{"api_version":"1","generated_at":"2026-04-22T18:31:55+00:00","cve":"CVE-2023-28321","urls":{"html":"https://cve.report/CVE-2023-28321","api":"https://cve.report/api/cve/CVE-2023-28321.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-28321","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-28321"},"summary":{"title":"CVE-2023-28321","description":"An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.","state":"PUBLIC","assigner":"support@hackerone.com","published_at":"2023-05-26 21:15:00","updated_at":"2023-11-07 04:10:00"},"problem_types":["CWE-295"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/","name":"FEDORA-2023-8ed627bb04","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 37 Update: curl-7.85.0-9.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://seclists.org/fulldisclosure/2023/Jul/48","name":"20230725 APPLE-SA-2023-07-24-5 macOS Monterey 12.6.8","refsource":"FULLDISC","tags":[],"title":"Full Disclosure: APPLE-SA-2023-07-24-5 macOS Monterey 12.6.8","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://hackerone.com/reports/1950627","name":"https://hackerone.com/reports/1950627","refsource":"MISC","tags":[],"title":"HackerOne","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/kb/HT213843","name":"https://support.apple.com/kb/HT213843","refsource":"CONFIRM","tags":[],"title":"About the security content of macOS Ventura 13.5 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/kb/HT213844","name":"https://support.apple.com/kb/HT213844","refsource":"CONFIRM","tags":[],"title":"About the security content of macOS Monterey 12.6.8 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/202310-12","name":"GLSA-202310-12","refsource":"GENTOO","tags":[],"title":"curl: Multiple Vulnerabilities (GLSA 202310-12) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00016.html","name":"[debian-lts-announce] 20231011 [SECURITY] [DLA 3613-1] curl security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3613-1] curl security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://support.apple.com/kb/HT213845","name":"https://support.apple.com/kb/HT213845","refsource":"CONFIRM","tags":[],"title":"About the security content of macOS Big Sur 11.7.9 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2023/Jul/47","name":"20230725 APPLE-SA-2023-07-24-4 macOS Ventura 13.5","refsource":"FULLDISC","tags":[],"title":"Full Disclosure: APPLE-SA-2023-07-24-4 macOS Ventura 13.5","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://seclists.org/fulldisclosure/2023/Jul/52","name":"20230725 APPLE-SA-2023-07-24-6 macOS Big Sur 11.7.9","refsource":"FULLDISC","tags":[],"title":"Full Disclosure: APPLE-SA-2023-07-24-6 macOS Big Sur 11.7.9","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.netapp.com/advisory/ntap-20230609-0009/","name":"https://security.netapp.com/advisory/ntap-20230609-0009/","refsource":"CONFIRM","tags":[],"title":"May 2023 cURL/libcURL Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/","name":"FEDORA-2023-37eac50e9b","refsource":"","tags":[],"title":"[SECURITY] Fedora 38 Update: curl-8.0.1-2.fc38 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/","name":"FEDORA-2023-8ed627bb04","refsource":"","tags":[],"title":"[SECURITY] Fedora 37 Update: curl-7.85.0-9.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/","name":"FEDORA-2023-37eac50e9b","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 38 Update: curl-8.0.1-2.fc38 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-28321","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28321","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"28321","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"28321","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"28321","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"37","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"28321","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"38","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"28321","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"curl","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"28321","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"clustered_data_ontap","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"28321","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h300s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"28321","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h300s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"28321","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h410s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"28321","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h410s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"28321","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h500s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"28321","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h500s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"28321","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h700s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"28321","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h700s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"28321","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"ontap_antivirus_connector","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-28321","qid":"160825","title":"Oracle Enterprise Linux Security Update for curl (ELSA-2023-4354)"},{"cve":"CVE-2023-28321","qid":"160858","title":"Oracle Enterprise Linux Security Update for curl (ELSA-2023-4523)"},{"cve":"CVE-2023-28321","qid":"183600","title":"Debian Security Update for curl (CVE-2023-28321)"},{"cve":"CVE-2023-28321","qid":"199591","title":"Ubuntu Security Notification for curl Vulnerabilities (USN-6237-1)"},{"cve":"CVE-2023-28321","qid":"241893","title":"Red Hat Update for curl (RHSA-2023:4354)"},{"cve":"CVE-2023-28321","qid":"241941","title":"Red Hat Update for curl (RHSA-2023:4523)"},{"cve":"CVE-2023-28321","qid":"241954","title":"Red Hat Update for JBoss Core Services (RHSA-2023:4629)"},{"cve":"CVE-2023-28321","qid":"242150","title":"Red Hat Update for curl (RHSA-2023:5598)"},{"cve":"CVE-2023-28321","qid":"242278","title":"Red Hat Update for curl (RHSA-2023:6292)"},{"cve":"CVE-2023-28321","qid":"284014","title":"Fedora Security Update for curl (FEDORA-2023-8ed627bb04)"},{"cve":"CVE-2023-28321","qid":"284076","title":"Fedora Security Update for curl (FEDORA-2023-37eac50e9b)"},{"cve":"CVE-2023-28321","qid":"355747","title":"Amazon Linux Security Advisory for curl : ALAS2023-2023-270"},{"cve":"CVE-2023-28321","qid":"378687","title":"Apple macOS Ventura 13.5 Not Installed (HT213843)"},{"cve":"CVE-2023-28321","qid":"378688","title":"Apple macOS Monterey 12.6.8 Not Installed (HT213844)"},{"cve":"CVE-2023-28321","qid":"378689","title":"Apple macOS Big Sur 11.7.9 Not Installed (HT213845)"},{"cve":"CVE-2023-28321","qid":"378896","title":"Alibaba Cloud Linux Security Update for curl (ALINUX3-SA-2023:0112)"},{"cve":"CVE-2023-28321","qid":"503014","title":"Alpine Linux Security Update for curl"},{"cve":"CVE-2023-28321","qid":"6000273","title":"Debian Security Update for curl (DLA 3613-1)"},{"cve":"CVE-2023-28321","qid":"673227","title":"EulerOS Security Update for curl (EulerOS-SA-2023-2350)"},{"cve":"CVE-2023-28321","qid":"673249","title":"EulerOS Security Update for curl (EulerOS-SA-2023-2376)"},{"cve":"CVE-2023-28321","qid":"673298","title":"EulerOS Security Update for curl (EulerOS-SA-2023-2578)"},{"cve":"CVE-2023-28321","qid":"673312","title":"EulerOS Security Update for curl (EulerOS-SA-2023-2608)"},{"cve":"CVE-2023-28321","qid":"673587","title":"EulerOS Security Update for curl (EulerOS-SA-2023-3121)"},{"cve":"CVE-2023-28321","qid":"673616","title":"EulerOS Security Update for curl (EulerOS-SA-2023-2635)"},{"cve":"CVE-2023-28321","qid":"673678","title":"EulerOS Security Update for curl (EulerOS-SA-2023-2677)"},{"cve":"CVE-2023-28321","qid":"691172","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for curl (a4f8bb03-f52f-11ed-9859-080027083a05)"},{"cve":"CVE-2023-28321","qid":"710772","title":"Gentoo Linux curl Multiple Vulnerabilities (GLSA 202310-12)"},{"cve":"CVE-2023-28321","qid":"754020","title":"SUSE Enterprise Linux Security Update for curl (SUSE-SU-2023:2226-1)"},{"cve":"CVE-2023-28321","qid":"754021","title":"SUSE Enterprise Linux Security Update for curl (SUSE-SU-2023:2228-1)"},{"cve":"CVE-2023-28321","qid":"754022","title":"SUSE Enterprise Linux Security Update for curl (SUSE-SU-2023:2227-1)"},{"cve":"CVE-2023-28321","qid":"754069","title":"SUSE Enterprise Linux Security Update for curl (SUSE-SU-2023:2225-1)"},{"cve":"CVE-2023-28321","qid":"907223","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for curl (26794-1)"},{"cve":"CVE-2023-28321","qid":"907360","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for rust (26812-1)"},{"cve":"CVE-2023-28321","qid":"907613","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for mysql (26808-1)"},{"cve":"CVE-2023-28321","qid":"941198","title":"AlmaLinux Security Update for curl (ALSA-2023:4354)"},{"cve":"CVE-2023-28321","qid":"941218","title":"AlmaLinux Security Update for curl (ALSA-2023:4523)"},{"cve":"CVE-2023-28321","qid":"961033","title":"Rocky Linux Security Update for curl (RLSA-2023:4523)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2023-28321","ASSIGNER":"support@hackerone.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"https://github.com/curl/curl","version":{"version_data":[{"version_value":"Fixed in 8.1.0"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Improper Certificate Validation (CWE-295)"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://hackerone.com/reports/1950627","url":"https://hackerone.com/reports/1950627"},{"refsource":"FEDORA","name":"FEDORA-2023-37eac50e9b","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/"},{"refsource":"FEDORA","name":"FEDORA-2023-8ed627bb04","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20230609-0009/","url":"https://security.netapp.com/advisory/ntap-20230609-0009/"},{"refsource":"CONFIRM","name":"https://support.apple.com/kb/HT213843","url":"https://support.apple.com/kb/HT213843"},{"refsource":"CONFIRM","name":"https://support.apple.com/kb/HT213844","url":"https://support.apple.com/kb/HT213844"},{"refsource":"CONFIRM","name":"https://support.apple.com/kb/HT213845","url":"https://support.apple.com/kb/HT213845"},{"refsource":"FULLDISC","name":"20230725 APPLE-SA-2023-07-24-6 macOS Big Sur 11.7.9","url":"http://seclists.org/fulldisclosure/2023/Jul/52"},{"refsource":"FULLDISC","name":"20230725 APPLE-SA-2023-07-24-5 macOS Monterey 12.6.8","url":"http://seclists.org/fulldisclosure/2023/Jul/48"},{"refsource":"FULLDISC","name":"20230725 APPLE-SA-2023-07-24-4 macOS Ventura 13.5","url":"http://seclists.org/fulldisclosure/2023/Jul/47"},{"refsource":"GENTOO","name":"GLSA-202310-12","url":"https://security.gentoo.org/glsa/202310-12"},{"refsource":"MLIST","name":"[debian-lts-announce] 20231011 [SECURITY] [DLA 3613-1] curl security update","url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00016.html"}]},"description":{"description_data":[{"lang":"eng","value":"An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`."}]}},"nvd":{"publishedDate":"2023-05-26 21:15:00","lastModifiedDate":"2023-11-07 04:10:00","problem_types":["CWE-295"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":5.9,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.2,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*","versionEndExcluding":"8.1.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:ontap_antivirus_connector:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionStartIncluding":"13.0","versionEndExcluding":"13.5","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionStartIncluding":"12.0","versionEndExcluding":"12.6.8","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0","versionEndExcluding":"11.7.9","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}