Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.springframework.security/spring-security-config@5.8.6
Typemaven
Namespaceorg.springframework.security
Namespring-security-config
Version5.8.6
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.8.7
Latest_non_vulnerable_version6.1.4
Affected_by_vulnerabilities
0
url VCID-sguk-f634-sfgs
vulnerability_id VCID-sguk-f634-sfgs
summary 
Spring Security's spring-security.xsd file is world writable
The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system.

While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical Resource” and could result in an exploit. Users should update to the latest version of Spring Security to mitigate any future exploits found around this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34042.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34042.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-34042
reference_id
reference_type
scores
0
value 0.00043
scoring_system epss
scoring_elements 0.13103
published_at 2026-04-21T12:55:00Z
1
value 0.00043
scoring_system epss
scoring_elements 0.13226
published_at 2026-04-02T12:55:00Z
2
value 0.00043
scoring_system epss
scoring_elements 0.13292
published_at 2026-04-04T12:55:00Z
3
value 0.00043
scoring_system epss
scoring_elements 0.1309
published_at 2026-04-07T12:55:00Z
4
value 0.00043
scoring_system epss
scoring_elements 0.13171
published_at 2026-04-08T12:55:00Z
5
value 0.00043
scoring_system epss
scoring_elements 0.13223
published_at 2026-04-09T12:55:00Z
6
value 0.00043
scoring_system epss
scoring_elements 0.13191
published_at 2026-04-11T12:55:00Z
7
value 0.00043
scoring_system epss
scoring_elements 0.13154
published_at 2026-04-12T12:55:00Z
8
value 0.00043
scoring_system epss
scoring_elements 0.13102
published_at 2026-04-13T12:55:00Z
9
value 0.00043
scoring_system epss
scoring_elements 0.13003
published_at 2026-04-16T12:55:00Z
10
value 0.00043
scoring_system epss
scoring_elements 0.13006
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-34042
2
reference_url https://github.com/spring-projects/spring-security
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security
3
reference_url https://github.com/spring-projects/spring-security/commit/5b293d21161e946bf241d9e974b9af93cfafaaac
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security/commit/5b293d21161e946bf241d9e974b9af93cfafaaac
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-34042
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-34042
5
reference_url https://security.netapp.com/advisory/ntap-20241129-0010
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20241129-0010
6
reference_url https://spring.io/security/cve-2023-34042
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
1
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-06T16:00:46Z/
url https://spring.io/security/cve-2023-34042
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2262911
reference_id 2262911
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2262911
8
reference_url https://github.com/advisories/GHSA-9gp8-6cg8-7h34
reference_id GHSA-9gp8-6cg8-7h34
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9gp8-6cg8-7h34
fixed_packages
0
url pkg:maven/org.springframework.security/spring-security-config@5.8.7
purl pkg:maven/org.springframework.security/spring-security-config@5.8.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-config@5.8.7
1
url pkg:maven/org.springframework.security/spring-security-config@6.0.7
purl pkg:maven/org.springframework.security/spring-security-config@6.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-config@6.0.7
2
url pkg:maven/org.springframework.security/spring-security-config@6.1.4
purl pkg:maven/org.springframework.security/spring-security-config@6.1.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-config@6.1.4
aliases CVE-2023-34042, GHSA-9gp8-6cg8-7h34
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sguk-f634-sfgs
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-config@5.8.6