Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.springframework.security/spring-security-oauth2-client@5.5.0
Typemaven
Namespaceorg.springframework.security
Namespring-security-oauth2-client
Version5.5.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.6.9
Latest_non_vulnerable_version5.7.5
Affected_by_vulnerabilities
0
url VCID-y82q-fr9b-gyf2
vulnerability_id VCID-y82q-fr9b-gyf2
summary 
spring-security-oauth2-client vulnerable to Privilege Escalation
Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31690.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31690.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31690
reference_id
reference_type
scores
0
value 0.00319
scoring_system epss
scoring_elements 0.54871
published_at 2026-04-07T12:55:00Z
1
value 0.00319
scoring_system epss
scoring_elements 0.54876
published_at 2026-04-02T12:55:00Z
2
value 0.00319
scoring_system epss
scoring_elements 0.5492
published_at 2026-04-08T12:55:00Z
3
value 0.00319
scoring_system epss
scoring_elements 0.54901
published_at 2026-04-04T12:55:00Z
4
value 0.00361
scoring_system epss
scoring_elements 0.58251
published_at 2026-04-18T12:55:00Z
5
value 0.00361
scoring_system epss
scoring_elements 0.58216
published_at 2026-04-13T12:55:00Z
6
value 0.00361
scoring_system epss
scoring_elements 0.58236
published_at 2026-04-12T12:55:00Z
7
value 0.00361
scoring_system epss
scoring_elements 0.58225
published_at 2026-04-21T12:55:00Z
8
value 0.00361
scoring_system epss
scoring_elements 0.58241
published_at 2026-04-09T12:55:00Z
9
value 0.00361
scoring_system epss
scoring_elements 0.58259
published_at 2026-04-11T12:55:00Z
10
value 0.00361
scoring_system epss
scoring_elements 0.58248
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31690
2
reference_url https://github.com/spring-projects/spring-security-samples/blob/4638e1e428ee2ddab234199eb3b67b9c94dfa08b/servlet/spring-boot/java/oauth2/webclient/src/main/java/example/SecurityConfiguration.java#L48
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security-samples/blob/4638e1e428ee2ddab234199eb3b67b9c94dfa08b/servlet/spring-boot/java/oauth2/webclient/src/main/java/example/SecurityConfiguration.java#L48
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31690
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31690
4
reference_url https://security.netapp.com/advisory/ntap-20221215-0010
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20221215-0010
5
reference_url https://security.netapp.com/advisory/ntap-20221215-0010/
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:42:47Z/
url https://security.netapp.com/advisory/ntap-20221215-0010/
6
reference_url https://tanzu.vmware.com/security/cve-2022-31690
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:42:47Z/
url https://tanzu.vmware.com/security/cve-2022-31690
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2162200
reference_id 2162200
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2162200
8
reference_url https://github.com/advisories/GHSA-32vj-v39g-jh23
reference_id GHSA-32vj-v39g-jh23
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-32vj-v39g-jh23
9
reference_url https://access.redhat.com/errata/RHSA-2023:1285
reference_id RHSA-2023:1285
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1285
10
reference_url https://access.redhat.com/errata/RHSA-2023:1286
reference_id RHSA-2023:1286
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1286
11
reference_url https://access.redhat.com/errata/RHSA-2023:1655
reference_id RHSA-2023:1655
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1655
12
reference_url https://access.redhat.com/errata/RHSA-2023:2041
reference_id RHSA-2023:2041
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2041
fixed_packages
0
url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.6.9
purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.6.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.6.9
1
url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.7.5
purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.7.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.7.5
aliases CVE-2022-31690, GHSA-32vj-v39g-jh23
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y82q-fr9b-gyf2
1
url VCID-ykkv-ahjn-d7eb
vulnerability_id VCID-ykkv-ahjn-d7eb
summary 
Incorrect Authorization
Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session or multiple sessions.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22119.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22119.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22119
reference_id
reference_type
scores
0
value 0.04895
scoring_system epss
scoring_elements 0.89603
published_at 2026-04-21T12:55:00Z
1
value 0.04895
scoring_system epss
scoring_elements 0.89607
published_at 2026-04-18T12:55:00Z
2
value 0.04895
scoring_system epss
scoring_elements 0.89605
published_at 2026-04-16T12:55:00Z
3
value 0.04895
scoring_system epss
scoring_elements 0.89598
published_at 2026-04-12T12:55:00Z
4
value 0.04895
scoring_system epss
scoring_elements 0.89599
published_at 2026-04-11T12:55:00Z
5
value 0.04895
scoring_system epss
scoring_elements 0.89592
published_at 2026-04-13T12:55:00Z
6
value 0.04895
scoring_system epss
scoring_elements 0.89587
published_at 2026-04-08T12:55:00Z
7
value 0.04895
scoring_system epss
scoring_elements 0.8957
published_at 2026-04-07T12:55:00Z
8
value 0.04895
scoring_system epss
scoring_elements 0.89557
published_at 2026-04-02T12:55:00Z
9
value 0.04895
scoring_system epss
scoring_elements 0.89553
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22119
2
reference_url https://github.com/spring-projects/spring-security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security
3
reference_url https://github.com/spring-projects/spring-security/pull/9513
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security/pull/9513
4
reference_url https://lists.apache.org/thread.html/r08a449010786e0bcffa4b5781b04fcb55d6eafa62cb79b8347680aad@%3Cissues.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r08a449010786e0bcffa4b5781b04fcb55d6eafa62cb79b8347680aad@%3Cissues.nifi.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E
10
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
11
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1977064
reference_id 1977064
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1977064
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-22119
reference_id CVE-2021-22119
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-22119
14
reference_url https://tanzu.vmware.com/security/cve-2021-22119
reference_id CVE-2021-22119
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tanzu.vmware.com/security/cve-2021-22119
15
reference_url https://github.com/advisories/GHSA-w9jg-gvgr-354m
reference_id GHSA-w9jg-gvgr-354m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w9jg-gvgr-354m
16
reference_url https://access.redhat.com/errata/RHSA-2022:5532
reference_id RHSA-2022:5532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5532
fixed_packages
0
url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.5.1
purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-y82q-fr9b-gyf2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.5.1
aliases CVE-2021-22119, GHSA-w9jg-gvgr-354m
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ykkv-ahjn-d7eb
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.5.0