Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.6.0

Type maven

Namespace org.apache.cxf

Name cxf-rt-frontend-jaxrs

Version 2.6.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.3.10

Latest_non_vulnerable_version 3.4.3

Affected_by_vulnerabilities

url VCID-5qt1-qmkf-cua4

vulnerability_id VCID-5qt1-qmkf-cua4

summary

Cross-site scripting in Apache CXF
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573.

references

reference_url

http://cxf.apache.org/security-advisories.data/CVE-2020-13954.txt.asc?version=1&modificationDate=1605183670659&api=v2

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://cxf.apache.org/security-advisories.data/CVE-2020-13954.txt.asc?version=1&modificationDate=1605183670659&api=v2

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13954.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13954.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13954

reference_id

reference_type

scores

value	0.14577
scoring_system	epss
scoring_elements	0.94574
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13954

reference_url

https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec@%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec@%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec@%3Cdev.cxf.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec@%3Cdev.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec@%3Cusers.cxf.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec@%3Cusers.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r640719c9ce5671f239a6f002c20e14062effe4b318a580b6746aa5ef@%3Cdev.syncope.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r640719c9ce5671f239a6f002c20e14062effe4b318a580b6746aa5ef@%3Cdev.syncope.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r81a41a2915985d49bc3ea57dde2018b03584a863878a8532a89f993f@%3Cusers.cxf.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r81a41a2915985d49bc3ea57dde2018b03584a863878a8532a89f993f@%3Cusers.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-13954

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-13954

reference_url

https://security.netapp.com/advisory/ntap-20210513-0010

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210513-0010

reference_url	https://security.netapp.com/advisory/ntap-20210513-0010/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210513-0010/

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url

http://www.openwall.com/lists/oss-security/2020/11/12/2

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2020/11/12/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1898235
reference_id	1898235
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1898235

reference_url	https://github.com/advisories/GHSA-64x2-gq24-75pv
reference_id	GHSA-64x2-gq24-75pv
reference_type
scores
url	https://github.com/advisories/GHSA-64x2-gq24-75pv

reference_url	https://access.redhat.com/errata/RHSA-2021:3140
reference_id	RHSA-2021:3140
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3140

reference_url	https://access.redhat.com/errata/RHSA-2021:3205
reference_id	RHSA-2021:3205
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3205

fixed_packages

url pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.8

purl pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-sjum-wfkd-ufg2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.8

url pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.1

purl pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-sjum-wfkd-ufg2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.1

aliases CVE-2020-13954, GHSA-64x2-gq24-75pv

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5qt1-qmkf-cua4

url VCID-84vr-pjgw-wfhd

vulnerability_id VCID-84vr-pjgw-wfhd

summary

Improper Authentication in Apache CXF
Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.

references

reference_url

http://cxf.apache.org/cve-2013-0239.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://cxf.apache.org/cve-2013-0239.html

reference_url	http://osvdb.org/90078
reference_id
reference_type
scores
url	http://osvdb.org/90078

reference_url

http://packetstormsecurity.com/files/120214/Apache-CXF-WS-Security-UsernameToken-Bypass.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/120214/Apache-CXF-WS-Security-UsernameToken-Bypass.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0749.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0749.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0239.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0239.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-0239

reference_id

reference_type

scores

value	0.02653
scoring_system	epss
scoring_elements	0.86011
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-0239

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0239
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0239

reference_url

http://seclists.org/fulldisclosure/2013/Feb/39

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2013/Feb/39

reference_url	http://secunia.com/advisories/51988
reference_id
reference_type
scores
url	http://secunia.com/advisories/51988

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/81981

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/81981

reference_url

https://github.com/apache/cxf

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/cxf

reference_url	https://github.com/apache/cxf/commit/295a4e2f9eb3e7e0513980202949ccc424dee2d4
reference_id
reference_type
scores
url	https://github.com/apache/cxf/commit/295a4e2f9eb3e7e0513980202949ccc424dee2d4

reference_url

https://github.com/apache/cxf/commit/e4c6b3b0899ef2ba87c2610efc323b71c13dd421

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/cxf/commit/e4c6b3b0899ef2ba87c2610efc323b71c13dd421

reference_url

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-0239

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-0239

reference_url

http://svn.apache.org/viewvc?view=revision&revision=1438424

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://svn.apache.org/viewvc?view=revision&revision=1438424

reference_url

https://web.archive.org/web/20200229102616/http://www.securityfocus.com/bid/57876

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200229102616/http://www.securityfocus.com/bid/57876

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=905722
reference_id	905722
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=905722

reference_url

https://github.com/advisories/GHSA-p5c5-6564-vvr8

reference_id

GHSA-p5c5-6564-vvr8

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p5c5-6564-vvr8

reference_url	https://access.redhat.com/errata/RHSA-2013:0644
reference_id	RHSA-2013:0644
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0644

reference_url	https://access.redhat.com/errata/RHSA-2013:0645
reference_id	RHSA-2013:0645
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0645

reference_url	https://access.redhat.com/errata/RHSA-2013:0649
reference_id	RHSA-2013:0649
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0649

reference_url	https://access.redhat.com/errata/RHSA-2013:0749
reference_id	RHSA-2013:0749
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0749

fixed_packages

url pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.6.6

purl pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.6.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5qt1-qmkf-cua4

vulnerability	VCID-8h8n-9sb5-nug1

vulnerability	VCID-cmcp-dp54-j7c8

vulnerability	VCID-sjum-wfkd-ufg2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.6.6

url pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.7.3

purl pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.7.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5qt1-qmkf-cua4

vulnerability	VCID-8h8n-9sb5-nug1

vulnerability	VCID-cmcp-dp54-j7c8

vulnerability	VCID-sjum-wfkd-ufg2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.7.3

aliases CVE-2013-0239, GHSA-p5c5-6564-vvr8

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-84vr-pjgw-wfhd

url VCID-8h8n-9sb5-nug1

vulnerability_id VCID-8h8n-9sb5-nug1

summary

Missing XML Validation in Apache CXF
The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of (1) elements, (2) attributes, (3) nested constructs, and possibly other vectors.

references

reference_url

http://jira.codehaus.org/browse/WSTX-285

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://jira.codehaus.org/browse/WSTX-285

reference_url

http://jira.codehaus.org/browse/WSTX-287

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://jira.codehaus.org/browse/WSTX-287

reference_url

http://rhn.redhat.com/errata/RHSA-2013-1028.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-1028.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-1437.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-1437.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2160.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2160.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-2160

reference_id

reference_type

scores

value	0.12253
scoring_system	epss
scoring_elements	0.93968
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-2160

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=929197

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=929197

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2160
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2160

reference_url

https://cxf.apache.org/security-advisories.data/CVE-2013-2160.txt.asc

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://cxf.apache.org/security-advisories.data/CVE-2013-2160.txt.asc

reference_url

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-2160

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-2160

reference_url	http://cxf.apache.org/security-advisories.data/CVE-2013-2160.txt.asc
reference_id	CVE-2013-2160;OSVDB-95011
reference_type	exploit
scores
url	http://cxf.apache.org/security-advisories.data/CVE-2013-2160.txt.asc

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/26710.txt
reference_id	CVE-2013-2160;OSVDB-95011
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/26710.txt

reference_url

https://github.com/advisories/GHSA-254q-rp36-v2m8

reference_id

GHSA-254q-rp36-v2m8

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-254q-rp36-v2m8

reference_url	https://access.redhat.com/errata/RHSA-2013:1028
reference_id	RHSA-2013:1028
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1028

reference_url	https://access.redhat.com/errata/RHSA-2013:1185
reference_id	RHSA-2013:1185
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1185

reference_url	https://access.redhat.com/errata/RHSA-2013:1437
reference_id	RHSA-2013:1437
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1437

fixed_packages

url pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.6.7

purl pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.6.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5qt1-qmkf-cua4

vulnerability	VCID-cmcp-dp54-j7c8

vulnerability	VCID-sjum-wfkd-ufg2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.6.7

url pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.7.4

purl pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.7.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5qt1-qmkf-cua4

vulnerability	VCID-cmcp-dp54-j7c8

vulnerability	VCID-sjum-wfkd-ufg2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.7.4

aliases CVE-2013-2160, GHSA-254q-rp36-v2m8

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8h8n-9sb5-nug1

url VCID-cmcp-dp54-j7c8

vulnerability_id VCID-cmcp-dp54-j7c8

summary

Loop with Unreachable Exit Condition in Apache CXF
The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service.

references

reference_url

http://cxf.apache.org/security-advisories.data/CVE-2014-3584.txt.asc

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://cxf.apache.org/security-advisories.data/CVE-2014-3584.txt.asc

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3584.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3584.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3584

reference_id

reference_type

scores

value	0.05595
scoring_system	epss
scoring_elements	0.90445
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3584

reference_url

http://seclists.org/oss-sec/2014/q4/437

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/oss-sec/2014/q4/437

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/97753

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/97753

reference_url

https://github.com/apache/cxf

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/cxf

reference_url

https://github.com/apache/cxf/commit/0b3894f57388b9955f2c33b2295223f2835cd7b3

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/cxf/commit/0b3894f57388b9955f2c33b2295223f2835cd7b3

reference_url

https://github.com/apache/cxf/commit/47b127dbdb4a10d282be92f2ebbe646f8cf6b03e

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/cxf/commit/47b127dbdb4a10d282be92f2ebbe646f8cf6b03e

reference_url

https://issues.apache.org/jira/browse/CXF-5390

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/CXF-5390

reference_url

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-3584

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-3584

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1157330
reference_id	1157330
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1157330

reference_url	https://bugzilla.redhat.com/CVE-2014-3584
reference_id	CVE-2014-3584
reference_type
scores
url	https://bugzilla.redhat.com/CVE-2014-3584

reference_url

https://github.com/advisories/GHSA-gw5j-77f9-v2g2

reference_id

GHSA-gw5j-77f9-v2g2

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gw5j-77f9-v2g2

reference_url	https://access.redhat.com/errata/RHSA-2014:0400
reference_id	RHSA-2014:0400
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0400

fixed_packages

url pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.6.11

purl pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.6.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5qt1-qmkf-cua4

vulnerability	VCID-sjum-wfkd-ufg2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.6.11

url pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.7.8

purl pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.7.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5qt1-qmkf-cua4

vulnerability	VCID-sjum-wfkd-ufg2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.7.8

url pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.0.1

purl pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5qt1-qmkf-cua4

vulnerability	VCID-sjum-wfkd-ufg2

vulnerability	VCID-tr2b-78gg-mkad

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.0.1

aliases CVE-2014-3584, GHSA-gw5j-77f9-v2g2

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cmcp-dp54-j7c8

url VCID-sjum-wfkd-ufg2

vulnerability_id VCID-sjum-wfkd-ufg2

summary

Authorization service vulnerable to DDos attacks in Apache CFX
CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a "request" parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the "request_uri" parameter. CXF was not validating the "request_uri" parameter (apart from ensuring it uses "https) and was making a REST request to the parameter in the request to retrieve a token. This means that CXF was vulnerable to DDos attacks on the authorization server, as specified in section 10.4.1 of the spec. This issue affects Apache CXF versions prior to 3.4.3; Apache CXF versions prior to 3.3.10.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22696.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22696.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22696

reference_id

reference_type

scores

value	0.01971
scoring_system	epss
scoring_elements	0.83831
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22696

reference_url

https://cxf.apache.org/security-advisories.data/CVE-2021-22696.txt.asc

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cxf.apache.org/security-advisories.data/CVE-2021-22696.txt.asc

reference_url

https://github.com/apache/cxf

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/cxf

reference_url

https://github.com/apache/cxf/commit/40503a53914758759894f704bbf139ae89ace286

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/cxf/commit/40503a53914758759894f704bbf139ae89ace286

reference_url

https://github.com/apache/cxf/commit/aa789c5c4686597a7bdef2443909ab491fc2bc04

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/cxf/commit/aa789c5c4686597a7bdef2443909ab491fc2bc04

reference_url

https://lists.apache.org/thread.html/r6445001cc5f9a2bb1e6316993753306e054bdd1d702656b7cbe59045@%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r6445001cc5f9a2bb1e6316993753306e054bdd1d702656b7cbe59045@%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914@%3Cdev.cxf.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914@%3Cdev.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914@%3Cusers.cxf.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914@%3Cusers.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-22696

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-22696

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url

http://www.openwall.com/lists/oss-security/2021/04/02/2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2021/04/02/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1946341
reference_id	1946341
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1946341

reference_url	https://github.com/advisories/GHSA-7q4h-pj78-j7vg
reference_id	GHSA-7q4h-pj78-j7vg
reference_type
scores
url	https://github.com/advisories/GHSA-7q4h-pj78-j7vg

reference_url	https://access.redhat.com/errata/RHSA-2021:5134
reference_id	RHSA-2021:5134
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5134

reference_url	https://access.redhat.com/errata/RHSA-2022:7273
reference_id	RHSA-2022:7273
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7273

fixed_packages

url	pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.10
purl	pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.10
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.10

url	pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.3
purl	pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.4.3

aliases CVE-2021-22696, GHSA-7q4h-pj78-j7vg

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sjum-wfkd-ufg2

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@2.6.0

Package Instance