d30feb","type":"Secondary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gmission:web_fax:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0","versionEndExcluding":"4.0","matchCriteriaId":"F9565554-68AD-41A7-91BE-29B70C13B9D9"}]}]}],"references":[{"url":"https://www.gmission.co.kr/fax1","source":"09832df1-09c1-45b4-8a85-16c601d30feb","tags":["Product"]}]}},{"cve":{"id":"CVE-2026-23956","sourceIdentifier":"security-advisories@github.com","published":"2026-01-22T02:15:52.310","lastModified":"2026-05-20T02:16:35.403","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 0.2.0 through 1.4.0, overriding RegExp serialization with extremely large patterns can exhaust JavaScript runtime memory during deserialization. Additionally, overriding RegExp serialization with patterns that trigger catastrophic backtracking can lead to ReDoS (Regular Expression Denial of Service). This issue has been fixed in version 1.4.1."},{"lang":"es","value":"seroval facilita la serialización de valores JS, incluyendo estructuras complejas que van más allá de las capacidades de JSON.stringify. En las versiones 1.4.0 y anteriores, la anulación de la serialización de RegExp con patrones extremadamente grandes puede agotar la memoria en tiempo de ejecución de JavaScript durante la deserialización. Además, la anulación de la serialización de RegExp con patrones que desencadenan un retroceso catastrófico puede conducir a ReDoS (Denegación de Servicio por Expresiones Regulares). Este problema ha sido solucionado en la versión 1.4.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1333"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lxsmnsyc:seroval:*:*:*:*:*:node.js:*:*","versionEndExcluding":"1.4.1","matchCriteriaId":"85760E40-9AB1-40EB-98A1-D1A4411AAFC5"}]}]}],"references":[{"url":"https://github.com/lxsmnsyc/seroval/blob/v0.2.0/packages/seroval/src/index.ts#L90","source":"security-advisories@github.com"},{"url":"https://github.com/lxsmnsyc/seroval/commit/ce9408ebc87312fcad345a73c172212f2a798060","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/lxsmnsyc/seroval/security/advisories/GHSA-hx9m-jf43-8ffr","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40175","sourceIdentifier":"security-advisories@github.com","published":"2026-04-10T20:16:22.800","lastModified":"2026-05-20T02:16:35.730","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Axios is a promise based HTTP client for the browser and Node.js. Versions prior to 1.15.0 and 0.3.1 are vulnerable to a specific gadget-style attack chain in which prototype pollution in a third-party dependency may be leveraged to inject unsanitized header values into outbound requests. This vulnerability is fixed in 1.15.0 and 0.3.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":2.5}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-113"},{"lang":"en","value":"CWE-444"},{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*","versionEndExcluding":"0.31.0","matchCriteriaId":"E420AFD0-4C1B-4C44-A578-D6B90BF40F08"},{"vulnerable":true,"criteria":"cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"1.15.0","matchCriteriaId":"E0DF6CEE-CC97-4C5F-A81B-6F1A6D77D4CC"}]}]}],"references":[{"url":"https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/axios/axios/pull/10660","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/axios/axios/pull/10688","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/axios/axios/releases/tag/v0.31.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/axios/axios/releases/tag/v1.15.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/axios/axios/pull/10660#issuecomment-4224168081","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-876049.html","source":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e"}]}},{"cve":{"id":"CVE-2026-41179","sourceIdentifier":"security-advisories@github.com","published":"2026-04-23T00:16:45.947","lastModified":"2026-05-20T02:16:35.920","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint `operations/fsinfo` is exposed without `AuthRequired: true` and accepts attacker-controlled `fs` input. Because `rc.GetFs(...)` supports inline backend definitions, an unauthenticated attacker can instantiate an attacker-controlled backend on demand. For the WebDAV backend, `bearer_token_command` is executed during backend initialization, making single-request unauthenticated local command execution possible on reachable RC deployments without global HTTP authentication. Version 1.73.5 patches the issue."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"},{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rclone:rclone:*:*:*:*:*:*:*:*","versionStartIncluding":"1.48.0","versionEndExcluding":"1.73.5","matchCriteriaId":"AEA122B4-E0D6-48C3-AA33-72E3BAD0FF5C"}]}]}],"references":[{"url":"https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/backend/webdav/webdav.go","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/operations/rc.go","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/rc/cache.go","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/rclone/rclone/commit/2a9e952b38e03a96bf40c9eb6e8e22199865ee3b","source":"security-advisories@github.com"},{"url":"https://github.com/rclone/rclone/releases/tag/v1.73.5","source":"security-advisories@github.com"},{"url":"https://github.com/rclone/rclone/security/advisories/GHSA-jfwf-28xr-xw6q","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://rclone.org/changelog/#v1-73-5-2026-04-19","source":"security-advisories@github.com"},{"url":"https://github.com/rclone/rclone/security/advisories/GHSA-jfwf-28xr-xw6q","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41205","sourceIdentifier":"security-advisories@github.com","published":"2026-04-23T19:17:29.270","lastModified":"2026-05-20T02:16:36.087","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal when a URI starts with // (e.g., //../../../secret.txt). The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be returned as rendered template content when an application passes untrusted input directly to TemplateLookup.get_template(). This vulnerability is fixed in 1.3.11."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sqlalchemy:mako:*:*:*:*:*:*:*:*","versionEndExcluding":"1.3.11","matchCriteriaId":"2653BBE1-C0D8-4375-8CC0-B7713D560924"}]}]}],"references":[{"url":"https://github.com/sqlalchemy/mako/commit/e05ac61989a7fb9dd7dcde6cfd72dc48328719a3","source":"security-advisories@github.com"},{"url":"https://github.com/sqlalchemy/mako/releases/tag/rel_1_3_11","source":"security-advisories@github.com"},{"url":"https://github.com/sqlalchemy/mako/security/advisories/GHSA-v92g-xgxw-vvmm","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}}]}