Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.springframework/spring-websocket@4.1.1.RELEASE

Type maven

Namespace org.springframework

Name spring-websocket

Version 4.1.1.RELEASE

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.1.8.RELEASE

Latest_non_vulnerable_version 6.2.12

Affected_by_vulnerabilities

url VCID-6zda-pv5y-uybt

vulnerability_id VCID-6zda-pv5y-uybt

summary The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-0201

reference_id

reference_type

scores

value	0.00182
scoring_system	epss
scoring_elements	0.39814
published_at	2026-04-21T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.39905
published_at	2026-04-08T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.39918
published_at	2026-04-09T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.39928
published_at	2026-04-11T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.39892
published_at	2026-04-12T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.39873
published_at	2026-04-13T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.39923
published_at	2026-04-16T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.39894
published_at	2026-04-18T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.39751
published_at	2026-04-01T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.39899
published_at	2026-04-02T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.39927
published_at	2026-04-04T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.3985
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-0201

reference_url

https://github.com/spring-projects/spring-framework

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework

reference_url

https://github.com/spring-projects/spring-framework/commit/d63cfc8eebc396be009e733a81ebb4c984811f6e

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/d63cfc8eebc396be009e733a81ebb4c984811f6e

reference_url

https://github.com/spring-projects/spring-framework/commit/dc5b5ca8ee09c890352f89b2dae58bc0132d6545

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/dc5b5ca8ee09c890352f89b2dae58bc0132d6545

reference_url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0201
reference_id
reference_type
scores
url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0201

reference_url	http://pivotal.io/security/cve-2015-0201
reference_id	CVE-2015-0201
reference_type
scores
url	http://pivotal.io/security/cve-2015-0201

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-0201

reference_id

CVE-2015-0201

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-0201

reference_url

https://pivotal.io/security/cve-2015-0201

reference_id

CVE-2015-0201

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://pivotal.io/security/cve-2015-0201

reference_url

https://github.com/advisories/GHSA-45vg-2v73-vm62

reference_id

GHSA-45vg-2v73-vm62

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-45vg-2v73-vm62

fixed_packages

url pkg:maven/org.springframework/spring-websocket@4.1.5.RELEASE

purl pkg:maven/org.springframework/spring-websocket@4.1.5.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ec6g-dnjb-vycb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-websocket@4.1.5.RELEASE

aliases CVE-2015-0201, GHSA-45vg-2v73-vm62

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6zda-pv5y-uybt

url VCID-ec6g-dnjb-vycb

vulnerability_id VCID-ec6g-dnjb-vycb

summary Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-5211

reference_id

reference_type

scores

value	0.01918
scoring_system	epss
scoring_elements	0.83266
published_at	2026-04-01T12:55:00Z

value	0.01918
scoring_system	epss
scoring_elements	0.83373
published_at	2026-04-21T12:55:00Z

value	0.01918
scoring_system	epss
scoring_elements	0.83371
published_at	2026-04-18T12:55:00Z

value	0.01918
scoring_system	epss
scoring_elements	0.8337
published_at	2026-04-16T12:55:00Z

value	0.01918
scoring_system	epss
scoring_elements	0.83335
published_at	2026-04-13T12:55:00Z

value	0.01918
scoring_system	epss
scoring_elements	0.83339
published_at	2026-04-12T12:55:00Z

value	0.01918
scoring_system	epss
scoring_elements	0.83345
published_at	2026-04-11T12:55:00Z

value	0.01918
scoring_system	epss
scoring_elements	0.8333
published_at	2026-04-09T12:55:00Z

value	0.01918
scoring_system	epss
scoring_elements	0.83321
published_at	2026-04-08T12:55:00Z

value	0.01918
scoring_system	epss
scoring_elements	0.83297
published_at	2026-04-07T12:55:00Z

value	0.01918
scoring_system	epss
scoring_elements	0.83283
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-5211

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5211
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5211

reference_url

https://github.com/spring-projects/spring-framework

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework

reference_url

https://github.com/spring-projects/spring-framework/commit/03f547eb9868f48f44d59b56067d4ac4740672c3

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/03f547eb9868f48f44d59b56067d4ac4740672c3

reference_url

https://github.com/spring-projects/spring-framework/commit/2bd1daa75ee0b8ec33608ca6ab065ef3e1815543

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/2bd1daa75ee0b8ec33608ca6ab065ef3e1815543

reference_url

https://github.com/spring-projects/spring-framework/commit/a95c3d820dbc4c3ae752f1b3ee22ee860b162402

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/a95c3d820dbc4c3ae752f1b3ee22ee860b162402

reference_url

https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html

reference_url

https://www.trustwave.com/Resources/SpiderLabs-Blog/Reflected-File-Download---A-New-Web-Attack-Vector

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.trustwave.com/Resources/SpiderLabs-Blog/Reflected-File-Download---A-New-Web-Attack-Vector

reference_url	https://www.trustwave.com/Resources/SpiderLabs-Blog/Reflected-File-Download---A-New-Web-Attack-Vector/
reference_id
reference_type
scores
url	https://www.trustwave.com/Resources/SpiderLabs-Blog/Reflected-File-Download---A-New-Web-Attack-Vector/

reference_url	http://pivotal.io/security/cve-2015-5211
reference_id	CVE-2015-5211
reference_type
scores
url	http://pivotal.io/security/cve-2015-5211

reference_url	https://access.redhat.com/security/cve/cve-2015-5211
reference_id	CVE-2015-5211
reference_type
scores
url	https://access.redhat.com/security/cve/cve-2015-5211

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-5211

reference_id

CVE-2015-5211

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-5211

reference_url

https://pivotal.io/security/cve-2015-5211

reference_id

CVE-2015-5211

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pivotal.io/security/cve-2015-5211

reference_url

https://github.com/advisories/GHSA-pgf9-h69p-pcgf

reference_id

GHSA-pgf9-h69p-pcgf

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-pgf9-h69p-pcgf

reference_url	https://usn.ubuntu.com/USN-4774-1/
reference_id	USN-USN-4774-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4774-1/

fixed_packages

url	pkg:maven/org.springframework/spring-websocket@4.1.8.RELEASE
purl	pkg:maven/org.springframework/spring-websocket@4.1.8.RELEASE
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-websocket@4.1.8.RELEASE

url	pkg:maven/org.springframework/spring-websocket@4.2.2.RELEASE
purl	pkg:maven/org.springframework/spring-websocket@4.2.2.RELEASE
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-websocket@4.2.2.RELEASE

aliases CVE-2015-5211, GHSA-pgf9-h69p-pcgf

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ec6g-dnjb-vycb

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-websocket@4.1.1.RELEASE

Package Instance