Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.ops4j.pax.logging/pax-logging-log4j2@1.10.10

Type maven

Namespace org.ops4j.pax.logging

Name pax-logging-log4j2

Version 1.10.10

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.11.13

Latest_non_vulnerable_version 2.0.14

Affected_by_vulnerabilities

url VCID-gnhu-4afv-pfhy

vulnerability_id VCID-gnhu-4afv-pfhy

summary Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in org.ops4j.pax.logging:pax-logging-log4j2.

references

reference_url

https://github.com/ops4j/org.ops4j.pax.logging

reference_id

reference_type

scores

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/ops4j/org.ops4j.pax.logging

reference_url

https://github.com/advisories/GHSA-jfh8-c2jp-5v3q

reference_id

GHSA-jfh8-c2jp-5v3q

reference_type

scores

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-jfh8-c2jp-5v3q

reference_url

https://github.com/advisories/GHSA-xxfh-x98p-j8fr

reference_id

GHSA-xxfh-x98p-j8fr

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xxfh-x98p-j8fr

reference_url

https://github.com/ops4j/org.ops4j.pax.logging/security/advisories/GHSA-xxfh-x98p-j8fr

reference_id

GHSA-xxfh-x98p-j8fr

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/ops4j/org.ops4j.pax.logging/security/advisories/GHSA-xxfh-x98p-j8fr

fixed_packages

url pkg:maven/org.ops4j.pax.logging/pax-logging-log4j2@1.11.10

purl pkg:maven/org.ops4j.pax.logging/pax-logging-log4j2@1.11.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8977-tjss-w7ba

vulnerability	VCID-r67p-yqg2-9bbq

vulnerability	VCID-sjuz-dd96-sqe3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.ops4j.pax.logging/pax-logging-log4j2@1.11.10

url pkg:maven/org.ops4j.pax.logging/pax-logging-log4j2@2.0.11

purl pkg:maven/org.ops4j.pax.logging/pax-logging-log4j2@2.0.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8977-tjss-w7ba

vulnerability	VCID-r67p-yqg2-9bbq

vulnerability	VCID-sjuz-dd96-sqe3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.ops4j.pax.logging/pax-logging-log4j2@2.0.11

aliases GHSA-xxfh-x98p-j8fr, GMS-2021-75

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gnhu-4afv-pfhy

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.ops4j.pax.logging/pax-logging-log4j2@1.10.10

Package Instance