{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-0239", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-01-06T14:49:04.597Z", "datePublished": "2025-01-07T16:07:06.317Z", "dateUpdated": "2026-04-13T14:30:01.233Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "128.6", "lessThanOrEqual": "128.*", "versionType": "rpm"}, {"status": "unaffected", "version": "134", "lessThanOrEqual": "*", "versionType": "rpm"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "128.6", "lessThanOrEqual": "128.*", "versionType": "rpm"}, {"status": "unaffected", "version": "134", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6."}]}], "title": "Alt-Svc ALPN validation failure when redirected", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1929156"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-01/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-02/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-04/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-05/"}], "credits": [{"lang": "en", "value": "Paul Gerste"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:30:01.233Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-295", "lang": "en", "description": "CWE-295 Improper Certificate Validation"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-01-08T16:33:42.534195Z", "id": "CVE-2025-0239", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-08T16:36:07.964Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00004.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T22:33:39.114Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00004.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T22:33:39.114Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-0239", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-08T16:33:42.534195Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-295", "description": "CWE-295 Improper Certificate Validation"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-08T16:36:02.253Z"}}], "cna": {"title": "Alt-Svc ALPN validation failure when redirected", "credits": [{"lang": "en", "value": "Paul Gerste"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "unaffected", "version": "128.6", "versionType": "rpm", "lessThanOrEqual": "128.*"}, {"status": "unaffected", "version": "134", "versionType": "rpm", "lessThanOrEqual": "*"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "unaffected", "version": "128.6", "versionType": "rpm", "lessThanOrEqual": "128.*"}, {"status": "unaffected", "version": "134", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1929156"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-01/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-02/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-04/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-05/"}], "descriptions": [{"lang": "en", "value": "When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.", "supportingMedia": [{"type": "text/html", "value": "When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:30:01.233Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0239", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:30:01.233Z", "dateReserved": "2025-01-06T14:49:04.597Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-01-07T16:07:06.317Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "AEBB7F43-496D-4A67-8E9E-EEE29913B6DE", "versionEndExcluding": "128.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "4FDCA935-A68D-404E-A749-CA3845C709F0", "versionEndExcluding": "134.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "C92D62DE-A681-4B9D-9640-D12D04392A1B", "versionEndExcluding": "128.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "A633E231-80F8-4A92-BA69-B9BE5BE45D00", "versionEndExcluding": "134.0", "versionStartIncluding": "129.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6."}, {"lang": "es", "value": "Al utilizar Alt-Svc, ALPN no valid\u00f3 correctamente los certificados cuando el servidor original redireccionaba a un sitio inseguro. Esta vulnerabilidad afecta a Firefox < 134 y Firefox ESR < 128.6."}], "id": "CVE-2025-0239", "lastModified": "2026-04-13T15:16:32.543", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-01-07T16:15:38.563", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1929156"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-01/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-02/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-04/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-05/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00004.html"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:0132", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "firefox-0:128.6.0-1.el7_9", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0144", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:128.6.0-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0281", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:128.6.0-3.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-01-13T00:00:00Z"}, {"advisory": "RHSA-2025:0133", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "firefox-0:128.6.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0286", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "thunderbird-0:128.6.0-3.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-01-13T00:00:00Z"}, {"advisory": "RHSA-2025:0134", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "firefox-0:128.6.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0287", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "thunderbird-0:128.6.0-3.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-01-13T00:00:00Z"}, {"advisory": "RHSA-2025:0134", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "firefox-0:128.6.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0287", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "thunderbird-0:128.6.0-3.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-01-13T00:00:00Z"}, {"advisory": "RHSA-2025:0134", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "firefox-0:128.6.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0287", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "thunderbird-0:128.6.0-3.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-01-13T00:00:00Z"}, {"advisory": "RHSA-2025:0136", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "firefox-0:128.6.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0275", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "thunderbird-0:128.6.0-3.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-01-13T00:00:00Z"}, {"advisory": "RHSA-2025:0136", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "firefox-0:128.6.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0275", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "thunderbird-0:128.6.0-3.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-01-13T00:00:00Z"}, {"advisory": "RHSA-2025:0136", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "firefox-0:128.6.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0275", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "thunderbird-0:128.6.0-3.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-01-13T00:00:00Z"}, {"advisory": "RHSA-2025:0137", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "firefox-0:128.6.0-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0284", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "thunderbird-0:128.6.0-3.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-01-13T00:00:00Z"}, {"advisory": "RHSA-2025:0080", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "firefox-0:128.6.0-1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-01-08T00:00:00Z"}, {"advisory": "RHSA-2025:0147", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "thunderbird-0:128.6.0-3.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0162", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "firefox-0:128.6.0-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0165", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "thunderbird-0:128.6.0-3.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0138", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "firefox-0:128.6.0-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0167", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "thunderbird-0:128.6.0-3.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0135", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "firefox-0:128.6.0-1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0166", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "thunderbird-0:128.6.0-3.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-01-09T00:00:00Z"}], "bugzilla": {"description": "firefox: Alt-Svc ALPN validation failure when redirected", "id": "2336170", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2336170"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-601", "details": ["When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.", "A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site."], "name": "CVE-2025-0239", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "firefox-flatpak-container", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "thunderbird-flatpak-container", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "firefox:flatpak/firefox", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "thunderbird:flatpak/thunderbird", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-01-07T16:07:06Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-0239\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-0239\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1929156\nhttps://www.mozilla.org/security/advisories/mfsa2025-01/\nhttps://www.mozilla.org/security/advisories/mfsa2025-02/"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-04-20T23:56:11.825663+00:00", "value": {"mitigation_remediation": ["Upgrade Firefox to version 134 or newer, or at least to the Firefox ESR 128.6 release.", "Upgrade Thunderbird to version 134 or newer, or at least to the Thunderbird ESR 128.6 release.", "If an immediate update is not possible, disable Alt\u2011Service or ALPN handling in the browser configuration to prevent the protocol from being used until the patch is applied."], "summary": {"action": "Patch immediately", "impact": "Man-in-the-middle"}, "threat_synthesis": {"affected_systems": "The vulnerability is relevant to Mozilla Firefox versions older than 134 and the Firefox ESR branch older than 128.6, as well as Mozilla Thunderbird versions older than 134 and its ESR branch older than 128.6. Users of those browsers on any platform that uses Alt\u2011Svc for protocol negotiation are potentially impacted.", "description_and_impact": "A flaw in Alt\u2011Service (Alt\u2011Svc) handling caused the ALPN mechanism to fail to validate TLS certificates when the original server redirected to an insecure site. The control failure allowed an attacker to trick a client into believing it was communicating securely with a legitimate server while actually connecting to a malicious server, creating a full interception path for traffic modification or eavesdropping.", "risk_and_exploitability": "The CVSS score of 4.0 indicates a low overall severity, and the EPSS score of less than 1% suggests a very low probability of exploitation. The vulnerability is not listed in CISA\u2019s KEV catalog. The likely attack vector, inferred from the description, requires an attacker to control a server that a victim\u2019s browser connects to via Alt\u2011Svc and to orchestrate an insecure redirect; this makes exploitation non-trivial but still possible in environments with exposed Alt\u2011Svc endpoints."}}}}, "created": "2026-04-21T00:00:13.391893+00:00", "updated": "2026-04-21T00:00:13.391913+00:00", "vendors": []}