Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.springframework.security/spring-security-core@5.3.0
Typemaven
Namespaceorg.springframework.security
Namespring-security-core
Version5.3.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.7.14
Latest_non_vulnerable_version6.5.4
Affected_by_vulnerabilities
0
url VCID-hedq-eav6-4fee
vulnerability_id VCID-hedq-eav6-4fee
summary 
Insufficient Entropy in Spring Security
Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-5408
reference_id
reference_type
scores
0
value 0.00468
scoring_system epss
scoring_elements 0.64525
published_at 2026-04-21T12:55:00Z
1
value 0.00468
scoring_system epss
scoring_elements 0.64403
published_at 2026-04-01T12:55:00Z
2
value 0.00468
scoring_system epss
scoring_elements 0.64458
published_at 2026-04-02T12:55:00Z
3
value 0.00468
scoring_system epss
scoring_elements 0.64488
published_at 2026-04-04T12:55:00Z
4
value 0.00468
scoring_system epss
scoring_elements 0.64447
published_at 2026-04-07T12:55:00Z
5
value 0.00468
scoring_system epss
scoring_elements 0.64495
published_at 2026-04-08T12:55:00Z
6
value 0.00468
scoring_system epss
scoring_elements 0.64511
published_at 2026-04-09T12:55:00Z
7
value 0.00468
scoring_system epss
scoring_elements 0.64527
published_at 2026-04-11T12:55:00Z
8
value 0.00468
scoring_system epss
scoring_elements 0.64515
published_at 2026-04-12T12:55:00Z
9
value 0.00468
scoring_system epss
scoring_elements 0.64487
published_at 2026-04-13T12:55:00Z
10
value 0.00468
scoring_system epss
scoring_elements 0.64521
published_at 2026-04-16T12:55:00Z
11
value 0.00468
scoring_system epss
scoring_elements 0.64533
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-5408
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-5408
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-5408
2
reference_url https://tanzu.vmware.com/security/cve-2020-5408
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://tanzu.vmware.com/security/cve-2020-5408
3
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
4
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2021.html
5
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
6
reference_url https://github.com/advisories/GHSA-2ppp-9496-p23q
reference_id GHSA-2ppp-9496-p23q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2ppp-9496-p23q
fixed_packages
0
url pkg:maven/org.springframework.security/spring-security-core@5.3.2
purl pkg:maven/org.springframework.security/spring-security-core@5.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.3.2
1
url pkg:maven/org.springframework.security/spring-security-core@5.3.2.RELEASE
purl pkg:maven/org.springframework.security/spring-security-core@5.3.2.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cden-3spy-pyhz
1
vulnerability VCID-dwcq-d6nf-1ubn
2
vulnerability VCID-u6vb-w2bu-ykfk
3
vulnerability VCID-yeaf-ta2h-p7c1
4
vulnerability VCID-ykkv-ahjn-d7eb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.3.2.RELEASE
aliases CVE-2020-5408, GHSA-2ppp-9496-p23q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hedq-eav6-4fee
1
url VCID-y1m6-bc5x-1bbb
vulnerability_id VCID-y1m6-bc5x-1bbb
summary 
Signature wrapping vulnerability in Spring Security
Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response and append an arbitrary assertion that Spring Security will accept as valid.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-5407
reference_id
reference_type
scores
0
value 0.00665
scoring_system epss
scoring_elements 0.71204
published_at 2026-04-13T12:55:00Z
1
value 0.00665
scoring_system epss
scoring_elements 0.71234
published_at 2026-04-21T12:55:00Z
2
value 0.00665
scoring_system epss
scoring_elements 0.71257
published_at 2026-04-18T12:55:00Z
3
value 0.00665
scoring_system epss
scoring_elements 0.7125
published_at 2026-04-16T12:55:00Z
4
value 0.00665
scoring_system epss
scoring_elements 0.71155
published_at 2026-04-01T12:55:00Z
5
value 0.00665
scoring_system epss
scoring_elements 0.71165
published_at 2026-04-02T12:55:00Z
6
value 0.00665
scoring_system epss
scoring_elements 0.71182
published_at 2026-04-04T12:55:00Z
7
value 0.00665
scoring_system epss
scoring_elements 0.71157
published_at 2026-04-07T12:55:00Z
8
value 0.00665
scoring_system epss
scoring_elements 0.71199
published_at 2026-04-08T12:55:00Z
9
value 0.00665
scoring_system epss
scoring_elements 0.71212
published_at 2026-04-09T12:55:00Z
10
value 0.00665
scoring_system epss
scoring_elements 0.71235
published_at 2026-04-11T12:55:00Z
11
value 0.00665
scoring_system epss
scoring_elements 0.7122
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-5407
1
reference_url https://lists.apache.org/thread.html/r73af928cf64bebf78b7fa4bc56a5253273ec7829f5f5827f64c72fc7@%3Cissues.servicemix.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r73af928cf64bebf78b7fa4bc56a5253273ec7829f5f5827f64c72fc7@%3Cissues.servicemix.apache.org%3E
2
reference_url https://lists.apache.org/thread.html/ra19a4e7236877fe12bfb52db07b27ad72d9e7a9f5e27bba7e928e18a@%3Cdev.geode.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra19a4e7236877fe12bfb52db07b27ad72d9e7a9f5e27bba7e928e18a@%3Cdev.geode.apache.org%3E
3
reference_url https://lists.apache.org/thread.html/rd99601fbca514f214f88f9e53fd5be3cfbff05b350c994b4ec2e184c@%3Cdev.geode.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd99601fbca514f214f88f9e53fd5be3cfbff05b350c994b4ec2e184c@%3Cdev.geode.apache.org%3E
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-5407
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-5407
5
reference_url https://tanzu.vmware.com/security/cve-2020-5407
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tanzu.vmware.com/security/cve-2020-5407
6
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
7
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2021.html
8
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
9
reference_url https://github.com/advisories/GHSA-48rw-j489-928m
reference_id GHSA-48rw-j489-928m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-48rw-j489-928m
fixed_packages
0
url pkg:maven/org.springframework.security/spring-security-core@5.3.2
purl pkg:maven/org.springframework.security/spring-security-core@5.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.3.2
1
url pkg:maven/org.springframework.security/spring-security-core@5.3.2.RELEASE
purl pkg:maven/org.springframework.security/spring-security-core@5.3.2.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cden-3spy-pyhz
1
vulnerability VCID-dwcq-d6nf-1ubn
2
vulnerability VCID-u6vb-w2bu-ykfk
3
vulnerability VCID-yeaf-ta2h-p7c1
4
vulnerability VCID-ykkv-ahjn-d7eb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.3.2.RELEASE
aliases CVE-2020-5407, GHSA-48rw-j489-928m
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y1m6-bc5x-1bbb
2
url VCID-yeaf-ta2h-p7c1
vulnerability_id VCID-yeaf-ta2h-p7c1
summary 
Privilege escalation in spring security
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22112.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22112.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22112
reference_id
reference_type
scores
0
value 0.00979
scoring_system epss
scoring_elements 0.76783
published_at 2026-04-21T12:55:00Z
1
value 0.00979
scoring_system epss
scoring_elements 0.76792
published_at 2026-04-18T12:55:00Z
2
value 0.00979
scoring_system epss
scoring_elements 0.76787
published_at 2026-04-16T12:55:00Z
3
value 0.00979
scoring_system epss
scoring_elements 0.76754
published_at 2026-04-12T12:55:00Z
4
value 0.00979
scoring_system epss
scoring_elements 0.76688
published_at 2026-04-01T12:55:00Z
5
value 0.00979
scoring_system epss
scoring_elements 0.76703
published_at 2026-04-07T12:55:00Z
6
value 0.00979
scoring_system epss
scoring_elements 0.76721
published_at 2026-04-04T12:55:00Z
7
value 0.00979
scoring_system epss
scoring_elements 0.76692
published_at 2026-04-02T12:55:00Z
8
value 0.00979
scoring_system epss
scoring_elements 0.76774
published_at 2026-04-11T12:55:00Z
9
value 0.00979
scoring_system epss
scoring_elements 0.76746
published_at 2026-04-13T12:55:00Z
10
value 0.00979
scoring_system epss
scoring_elements 0.76735
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22112
2
reference_url https://github.com/spring-projects/spring-security
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security
3
reference_url https://github.com/spring-projects/spring-security/releases/tag/5.4.4
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security/releases/tag/5.4.4
4
reference_url https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r2cb05e499807900ba23e539643eead9c5f0652fd271f223f89da1804@%3Cpluto-scm.portals.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r2cb05e499807900ba23e539643eead9c5f0652fd271f223f89da1804@%3Cpluto-scm.portals.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r37423ec7eea340e92a409452c35b649dce02fdc467f0b3f52086c177@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r37423ec7eea340e92a409452c35b649dce02fdc467f0b3f52086c177@%3Cpluto-dev.portals.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/r413e380088c427f56102968df89ef2f336473e1b56b7d4b3a571a378@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r413e380088c427f56102968df89ef2f336473e1b56b7d4b3a571a378@%3Cpluto-dev.portals.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/ra6389b1b82108a3b6bbcd22979f7665fd437c2a3408c9509a15a9ca1@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra6389b1b82108a3b6bbcd22979f7665fd437c2a3408c9509a15a9ca1@%3Cpluto-dev.portals.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/redbd004a503b3520ae5746c2ab5e93fd7da807a8c128e60d2002cd9b@%3Cissues.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/redbd004a503b3520ae5746c2ab5e93fd7da807a8c128e60d2002cd9b@%3Cissues.nifi.apache.org%3E
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-22112
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-22112
15
reference_url https://tanzu.vmware.com/security/cve-2021-22112
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tanzu.vmware.com/security/cve-2021-22112
16
reference_url https://www.jenkins.io/security/advisory/2021-02-19
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.jenkins.io/security/advisory/2021-02-19
17
reference_url https://www.jenkins.io/security/advisory/2021-02-19/
reference_id
reference_type
scores
url https://www.jenkins.io/security/advisory/2021-02-19/
18
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
19
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
20
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
21
reference_url http://www.openwall.com/lists/oss-security/2021/02/19/7
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/02/19/7
22
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1931453
reference_id 1931453
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1931453
23
reference_url https://security.archlinux.org/AVG-1595
reference_id AVG-1595
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1595
24
reference_url https://github.com/advisories/GHSA-gq28-h5vg-8prx
reference_id GHSA-gq28-h5vg-8prx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gq28-h5vg-8prx
fixed_packages
0
url pkg:maven/org.springframework.security/spring-security-core@5.3.9
purl pkg:maven/org.springframework.security/spring-security-core@5.3.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ykkv-ahjn-d7eb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.3.9
1
url pkg:maven/org.springframework.security/spring-security-core@5.3.9.RELEASE
purl pkg:maven/org.springframework.security/spring-security-core@5.3.9.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cden-3spy-pyhz
1
vulnerability VCID-dwcq-d6nf-1ubn
2
vulnerability VCID-u6vb-w2bu-ykfk
3
vulnerability VCID-ykkv-ahjn-d7eb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.3.9.RELEASE
2
url pkg:maven/org.springframework.security/spring-security-core@5.4.4
purl pkg:maven/org.springframework.security/spring-security-core@5.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cden-3spy-pyhz
1
vulnerability VCID-dwcq-d6nf-1ubn
2
vulnerability VCID-u6vb-w2bu-ykfk
3
vulnerability VCID-ykkv-ahjn-d7eb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.4.4
aliases CVE-2021-22112, GHSA-gq28-h5vg-8prx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yeaf-ta2h-p7c1
3
url VCID-ykkv-ahjn-d7eb
vulnerability_id VCID-ykkv-ahjn-d7eb
summary 
Incorrect Authorization
Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session or multiple sessions.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22119.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22119.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22119
reference_id
reference_type
scores
0
value 0.04895
scoring_system epss
scoring_elements 0.89603
published_at 2026-04-21T12:55:00Z
1
value 0.04895
scoring_system epss
scoring_elements 0.89607
published_at 2026-04-18T12:55:00Z
2
value 0.04895
scoring_system epss
scoring_elements 0.89605
published_at 2026-04-16T12:55:00Z
3
value 0.04895
scoring_system epss
scoring_elements 0.89598
published_at 2026-04-12T12:55:00Z
4
value 0.04895
scoring_system epss
scoring_elements 0.89599
published_at 2026-04-11T12:55:00Z
5
value 0.04895
scoring_system epss
scoring_elements 0.89592
published_at 2026-04-13T12:55:00Z
6
value 0.04895
scoring_system epss
scoring_elements 0.89587
published_at 2026-04-08T12:55:00Z
7
value 0.04895
scoring_system epss
scoring_elements 0.8957
published_at 2026-04-07T12:55:00Z
8
value 0.04895
scoring_system epss
scoring_elements 0.89557
published_at 2026-04-02T12:55:00Z
9
value 0.04895
scoring_system epss
scoring_elements 0.89553
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22119
2
reference_url https://github.com/spring-projects/spring-security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security
3
reference_url https://github.com/spring-projects/spring-security/pull/9513
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security/pull/9513
4
reference_url https://lists.apache.org/thread.html/r08a449010786e0bcffa4b5781b04fcb55d6eafa62cb79b8347680aad@%3Cissues.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r08a449010786e0bcffa4b5781b04fcb55d6eafa62cb79b8347680aad@%3Cissues.nifi.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E
10
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
11
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1977064
reference_id 1977064
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1977064
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-22119
reference_id CVE-2021-22119
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-22119
14
reference_url https://tanzu.vmware.com/security/cve-2021-22119
reference_id CVE-2021-22119
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tanzu.vmware.com/security/cve-2021-22119
15
reference_url https://github.com/advisories/GHSA-w9jg-gvgr-354m
reference_id GHSA-w9jg-gvgr-354m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w9jg-gvgr-354m
16
reference_url https://access.redhat.com/errata/RHSA-2022:5532
reference_id RHSA-2022:5532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5532
fixed_packages
0
url pkg:maven/org.springframework.security/spring-security-core@5.3.10
purl pkg:maven/org.springframework.security/spring-security-core@5.3.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.3.10
1
url pkg:maven/org.springframework.security/spring-security-core@5.3.10.RELEASE
purl pkg:maven/org.springframework.security/spring-security-core@5.3.10.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cden-3spy-pyhz
1
vulnerability VCID-dwcq-d6nf-1ubn
2
vulnerability VCID-u6vb-w2bu-ykfk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.3.10.RELEASE
2
url pkg:maven/org.springframework.security/spring-security-core@5.4.7
purl pkg:maven/org.springframework.security/spring-security-core@5.4.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cden-3spy-pyhz
1
vulnerability VCID-dwcq-d6nf-1ubn
2
vulnerability VCID-u6vb-w2bu-ykfk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.4.7
3
url pkg:maven/org.springframework.security/spring-security-core@5.5.1
purl pkg:maven/org.springframework.security/spring-security-core@5.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cden-3spy-pyhz
1
vulnerability VCID-dwcq-d6nf-1ubn
2
vulnerability VCID-u6vb-w2bu-ykfk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.5.1
aliases CVE-2021-22119, GHSA-w9jg-gvgr-354m
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ykkv-ahjn-d7eb
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.3.0