The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade io.netty.incubator:netty-incubator-codec-ohttp-hpke-bouncycastle to version 0.0.21.Final or higher.
Affected versions of this package are vulnerable to Insecure Randomness due to the HKDF_expand and EVP_HPKE_CTX_export functions returning a zero-filled byte array on failure, which is then used as key material for AEAD encryption. An attacker can predict and exploit the deterministic, all-zero AEAD key by triggering failures in these cryptographic operations.