Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.springframework/spring-core@4.1.0

Type maven

Namespace org.springframework

Name spring-core

Version 4.1.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 5.2.24.RELEASE

Latest_non_vulnerable_version 6.2.11

Affected_by_vulnerabilities

url VCID-6zda-pv5y-uybt

vulnerability_id VCID-6zda-pv5y-uybt

summary The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-0201

reference_id

reference_type

scores

value	0.00182
scoring_system	epss
scoring_elements	0.3964
published_at	2026-04-24T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.39918
published_at	2026-04-09T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.39928
published_at	2026-04-11T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.39892
published_at	2026-04-12T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.39873
published_at	2026-04-13T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.39923
published_at	2026-04-16T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.39894
published_at	2026-04-18T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.39814
published_at	2026-04-21T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.39751
published_at	2026-04-01T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.39899
published_at	2026-04-02T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.39927
published_at	2026-04-04T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.3985
published_at	2026-04-07T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.39905
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-0201

reference_url

https://github.com/spring-projects/spring-framework

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework

reference_url

https://github.com/spring-projects/spring-framework/commit/d63cfc8eebc396be009e733a81ebb4c984811f6e

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/d63cfc8eebc396be009e733a81ebb4c984811f6e

reference_url

https://github.com/spring-projects/spring-framework/commit/dc5b5ca8ee09c890352f89b2dae58bc0132d6545

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/dc5b5ca8ee09c890352f89b2dae58bc0132d6545

reference_url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0201
reference_id
reference_type
scores
url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0201

reference_url	http://pivotal.io/security/cve-2015-0201
reference_id	CVE-2015-0201
reference_type
scores
url	http://pivotal.io/security/cve-2015-0201

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-0201

reference_id

CVE-2015-0201

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-0201

reference_url

https://pivotal.io/security/cve-2015-0201

reference_id

CVE-2015-0201

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://pivotal.io/security/cve-2015-0201

reference_url

https://github.com/advisories/GHSA-45vg-2v73-vm62

reference_id

GHSA-45vg-2v73-vm62

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-45vg-2v73-vm62

fixed_packages

url pkg:maven/org.springframework/spring-core@4.1.5

purl pkg:maven/org.springframework/spring-core@4.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-pz7c-p4ze-kfhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.1.5

url pkg:maven/org.springframework/spring-core@4.1.5.RELEASE

purl pkg:maven/org.springframework/spring-core@4.1.5.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2nff-p7we-tuax

vulnerability	VCID-3rev-eg6f-tkb7

vulnerability	VCID-6ysx-5wcw-f7b5

vulnerability	VCID-c74k-e1me-pfb2

vulnerability	VCID-cyjt-4vjn-mbc7

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-k17s-ttg2-ubgj

vulnerability	VCID-pb7f-yasx-17ag

vulnerability	VCID-w6br-v2gm-j7gr

vulnerability	VCID-y3uz-etva-sufh

vulnerability	VCID-z3th-j593-m7bg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.1.5.RELEASE

aliases CVE-2015-0201, GHSA-45vg-2v73-vm62

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6zda-pv5y-uybt

url VCID-pz7c-p4ze-kfhc

vulnerability_id VCID-pz7c-p4ze-kfhc

summary

PlaintextPasswordEncoder authenticates encoded passwords that are null
Spring Security supports plain text passwords using `PlaintextPasswordEncoder`. a malicious user (or attacker) can authenticate using a password of `null`.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11272.json

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11272.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-11272

reference_id

reference_type

scores

value	0.00407
scoring_system	epss
scoring_elements	0.6117
published_at	2026-04-24T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61165
published_at	2026-04-09T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61186
published_at	2026-04-11T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61173
published_at	2026-04-12T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61154
published_at	2026-04-13T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61194
published_at	2026-04-16T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.612
published_at	2026-04-18T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61181
published_at	2026-04-21T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61031
published_at	2026-04-01T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61108
published_at	2026-04-02T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61136
published_at	2026-04-04T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61102
published_at	2026-04-07T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.6115
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-11272

reference_url

https://lists.debian.org/debian-lts-announce/2019/07/msg00008.html

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/07/msg00008.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1728993
reference_id	1728993
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1728993

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-11272

reference_id

CVE-2019-11272

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-11272

reference_url

https://pivotal.io/security/cve-2019-11272

reference_id

CVE-2019-11272

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pivotal.io/security/cve-2019-11272

reference_url

https://github.com/advisories/GHSA-v33x-prhc-gph5

reference_id

GHSA-v33x-prhc-gph5

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v33x-prhc-gph5

reference_url	https://access.redhat.com/errata/RHSA-2020:0983
reference_id	RHSA-2020:0983
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0983

fixed_packages

url pkg:maven/org.springframework/spring-core@4.1.5.RELEASE

purl pkg:maven/org.springframework/spring-core@4.1.5.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2nff-p7we-tuax

vulnerability	VCID-3rev-eg6f-tkb7

vulnerability	VCID-6ysx-5wcw-f7b5

vulnerability	VCID-c74k-e1me-pfb2

vulnerability	VCID-cyjt-4vjn-mbc7

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-k17s-ttg2-ubgj

vulnerability	VCID-pb7f-yasx-17ag

vulnerability	VCID-w6br-v2gm-j7gr

vulnerability	VCID-y3uz-etva-sufh

vulnerability	VCID-z3th-j593-m7bg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.1.5.RELEASE

url pkg:maven/org.springframework/spring-core@4.3.0.RELEASE

purl pkg:maven/org.springframework/spring-core@4.3.0.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3rev-eg6f-tkb7

vulnerability	VCID-6ysx-5wcw-f7b5

vulnerability	VCID-c74k-e1me-pfb2

vulnerability	VCID-cyjt-4vjn-mbc7

vulnerability	VCID-dfs4-emmn-f3eb

vulnerability	VCID-j3wr-npbv-8qcw

vulnerability	VCID-k17s-ttg2-ubgj

vulnerability	VCID-mqnn-spsw-8fg5

vulnerability	VCID-pb7f-yasx-17ag

vulnerability	VCID-qpxj-fzta-v7bs

vulnerability	VCID-w6br-v2gm-j7gr

vulnerability	VCID-y3uz-etva-sufh

vulnerability	VCID-z3th-j593-m7bg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.3.0.RELEASE

aliases CVE-2019-11272, GHSA-v33x-prhc-gph5

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pz7c-p4ze-kfhc

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.1.0

Package Instance