Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/qpid-proton@0.16.0-14?arch=el7sat
Typerpm
Namespaceredhat
Nameqpid-proton
Version0.16.0-14
Qualifiers
arch el7sat
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-9nj7-fupw-vqaw
vulnerability_id VCID-9nj7-fupw-vqaw
summary 
Withdrawn Advisory: Improper Certificate Validation in Apache Qpid Proton
## Withdrawn Advisory
This advisory has been withdrawn because the vulnerability only affects the **Qpid Proton C library** and not `org.apache.qpid:proton-j`. This link has been maintained to preserve external references.

## Original Description

While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0223.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0223.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-0223
reference_id
reference_type
scores
0
value 0.00399
scoring_system epss
scoring_elements 0.60719
published_at 2026-04-18T12:55:00Z
1
value 0.00399
scoring_system epss
scoring_elements 0.6068
published_at 2026-04-09T12:55:00Z
2
value 0.00399
scoring_system epss
scoring_elements 0.60713
published_at 2026-04-16T12:55:00Z
3
value 0.00399
scoring_system epss
scoring_elements 0.6067
published_at 2026-04-13T12:55:00Z
4
value 0.00399
scoring_system epss
scoring_elements 0.60691
published_at 2026-04-12T12:55:00Z
5
value 0.00399
scoring_system epss
scoring_elements 0.60705
published_at 2026-04-11T12:55:00Z
6
value 0.00399
scoring_system epss
scoring_elements 0.60541
published_at 2026-04-01T12:55:00Z
7
value 0.00399
scoring_system epss
scoring_elements 0.60615
published_at 2026-04-02T12:55:00Z
8
value 0.00399
scoring_system epss
scoring_elements 0.60645
published_at 2026-04-04T12:55:00Z
9
value 0.00399
scoring_system epss
scoring_elements 0.60616
published_at 2026-04-07T12:55:00Z
10
value 0.00399
scoring_system epss
scoring_elements 0.60664
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-0223
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0223
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0223
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://issues.apache.org/jira/browse/PROTON-2014?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/PROTON-2014?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel
5
reference_url https://lists.apache.org/thread.html/008ee5e78e5a090e1fcc5f6617f425e4e51d59f03d3eda2dd006df9f@%3Cusers.qpid.apache.org%3E
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/008ee5e78e5a090e1fcc5f6617f425e4e51d59f03d3eda2dd006df9f@%3Cusers.qpid.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/3adb2f020f705b4fd453982992a68cd10f9d5ac728b699efdb73c1f5@%3Cdev.qpid.apache.org%3E
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/3adb2f020f705b4fd453982992a68cd10f9d5ac728b699efdb73c1f5@%3Cdev.qpid.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/49c83f0acce5ceaeffca51714ec2ba0f0199bcb8f99167181bba441b@%3Cdev.qpid.apache.org%3E
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/49c83f0acce5ceaeffca51714ec2ba0f0199bcb8f99167181bba441b@%3Cdev.qpid.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d@%3Ccommits.qpid.apache.org%3E
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d@%3Ccommits.qpid.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/d9c9a882a292e2defaed1f954528c916fb64497ce57db652727e39b0@%3Cannounce.apache.org%3E
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/d9c9a882a292e2defaed1f954528c916fb64497ce57db652727e39b0@%3Cannounce.apache.org%3E
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-0223
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-0223
11
reference_url http://www.openwall.com/lists/oss-security/2019/04/23/4
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/04/23/4
12
reference_url http://www.securityfocus.com/bid/108044
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/108044
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1702439
reference_id 1702439
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1702439
14
reference_url https://github.com/advisories/GHSA-5h6x-m52p-23ph
reference_id GHSA-5h6x-m52p-23ph
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5h6x-m52p-23ph
15
reference_url https://access.redhat.com/errata/RHSA-2019:0886
reference_id RHSA-2019:0886
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:0886
16
reference_url https://access.redhat.com/errata/RHSA-2019:1398
reference_id RHSA-2019:1398
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1398
17
reference_url https://access.redhat.com/errata/RHSA-2019:1399
reference_id RHSA-2019:1399
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1399
18
reference_url https://access.redhat.com/errata/RHSA-2019:1400
reference_id RHSA-2019:1400
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1400
19
reference_url https://access.redhat.com/errata/RHSA-2019:2777
reference_id RHSA-2019:2777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2777
20
reference_url https://access.redhat.com/errata/RHSA-2019:2778
reference_id RHSA-2019:2778
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2778
21
reference_url https://access.redhat.com/errata/RHSA-2019:2779
reference_id RHSA-2019:2779
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2779
22
reference_url https://access.redhat.com/errata/RHSA-2019:2780
reference_id RHSA-2019:2780
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2780
23
reference_url https://access.redhat.com/errata/RHSA-2019:2781
reference_id RHSA-2019:2781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2781
24
reference_url https://access.redhat.com/errata/RHSA-2019:2782
reference_id RHSA-2019:2782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2782
fixed_packages
aliases CVE-2019-0223, GHSA-5h6x-m52p-23ph
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9nj7-fupw-vqaw
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/qpid-proton@0.16.0-14%3Farch=el7sat