Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/216378?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/216378?format=api", "purl": "pkg:maven/org.apache.openmeetings/openmeetings-parent@3.3.1", "type": "maven", "namespace": "org.apache.openmeetings", "name": "openmeetings-parent", "version": "3.3.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "9.0.0", "latest_non_vulnerable_version": "9.0.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89226?format=api", "vulnerability_id": "VCID-3xum-p9mm-kbc3", "summary": "Apache OpenMeetings Uses GET Request Method With Sensitive Query Strings\nUse of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings.\n\nThe REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please check references regarding possible impact\n\n\nThis issue affects Apache OpenMeetings: from 3.1.3 before 9.0.0.\n\nUsers are recommended to upgrade to version 9.0.0, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34020", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22113", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34020" }, { "reference_url": "https://github.com/apache/openmeetings", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/openmeetings" }, { "reference_url": "https://lists.apache.org/thread/2h3h9do5tp17xldr0nps1yjmkx4vs3db", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:13:11Z/" } ], "url": "https://lists.apache.org/thread/2h3h9do5tp17xldr0nps1yjmkx4vs3db" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34020", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34020" }, { "reference_url": "https://owasp.org/www-community/vulnerabilities/Information_exposure_through_query_strings_in_url", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:13:11Z/" } ], "url": "https://owasp.org/www-community/vulnerabilities/Information_exposure_through_query_strings_in_url" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/04/09/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/04/09/12" }, { "reference_url": "https://github.com/advisories/GHSA-gcvm-c75m-h4p4", "reference_id": "GHSA-gcvm-c75m-h4p4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gcvm-c75m-h4p4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110268?format=api", "purl": "pkg:maven/org.apache.openmeetings/openmeetings-parent@9.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@9.0.0" } ], "aliases": [ "CVE-2026-34020", "GHSA-gcvm-c75m-h4p4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3xum-p9mm-kbc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45177?format=api", "vulnerability_id": "VCID-556q-4wch-sfde", "summary": "Improper Input Validation\nAn attacker who has gained access to an admin account can perform RCE via null-byte injection\n\nVendor: The Apache Software Foundation\n\nVersions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29246", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29208", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29246" }, { "reference_url": "https://github.com/apache/openmeetings", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/openmeetings" }, { "reference_url": "https://github.com/apache/openmeetings/commit/8e65a1344157b2898f2922d49a0bd2105687c4a5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/openmeetings/commit/8e65a1344157b2898f2922d49a0bd2105687c4a5" }, { "reference_url": "https://github.com/apache/openmeetings/commit/9f12a48994d0ad741ac140c52cbd2152f0d048d5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/openmeetings/commit/9f12a48994d0ad741ac140c52cbd2152f0d048d5" }, { "reference_url": "https://github.com/apache/openmeetings/commit/f91ff1917027625f066a9007694a31d06e69df3a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/openmeetings/commit/f91ff1917027625f066a9007694a31d06e69df3a" }, { "reference_url": "https://issues.apache.org/jira/browse/OPENMEETINGS-2765", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/OPENMEETINGS-2765" }, { "reference_url": "https://lists.apache.org/thread/230plvhbdx26m43b0sy942wlwt6kkmmr", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-10T19:34:24Z/" } ], "url": "https://lists.apache.org/thread/230plvhbdx26m43b0sy942wlwt6kkmmr" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29246", "reference_id": "CVE-2023-29246", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29246" }, { "reference_url": "https://github.com/advisories/GHSA-mg5h-f3q8-c96g", "reference_id": "GHSA-mg5h-f3q8-c96g", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mg5h-f3q8-c96g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65099?format=api", "purl": "pkg:maven/org.apache.openmeetings/openmeetings-parent@7.1.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@7.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/652891?format=api", "purl": "pkg:maven/org.apache.openmeetings/openmeetings-parent@7.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xum-p9mm-kbc3" }, { "vulnerability": "VCID-vbkk-qkme-uyh9" }, { "vulnerability": "VCID-vm9c-dvcd-3khf" }, { "vulnerability": "VCID-xsja-94mz-hqbh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@7.2.0" } ], "aliases": [ "CVE-2023-29246", "GHSA-mg5h-f3q8-c96g" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-556q-4wch-sfde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44776?format=api", "vulnerability_id": "VCID-6fca-mmbn-k7b7", "summary": "Missing Authentication for Critical Function\nVendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28326", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01053", "scoring_system": "epss", "scoring_elements": "0.77942", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28326" }, { "reference_url": "https://github.com/apache/openmeetings", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/openmeetings" }, { "reference_url": "https://github.com/apache/openmeetings/commit/1fb71af36", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/openmeetings/commit/1fb71af36" }, { "reference_url": "https://lists.apache.org/thread/r9vn12dp5yofn1h3wd5x4h7c3vmmr5d9", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-23T15:13:01Z/" } ], "url": "https://lists.apache.org/thread/r9vn12dp5yofn1h3wd5x4h7c3vmmr5d9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28326", "reference_id": "CVE-2023-28326", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28326" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64437?format=api", "purl": "pkg:maven/org.apache.openmeetings/openmeetings-parent@7.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xum-p9mm-kbc3" }, { "vulnerability": "VCID-556q-4wch-sfde" }, { "vulnerability": "VCID-vbkk-qkme-uyh9" }, { "vulnerability": "VCID-vfk3-wtbw-kuf9" }, { "vulnerability": "VCID-vm9c-dvcd-3khf" }, { "vulnerability": "VCID-xsja-94mz-hqbh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@7.0.0" } ], "aliases": [ "CVE-2023-28326", "GHSA-3r48-3m8r-4r9w" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6fca-mmbn-k7b7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39444?format=api", "vulnerability_id": "VCID-7cjy-cp47-gfdj", "summary": "Improper Authentication\nIn Apache OpenMeetings, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1286", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.38941", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.38853", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1286" }, { "reference_url": "https://github.com/apache/openmeetings", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/openmeetings" }, { "reference_url": "https://lists.apache.org/thread.html/dc2151baa5301bae773603cede0d62c21ee28588dd06e5e9253c13a8@%3Cuser.openmeetings.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/dc2151baa5301bae773603cede0d62c21ee28588dd06e5e9253c13a8@%3Cuser.openmeetings.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1286", "reference_id": "CVE-2018-1286", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1286" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/151251?format=api", "purl": "pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/55105?format=api", "purl": "pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xum-p9mm-kbc3" }, { "vulnerability": "VCID-556q-4wch-sfde" }, { "vulnerability": "VCID-6fca-mmbn-k7b7" }, { "vulnerability": "VCID-bpy2-2bjy-tyhp" }, { "vulnerability": "VCID-d3yv-dzar-s3f6" }, { "vulnerability": "VCID-vfk3-wtbw-kuf9" }, { "vulnerability": "VCID-vm9c-dvcd-3khf" }, { "vulnerability": "VCID-xsja-94mz-hqbh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.3" } ], "aliases": [ "CVE-2018-1286", "GHSA-cv9j-7q4x-v2g2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7cjy-cp47-gfdj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45164?format=api", "vulnerability_id": "VCID-vfk3-wtbw-kuf9", "summary": "Improper Authentication\nAn attacker that has gained access to certain private information can use this to act as other user.\n\nVendor: The Apache Software Foundation\n\nVersions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29032", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41052", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29032" }, { "reference_url": "https://github.com/apache/openmeetings", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/openmeetings" }, { "reference_url": "https://github.com/apache/openmeetings/commit/4e89e0ca076c83f26562f1146cf3e81ba0b16a7f", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/openmeetings/commit/4e89e0ca076c83f26562f1146cf3e81ba0b16a7f" }, { "reference_url": "https://issues.apache.org/jira/browse/OPENMEETINGS-2764", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/OPENMEETINGS-2764" }, { "reference_url": "https://lists.apache.org/thread/j2d6mg3rzcphfd8vvvk09d8p4o9lvnqp", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-10T19:44:48Z/" } ], "url": "https://lists.apache.org/thread/j2d6mg3rzcphfd8vvvk09d8p4o9lvnqp" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29032", "reference_id": "CVE-2023-29032", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29032" }, { "reference_url": "https://github.com/advisories/GHSA-v9rm-7rv9-r3fw", "reference_id": "GHSA-v9rm-7rv9-r3fw", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-v9rm-7rv9-r3fw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65099?format=api", "purl": "pkg:maven/org.apache.openmeetings/openmeetings-parent@7.1.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@7.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/652891?format=api", "purl": "pkg:maven/org.apache.openmeetings/openmeetings-parent@7.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xum-p9mm-kbc3" }, { "vulnerability": "VCID-vbkk-qkme-uyh9" }, { "vulnerability": "VCID-vm9c-dvcd-3khf" }, { "vulnerability": "VCID-xsja-94mz-hqbh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@7.2.0" } ], "aliases": [ "CVE-2023-29032", "GHSA-v9rm-7rv9-r3fw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vfk3-wtbw-kuf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56442?format=api", "vulnerability_id": "VCID-xsja-94mz-hqbh", "summary": "Apache OpenMeetings vulnerable to Deserialization of Untrusted Data\nVendor: The Apache Software Foundation\n\nVersions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0\n\nDescription: Default clustering instructions at https://openmeetings.apache.org/Clustering.html doesn't specify allow/deny lists for OpenJPA this leads to possible deserialisation of untrusted data.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-54676", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06098", "scoring_system": "epss", "scoring_elements": "0.90944", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-54676" }, { "reference_url": "https://github.com/apache/openmeetings", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/openmeetings" }, { "reference_url": "https://github.com/apache/openmeetings/commit/1c3426c6d3abbd984a3c01a61decf1242ea38923", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/openmeetings/commit/1c3426c6d3abbd984a3c01a61decf1242ea38923" }, { "reference_url": "https://issues.apache.org/jira/browse/OPENMEETINGS-2787", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/OPENMEETINGS-2787" }, { "reference_url": "https://lists.apache.org/thread/o0k05jxrt5tp4nm45lj14yfjxmg67m95", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-08T14:00:24Z/" } ], "url": "https://lists.apache.org/thread/o0k05jxrt5tp4nm45lj14yfjxmg67m95" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/01/08/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/01/08/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54676", "reference_id": "CVE-2024-54676", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54676" }, { "reference_url": "https://github.com/advisories/GHSA-mjf9-4pcv-vfg7", "reference_id": "GHSA-mjf9-4pcv-vfg7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mjf9-4pcv-vfg7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83701?format=api", "purl": "pkg:maven/org.apache.openmeetings/openmeetings-parent@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xum-p9mm-kbc3" }, { "vulnerability": "VCID-vbkk-qkme-uyh9" }, { "vulnerability": "VCID-vm9c-dvcd-3khf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@8.0.0" } ], "aliases": [ "CVE-2024-54676", "GHSA-mjf9-4pcv-vfg7" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xsja-94mz-hqbh" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.3.1" }