CVE-2017-0358 - Vulnerability Details - OpenCVE

Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact total

Vendors	Products
Debian	Debian Linux
Tuxera	Ntfs-3g

Configuration 1 [-]

cpe:2.3:a:tuxera:ntfs-3g:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2017/02/04/1
http://www.securityfocus.com/bid/95987
https://marc.info/?l=oss-security&m=148594671929354&w=2
https://security.gentoo.org/glsa/201702-10
https://www.debian.org/security/2017/dsa-3780
https://www.exploit-db.com/exploits/41240/
https://www.exploit-db.com/exploits/41356/

History

Thu, 04 Dec 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: debian

Published: 2018-04-13T15:00:00.000Z

Updated: 2025-12-04T16:01:26.539Z

Reserved: 2016-11-29T00:00:00.000Z

Link: CVE-2017-0358

Vulnrichment

Updated: 2024-08-05T13:03:56.587Z

NVD

Status : Modified

Published: 2018-04-13T15:29:00.397

Modified: 2025-12-04T16:15:48.560

Link: CVE-2017-0358

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "ntfs-3g", "vendor": "ntfs-3g", "versions": [{"status": "affected", "version": "n/a"}]}], "credits": [{"lang": "en", "value": "Jann Horn of Google Project Zero"}], "datePublic": "2017-02-01T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation."}], "problemTypes": [{"descriptions": [{"description": "privilege escalation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-12-17T12:57:01.000Z", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian"}, "references": [{"name": "GLSA-201702-10", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201702-10"}, {"name": "DSA-3780", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2017/dsa-3780"}, {"name": "41240", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/41240/"}, {"name": "41356", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/41356/"}, {"name": "95987", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/95987"}, {"name": "[oss-security] 20170201 CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://marc.info/?l=oss-security&m=148594671929354&w=2"}, {"name": "[oss-security] 20170203 Re: CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2017/02/04/1"}], "source": {"advisory": "https://marc.info/?l=oss-security&m=148594671929354&w=2", "discovery": "UNKNOWN"}, "title": "ntfs-3g: Modprobe influence vulnerability via environment variables", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@debian.org", "DATE_PUBLIC": "2017-02-01T05:44:00.000Z", "ID": "CVE-2017-0358", "STATE": "PUBLIC", "TITLE": "ntfs-3g: Modprobe influence vulnerability via environment variables"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ntfs-3g", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "ntfs-3g"}]}}, "credit": [{"lang": "eng", "value": "Jann Horn of Google Project Zero"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "privilege escalation"}]}]}, "references": {"reference_data": [{"name": "GLSA-201702-10", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201702-10"}, {"name": "DSA-3780", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-3780"}, {"name": "41240", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/41240/"}, {"name": "41356", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/41356/"}, {"name": "95987", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95987"}, {"name": "[oss-security] 20170201 CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables", "refsource": "MLIST", "url": "https://marc.info/?l=oss-security&m=148594671929354&w=2"}, {"name": "[oss-security] 20170203 Re: CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2017/02/04/1"}]}, "source": {"advisory": "https://marc.info/?l=oss-security&m=148594671929354&w=2", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T13:03:56.587Z"}, "title": "CVE Program Container", "references": [{"name": "GLSA-201702-10", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201702-10"}, {"name": "DSA-3780", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2017/dsa-3780"}, {"name": "41240", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/41240/"}, {"name": "41356", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/41356/"}, {"name": "95987", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/95987"}, {"name": "[oss-security] 20170201 CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://marc.info/?l=oss-security&m=148594671929354&w=2"}, {"name": "[oss-security] 20170203 Re: CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2017/02/04/1"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-269", "lang": "en", "description": "CWE-269 Improper Privilege Management"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-12-04T15:59:11.417570Z", "id": "CVE-2017-0358", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-04T16:01:26.539Z"}}]}, "cveMetadata": {"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2017-0358", "datePublished": "2018-04-13T15:00:00.000Z", "dateReserved": "2016-11-29T00:00:00.000Z", "dateUpdated": "2025-12-04T16:01:26.539Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.gentoo.org/glsa/201702-10", "name": "GLSA-201702-10", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"]}, {"url": "https://www.debian.org/security/2017/dsa-3780", "name": "DSA-3780", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"]}, {"url": "https://www.exploit-db.com/exploits/41240/", "name": "41240", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"]}, {"url": "https://www.exploit-db.com/exploits/41356/", "name": "41356", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/95987", "name": "95987", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}, {"url": "https://marc.info/?l=oss-security&m=148594671929354&w=2", "name": "[oss-security] 20170201 CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2017/02/04/1", "name": "[oss-security] 20170203 Re: CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T13:03:56.587Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2017-0358", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-04T15:59:11.417570Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-04T16:00:23.559Z"}}], "cna": {"title": "ntfs-3g: Modprobe influence vulnerability via environment variables", "source": {"advisory": "https://marc.info/?l=oss-security&m=148594671929354&w=2", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "value": "Jann Horn of Google Project Zero"}], "affected": [{"vendor": "ntfs-3g", "product": "ntfs-3g", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-02-01T00:00:00.000Z", "references": [{"url": "https://security.gentoo.org/glsa/201702-10", "name": "GLSA-201702-10", "tags": ["vendor-advisory", "x_refsource_GENTOO"]}, {"url": "https://www.debian.org/security/2017/dsa-3780", "name": "DSA-3780", "tags": ["vendor-advisory", "x_refsource_DEBIAN"]}, {"url": "https://www.exploit-db.com/exploits/41240/", "name": "41240", "tags": ["exploit", "x_refsource_EXPLOIT-DB"]}, {"url": "https://www.exploit-db.com/exploits/41356/", "name": "41356", "tags": ["exploit", "x_refsource_EXPLOIT-DB"]}, {"url": "http://www.securityfocus.com/bid/95987", "name": "95987", "tags": ["vdb-entry", "x_refsource_BID"]}, {"url": "https://marc.info/?l=oss-security&m=148594671929354&w=2", "name": "[oss-security] 20170201 CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "http://www.openwall.com/lists/oss-security/2017/02/04/1", "name": "[oss-security] 20170203 Re: CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables", "tags": ["mailing-list", "x_refsource_MLIST"]}], "descriptions": [{"lang": "en", "value": "Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "privilege escalation"}]}], "providerMetadata": {"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian", "dateUpdated": "2018-12-17T12:57:01.000Z"}, "x_legacyV4Record": {"credit": [{"lang": "eng", "value": "Jann Horn of Google Project Zero"}], "source": {"advisory": "https://marc.info/?l=oss-security&m=148594671929354&w=2", "discovery": "UNKNOWN"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "ntfs-3g"}]}, "vendor_name": "ntfs-3g"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://security.gentoo.org/glsa/201702-10", "name": "GLSA-201702-10", "refsource": "GENTOO"}, {"url": "https://www.debian.org/security/2017/dsa-3780", "name": "DSA-3780", "refsource": "DEBIAN"}, {"url": "https://www.exploit-db.com/exploits/41240/", "name": "41240", "refsource": "EXPLOIT-DB"}, {"url": "https://www.exploit-db.com/exploits/41356/", "name": "41356", "refsource": "EXPLOIT-DB"}, {"url": "http://www.securityfocus.com/bid/95987", "name": "95987", "refsource": "BID"}, {"url": "https://marc.info/?l=oss-security&m=148594671929354&w=2", "name": "[oss-security] 20170201 CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables", "refsource": "MLIST"}, {"url": "http://www.openwall.com/lists/oss-security/2017/02/04/1", "name": "[oss-security] 20170203 Re: CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables", "refsource": "MLIST"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "privilege escalation"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2017-0358", "STATE": "PUBLIC", "TITLE": "ntfs-3g: Modprobe influence vulnerability via environment variables", "ASSIGNER": "security@debian.org", "DATE_PUBLIC": "2017-02-01T05:44:00.000Z"}}}}, "cveMetadata": {"cveId": "CVE-2017-0358", "state": "PUBLISHED", "dateUpdated": "2025-12-04T16:01:26.539Z", "dateReserved": "2016-11-29T00:00:00.000Z", "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "datePublished": "2018-04-13T15:00:00.000Z", "assignerShortName": "debian"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tuxera:ntfs-3g:*:*:*:*:*:*:*:*", "matchCriteriaId": "251D763B-8EFE-4E2C-99D3-B905CF54E117", "versionEndIncluding": "2016.2.22", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation."}, {"lang": "es", "value": "Jann Horn, de Google Project Zero, descubri\u00f3 que NTFS-3G, un controlador NTFS de lectura-escritura para FUSE, no limpia en profundidad el entorno antes de ejecutar modprobe con privilegios elevados. Un usuario local puede aprovecharse de este error para escalar privilegios locales a root."}], "id": "CVE-2017-0358", "lastModified": "2025-12-04T16:15:48.560", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2018-04-13T15:29:00.397", "references": [{"source": "security@debian.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/02/04/1"}, {"source": "security@debian.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/95987"}, {"source": "security@debian.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://marc.info/?l=oss-security&m=148594671929354&w=2"}, {"source": "security@debian.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201702-10"}, {"source": "security@debian.org", "url": "https://www.debian.org/security/2017/dsa-3780"}, {"source": "security@debian.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/41240/"}, {"source": "security@debian.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/41356/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/02/04/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/95987"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://marc.info/?l=oss-security&m=148594671929354&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201702-10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.debian.org/security/2017/dsa-3780"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/41240/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/41356/"}], "sourceIdentifier": "security@debian.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-269"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}