Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/eap7-undertow-js@1.0.2-2.Final_redhat_1.1?arch=el6eap

Type rpm

Namespace redhat

Name eap7-undertow-js

Version 1.0.2-2.Final_redhat_1.1

Qualifiers

arch	el6eap

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-asw1-xz83-tqb3

vulnerability_id

VCID-asw1-xz83-tqb3

summary

Information Exposure
It was found that while parsing the SAML messages the `StaxParserUtil` class of keycloak replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request `ID` field to be the chosen system property which could be obtained in the `InResponseTo` field in the response.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2582.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2582.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-2582

reference_id

reference_type

scores

value	0.00629
scoring_system	epss
scoring_elements	0.70695
published_at	2026-06-05T12:55:00Z

value	0.00629
scoring_system	epss
scoring_elements	0.70652
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-2582

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2582
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2582

reference_url	http://www.securityfocus.com/bid/101046
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/101046

reference_url	http://www.securitytracker.com/id/1041707
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1041707

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1410481
reference_id	1410481
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1410481

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-2582

reference_id

CVE-2017-2582

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-2582

reference_url

https://github.com/advisories/GHSA-c77r-6f64-478q

reference_id

GHSA-c77r-6f64-478q

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-c77r-6f64-478q

reference_url	https://access.redhat.com/errata/RHSA-2017:3216
reference_id	RHSA-2017:3216
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3216

reference_url	https://access.redhat.com/errata/RHSA-2017:3217
reference_id	RHSA-2017:3217
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3217

reference_url	https://access.redhat.com/errata/RHSA-2017:3218
reference_id	RHSA-2017:3218
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3218

reference_url	https://access.redhat.com/errata/RHSA-2017:3219
reference_id	RHSA-2017:3219
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3219

reference_url	https://access.redhat.com/errata/RHSA-2017:3220
reference_id	RHSA-2017:3220
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3220

reference_url	https://access.redhat.com/errata/RHSA-2019:0136
reference_id	RHSA-2019:0136
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0136

reference_url	https://access.redhat.com/errata/RHSA-2019:0137
reference_id	RHSA-2019:0137
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0137

reference_url	https://access.redhat.com/errata/RHSA-2019:0139
reference_id	RHSA-2019:0139
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0139

fixed_packages

aliases

CVE-2017-2582, GHSA-c77r-6f64-478q

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-asw1-xz83-tqb3

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-undertow-js@1.0.2-2.Final_redhat_1.1%3Farch=el6eap

Package Instance