Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.springframework.security/spring-security-web@5.1.2.RELEASE
Typemaven
Namespaceorg.springframework.security
Namespring-security-web
Version5.1.2.RELEASE
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.2.9.RELEASE
Latest_non_vulnerable_version7.0.4
Affected_by_vulnerabilities
0
url VCID-yeaf-ta2h-p7c1
vulnerability_id VCID-yeaf-ta2h-p7c1
summary 
Privilege escalation in spring security
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22112.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22112.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22112
reference_id
reference_type
scores
0
value 0.00979
scoring_system epss
scoring_elements 0.76783
published_at 2026-04-21T12:55:00Z
1
value 0.00979
scoring_system epss
scoring_elements 0.76792
published_at 2026-04-18T12:55:00Z
2
value 0.00979
scoring_system epss
scoring_elements 0.76787
published_at 2026-04-16T12:55:00Z
3
value 0.00979
scoring_system epss
scoring_elements 0.76754
published_at 2026-04-12T12:55:00Z
4
value 0.00979
scoring_system epss
scoring_elements 0.76688
published_at 2026-04-01T12:55:00Z
5
value 0.00979
scoring_system epss
scoring_elements 0.76703
published_at 2026-04-07T12:55:00Z
6
value 0.00979
scoring_system epss
scoring_elements 0.76721
published_at 2026-04-04T12:55:00Z
7
value 0.00979
scoring_system epss
scoring_elements 0.76692
published_at 2026-04-02T12:55:00Z
8
value 0.00979
scoring_system epss
scoring_elements 0.76774
published_at 2026-04-11T12:55:00Z
9
value 0.00979
scoring_system epss
scoring_elements 0.76746
published_at 2026-04-13T12:55:00Z
10
value 0.00979
scoring_system epss
scoring_elements 0.76735
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22112
2
reference_url https://github.com/spring-projects/spring-security
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security
3
reference_url https://github.com/spring-projects/spring-security/releases/tag/5.4.4
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security/releases/tag/5.4.4
4
reference_url https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r2cb05e499807900ba23e539643eead9c5f0652fd271f223f89da1804@%3Cpluto-scm.portals.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r2cb05e499807900ba23e539643eead9c5f0652fd271f223f89da1804@%3Cpluto-scm.portals.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r37423ec7eea340e92a409452c35b649dce02fdc467f0b3f52086c177@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r37423ec7eea340e92a409452c35b649dce02fdc467f0b3f52086c177@%3Cpluto-dev.portals.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/r413e380088c427f56102968df89ef2f336473e1b56b7d4b3a571a378@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r413e380088c427f56102968df89ef2f336473e1b56b7d4b3a571a378@%3Cpluto-dev.portals.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/ra6389b1b82108a3b6bbcd22979f7665fd437c2a3408c9509a15a9ca1@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra6389b1b82108a3b6bbcd22979f7665fd437c2a3408c9509a15a9ca1@%3Cpluto-dev.portals.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/redbd004a503b3520ae5746c2ab5e93fd7da807a8c128e60d2002cd9b@%3Cissues.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/redbd004a503b3520ae5746c2ab5e93fd7da807a8c128e60d2002cd9b@%3Cissues.nifi.apache.org%3E
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-22112
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-22112
15
reference_url https://tanzu.vmware.com/security/cve-2021-22112
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tanzu.vmware.com/security/cve-2021-22112
16
reference_url https://www.jenkins.io/security/advisory/2021-02-19
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.jenkins.io/security/advisory/2021-02-19
17
reference_url https://www.jenkins.io/security/advisory/2021-02-19/
reference_id
reference_type
scores
url https://www.jenkins.io/security/advisory/2021-02-19/
18
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
19
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
20
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
21
reference_url http://www.openwall.com/lists/oss-security/2021/02/19/7
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/02/19/7
22
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1931453
reference_id 1931453
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1931453
23
reference_url https://security.archlinux.org/AVG-1595
reference_id AVG-1595
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1595
24
reference_url https://github.com/advisories/GHSA-gq28-h5vg-8prx
reference_id GHSA-gq28-h5vg-8prx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gq28-h5vg-8prx
fixed_packages
0
url pkg:maven/org.springframework.security/spring-security-web@5.2.9
purl pkg:maven/org.springframework.security/spring-security-web@5.2.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-web@5.2.9
1
url pkg:maven/org.springframework.security/spring-security-web@5.2.9.RELEASE
purl pkg:maven/org.springframework.security/spring-security-web@5.2.9.RELEASE
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-web@5.2.9.RELEASE
2
url pkg:maven/org.springframework.security/spring-security-web@5.3.8
purl pkg:maven/org.springframework.security/spring-security-web@5.3.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-web@5.3.8
3
url pkg:maven/org.springframework.security/spring-security-web@5.3.9
purl pkg:maven/org.springframework.security/spring-security-web@5.3.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-web@5.3.9
4
url pkg:maven/org.springframework.security/spring-security-web@5.3.9.RELEASE
purl pkg:maven/org.springframework.security/spring-security-web@5.3.9.RELEASE
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-web@5.3.9.RELEASE
5
url pkg:maven/org.springframework.security/spring-security-web@5.4.4
purl pkg:maven/org.springframework.security/spring-security-web@5.4.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-web@5.4.4
aliases CVE-2021-22112, GHSA-gq28-h5vg-8prx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yeaf-ta2h-p7c1
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-web@5.1.2.RELEASE