Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.19-1.Final_redhat_00001.1?arch=el8eap

Type rpm

Namespace redhat

Name eap7-wildfly-transaction-client

Version 1.1.19-1.Final_redhat_00001.1

Qualifiers

arch	el8eap

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-n3fq-7exc-qyan

vulnerability_id

VCID-n3fq-7exc-qyan

summary

WildFly Elytron: SSRF security issue
A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no allow list or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.

references

reference_url

https://access.redhat.com/errata/RHSA-2024:3559

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2024:3559

reference_url

https://access.redhat.com/errata/RHSA-2024:3560

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2024:3560

reference_url

https://access.redhat.com/errata/RHSA-2024:3561

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2024:3561

reference_url

https://access.redhat.com/errata/RHSA-2024:3563

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2024:3563

reference_url

https://access.redhat.com/errata/RHSA-2024:3580

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2024:3580

reference_url

https://access.redhat.com/errata/RHSA-2024:3581

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2024:3581

reference_url

https://access.redhat.com/errata/RHSA-2024:3583

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2024:3583

reference_url

https://access.redhat.com/errata/RHSA-2025:9582

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2025:9582

reference_url

https://access.redhat.com/errata/RHSA-2025:9583

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2025:9583

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1233.json

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1233.json

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2262849

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=2262849

reference_url

https://github.com/wildfly-security/wildfly-elytron

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/wildfly-security/wildfly-elytron

reference_url

https://github.com/wildfly/wildfly/commit/aa151a00d75d6dbc4a1bf1b68d58b9de3087bb62

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/wildfly/wildfly/commit/aa151a00d75d6dbc4a1bf1b68d58b9de3087bb62

reference_url

https://github.com/wildfly/wildfly/pull/17812/commits/0c02350bc0d84287bed46e7c32f90b36e50d3523

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/wildfly/wildfly/pull/17812/commits/0c02350bc0d84287bed46e7c32f90b36e50d3523

reference_url

https://issues.redhat.com/browse/WFLY-19226

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.redhat.com/browse/WFLY-19226

reference_url

https://access.redhat.com/security/cve/CVE-2024-1233

reference_id

CVE-2024-1233

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2024-1233

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-1233

reference_id

CVE-2024-1233

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-1233

reference_url	https://github.com/advisories/GHSA-v4mm-q8fv-r2w5
reference_id	GHSA-v4mm-q8fv-r2w5
reference_type
scores
url	https://github.com/advisories/GHSA-v4mm-q8fv-r2w5

fixed_packages

aliases

CVE-2024-1233, GHSA-v4mm-q8fv-r2w5

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-n3fq-7exc-qyan

url

VCID-tmu6-gpdc-bua1

vulnerability_id

VCID-tmu6-gpdc-bua1

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
This affects the package datatables.net If an array is passed to the HTML escape entities function it would not have its contents escaped.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23445.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23445.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-23445

reference_id

reference_type

scores

value	0.00349
scoring_system	epss
scoring_elements	0.57676
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-23445

reference_url

https://cdn.datatables.net/1.11.3

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://cdn.datatables.net/1.11.3

reference_url	https://cdn.datatables.net/1.11.3/
reference_id
reference_type
scores
url	https://cdn.datatables.net/1.11.3/

reference_url

https://github.com/DataTables/Dist-DataTables

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/DataTables/Dist-DataTables

reference_url

https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b

reference_url

https://lists.debian.org/debian-lts-announce/2023/08/msg00018.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2023/08/msg00018.html

reference_url

https://security.netapp.com/advisory/ntap-20240621-0006

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240621-0006

reference_url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1715371

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1715371

reference_url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1715376

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1715376

reference_url

https://snyk.io/vuln/SNYK-JS-DATATABLESNET-1540544

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-DATATABLESNET-1540544

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2257732
reference_id	2257732
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2257732

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995229
reference_id	995229
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995229

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-23445

reference_id

CVE-2021-23445

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-23445

fixed_packages

aliases

CVE-2021-23445, GHSA-h73q-5wmj-q8pj

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-tmu6-gpdc-bua1

url

VCID-y3s8-y6cp-vbc4

vulnerability_id

VCID-y3s8-y6cp-vbc4

summary

SSRF vulnerability using the Aegis DataBinding in Apache CXF
A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28752.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28752.json

reference_url

https://github.com/apache/cxf

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/cxf

reference_url

https://github.com/apache/cxf/commit/d0baeb3ee64c6d7c883bd2f5c4cb0de6b0b5f463

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/cxf/commit/d0baeb3ee64c6d7c883bd2f5c4cb0de6b0b5f463

reference_url

https://security.netapp.com/advisory/ntap-20240517-0001

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240517-0001

reference_url

http://www.openwall.com/lists/oss-security/2024/03/14/3

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2024/03/14/3

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2270732
reference_id	2270732
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2270732

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-28752

reference_id

CVE-2024-28752

reference_type

scores

value	9.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-28752

reference_url

https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt

reference_id

CVE-2024-28752.TXT

reference_type

scores

value	9.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt

reference_url	https://github.com/advisories/GHSA-qmgx-j96g-4428
reference_id	GHSA-qmgx-j96g-4428
reference_type
scores
url	https://github.com/advisories/GHSA-qmgx-j96g-4428

reference_url	https://access.redhat.com/errata/RHSA-2024:2834
reference_id	RHSA-2024:2834
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2834

reference_url	https://access.redhat.com/errata/RHSA-2024:2852
reference_id	RHSA-2024:2852
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2852

reference_url	https://access.redhat.com/errata/RHSA-2024:3708
reference_id	RHSA-2024:3708
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3708

reference_url	https://access.redhat.com/errata/RHSA-2024:5479
reference_id	RHSA-2024:5479
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5479

reference_url	https://access.redhat.com/errata/RHSA-2024:5481
reference_id	RHSA-2024:5481
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5481

reference_url	https://access.redhat.com/errata/RHSA-2024:5482
reference_id	RHSA-2024:5482
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5482

reference_url	https://access.redhat.com/errata/RHSA-2024:8339
reference_id	RHSA-2024:8339
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8339

fixed_packages

aliases

CVE-2024-28752, GHSA-qmgx-j96g-4428

risk_score

4.5

exploitability

0.5

weighted_severity

9.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-y3s8-y6cp-vbc4

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.19-1.Final_redhat_00001.1%3Farch=el8eap

Package Instance