csaf_suse - suse-su-2025:02212-1

suse-su-2025:02212-1

Vulnerability from csaf_suse

Published

2025-07-02 16:37

Modified

2025-07-02 16:37

Summary

Security update for libsoup

Notes

Title of the patch

Security update for libsoup

Description of the patch

This update for libsoup fixes the following issues: - CVE-2025-4945: Add value checks for date/time parsing (bsc#1243314).

Patchnames

SUSE-2025-2212,SUSE-SUSE-MicroOS-5.2-2025-2212

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for libsoup",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for libsoup fixes the following issues:\n\n- CVE-2025-4945: Add value checks for date/time parsing (bsc#1243314).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2025-2212,SUSE-SUSE-MicroOS-5.2-2025-2212",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02212-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:02212-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502212-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:02212-1",
        "url": "https://lists.suse.com/pipermail/sle-updates/2025-July/040598.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243314",
        "url": "https://bugzilla.suse.com/1243314"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-4945 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-4945/"
      }
    ],
    "title": "Security update for libsoup",
    "tracking": {
      "current_release_date": "2025-07-02T16:37:54Z",
      "generator": {
        "date": "2025-07-02T16:37:54Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:02212-1",
      "initial_release_date": "2025-07-02T16:37:54Z",
      "revision_history": [
        {
          "date": "2025-07-02T16:37:54Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libsoup-2_4-1-2.68.4-150200.4.12.1.aarch64",
                "product": {
                  "name": "libsoup-2_4-1-2.68.4-150200.4.12.1.aarch64",
                  "product_id": "libsoup-2_4-1-2.68.4-150200.4.12.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libsoup-devel-2.68.4-150200.4.12.1.aarch64",
                "product": {
                  "name": "libsoup-devel-2.68.4-150200.4.12.1.aarch64",
                  "product_id": "libsoup-devel-2.68.4-150200.4.12.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-Soup-2_4-2.68.4-150200.4.12.1.aarch64",
                "product": {
                  "name": "typelib-1_0-Soup-2_4-2.68.4-150200.4.12.1.aarch64",
                  "product_id": "typelib-1_0-Soup-2_4-2.68.4-150200.4.12.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libsoup-2_4-1-64bit-2.68.4-150200.4.12.1.aarch64_ilp32",
                "product": {
                  "name": "libsoup-2_4-1-64bit-2.68.4-150200.4.12.1.aarch64_ilp32",
                  "product_id": "libsoup-2_4-1-64bit-2.68.4-150200.4.12.1.aarch64_ilp32"
                }
              },
              {
                "category": "product_version",
                "name": "libsoup-devel-64bit-2.68.4-150200.4.12.1.aarch64_ilp32",
                "product": {
                  "name": "libsoup-devel-64bit-2.68.4-150200.4.12.1.aarch64_ilp32",
                  "product_id": "libsoup-devel-64bit-2.68.4-150200.4.12.1.aarch64_ilp32"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64_ilp32"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libsoup-2_4-1-2.68.4-150200.4.12.1.i586",
                "product": {
                  "name": "libsoup-2_4-1-2.68.4-150200.4.12.1.i586",
                  "product_id": "libsoup-2_4-1-2.68.4-150200.4.12.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libsoup-devel-2.68.4-150200.4.12.1.i586",
                "product": {
                  "name": "libsoup-devel-2.68.4-150200.4.12.1.i586",
                  "product_id": "libsoup-devel-2.68.4-150200.4.12.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-Soup-2_4-2.68.4-150200.4.12.1.i586",
                "product": {
                  "name": "typelib-1_0-Soup-2_4-2.68.4-150200.4.12.1.i586",
                  "product_id": "typelib-1_0-Soup-2_4-2.68.4-150200.4.12.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libsoup-lang-2.68.4-150200.4.12.1.noarch",
                "product": {
                  "name": "libsoup-lang-2.68.4-150200.4.12.1.noarch",
                  "product_id": "libsoup-lang-2.68.4-150200.4.12.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libsoup-2_4-1-2.68.4-150200.4.12.1.ppc64le",
                "product": {
                  "name": "libsoup-2_4-1-2.68.4-150200.4.12.1.ppc64le",
                  "product_id": "libsoup-2_4-1-2.68.4-150200.4.12.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libsoup-devel-2.68.4-150200.4.12.1.ppc64le",
                "product": {
                  "name": "libsoup-devel-2.68.4-150200.4.12.1.ppc64le",
                  "product_id": "libsoup-devel-2.68.4-150200.4.12.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-Soup-2_4-2.68.4-150200.4.12.1.ppc64le",
                "product": {
                  "name": "typelib-1_0-Soup-2_4-2.68.4-150200.4.12.1.ppc64le",
                  "product_id": "typelib-1_0-Soup-2_4-2.68.4-150200.4.12.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libsoup-2_4-1-2.68.4-150200.4.12.1.s390x",
                "product": {
                  "name": "libsoup-2_4-1-2.68.4-150200.4.12.1.s390x",
                  "product_id": "libsoup-2_4-1-2.68.4-150200.4.12.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libsoup-devel-2.68.4-150200.4.12.1.s390x",
                "product": {
                  "name": "libsoup-devel-2.68.4-150200.4.12.1.s390x",
                  "product_id": "libsoup-devel-2.68.4-150200.4.12.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-Soup-2_4-2.68.4-150200.4.12.1.s390x",
                "product": {
                  "name": "typelib-1_0-Soup-2_4-2.68.4-150200.4.12.1.s390x",
                  "product_id": "typelib-1_0-Soup-2_4-2.68.4-150200.4.12.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libsoup-2_4-1-2.68.4-150200.4.12.1.x86_64",
                "product": {
                  "name": "libsoup-2_4-1-2.68.4-150200.4.12.1.x86_64",
                  "product_id": "libsoup-2_4-1-2.68.4-150200.4.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libsoup-2_4-1-32bit-2.68.4-150200.4.12.1.x86_64",
                "product": {
                  "name": "libsoup-2_4-1-32bit-2.68.4-150200.4.12.1.x86_64",
                  "product_id": "libsoup-2_4-1-32bit-2.68.4-150200.4.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libsoup-devel-2.68.4-150200.4.12.1.x86_64",
                "product": {
                  "name": "libsoup-devel-2.68.4-150200.4.12.1.x86_64",
                  "product_id": "libsoup-devel-2.68.4-150200.4.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libsoup-devel-32bit-2.68.4-150200.4.12.1.x86_64",
                "product": {
                  "name": "libsoup-devel-32bit-2.68.4-150200.4.12.1.x86_64",
                  "product_id": "libsoup-devel-32bit-2.68.4-150200.4.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-Soup-2_4-2.68.4-150200.4.12.1.x86_64",
                "product": {
                  "name": "typelib-1_0-Soup-2_4-2.68.4-150200.4.12.1.x86_64",
                  "product_id": "typelib-1_0-Soup-2_4-2.68.4-150200.4.12.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Micro 5.2",
                "product": {
                  "name": "SUSE Linux Enterprise Micro 5.2",
                  "product_id": "SUSE Linux Enterprise Micro 5.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-microos:5.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup-2_4-1-2.68.4-150200.4.12.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
          "product_id": "SUSE Linux Enterprise Micro 5.2:libsoup-2_4-1-2.68.4-150200.4.12.1.aarch64"
        },
        "product_reference": "libsoup-2_4-1-2.68.4-150200.4.12.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup-2_4-1-2.68.4-150200.4.12.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
          "product_id": "SUSE Linux Enterprise Micro 5.2:libsoup-2_4-1-2.68.4-150200.4.12.1.s390x"
        },
        "product_reference": "libsoup-2_4-1-2.68.4-150200.4.12.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libsoup-2_4-1-2.68.4-150200.4.12.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
          "product_id": "SUSE Linux Enterprise Micro 5.2:libsoup-2_4-1-2.68.4-150200.4.12.1.x86_64"
        },
        "product_reference": "libsoup-2_4-1-2.68.4-150200.4.12.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-4945",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-4945"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.2:libsoup-2_4-1-2.68.4-150200.4.12.1.aarch64",
          "SUSE Linux Enterprise Micro 5.2:libsoup-2_4-1-2.68.4-150200.4.12.1.s390x",
          "SUSE Linux Enterprise Micro 5.2:libsoup-2_4-1-2.68.4-150200.4.12.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-4945",
          "url": "https://www.suse.com/security/cve/CVE-2025-4945"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243314 for CVE-2025-4945",
          "url": "https://bugzilla.suse.com/1243314"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.2:libsoup-2_4-1-2.68.4-150200.4.12.1.aarch64",
            "SUSE Linux Enterprise Micro 5.2:libsoup-2_4-1-2.68.4-150200.4.12.1.s390x",
            "SUSE Linux Enterprise Micro 5.2:libsoup-2_4-1-2.68.4-150200.4.12.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.2:libsoup-2_4-1-2.68.4-150200.4.12.1.aarch64",
            "SUSE Linux Enterprise Micro 5.2:libsoup-2_4-1-2.68.4-150200.4.12.1.s390x",
            "SUSE Linux Enterprise Micro 5.2:libsoup-2_4-1-2.68.4-150200.4.12.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-02T16:37:54Z",
          "details": "low"
        }
      ],
      "title": "CVE-2025-4945"
    }
  ]
}

CVE-2025-4945 (GCVE-0-2025-4945)

Vulnerability from cvelistv5

Published

2025-05-19 17:03

Modified

2025-07-30 17:50

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-190 - Integer Overflow or Wraparound

Summary

A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines.

References

▼	URL	Tags
	https://access.redhat.com/security/cve/CVE-2025-4945	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2367175	issue-tracking, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

▼

Version: 0 ≤ 3.6.5

Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4945",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-20T14:04:42.401057Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-20T14:04:51.543Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://gitlab.gnome.org/GNOME/libsoup",
          "defaultStatus": "unaffected",
          "packageName": "libsoup",
          "versions": [
            {
              "lessThanOrEqual": "3.6.5",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup3",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank fouzhe for reporting this issue."
        }
      ],
      "datePublic": "2025-05-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Low"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-30T17:50:36.254Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-4945"
        },
        {
          "name": "RHBZ#2367175",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367175"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-05-19T04:35:01.994000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-05-19T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Libsoup: integer overflow in cookie expiration date handling in libsoup",
      "workarounds": [
        {
          "lang": "en",
          "value": "To mitigate the risk associated with this libsoup vulnerability, Red Hat recommends avoiding interactions between client applications using the libsoup library and untrusted or compromised HTTP servers until a patched version of libsoup is deployed. Users and administrators should monitor their systems for suspicious HTTP activity and apply vendor updates as soon as a fix becomes available to prevent manipulation of cookie expiration logic that could lead to unexpected behavior or policy circumvention."
        }
      ],
      "x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-4945",
    "datePublished": "2025-05-19T17:03:09.472Z",
    "dateReserved": "2025-05-19T04:46:20.918Z",
    "dateUpdated": "2025-07-30T17:50:36.254Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted