Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.activemq/activemq-parent@5.15.12
Typemaven
Namespaceorg.apache.activemq
Nameactivemq-parent
Version5.15.12
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.15.13
Latest_non_vulnerable_version5.16.1
Affected_by_vulnerabilities
0
url VCID-pe37-xakm-3qb4
vulnerability_id VCID-pe37-xakm-3qb4
summary 
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html "A remote client could create a javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, a rogue remote client could make your Java application execute arbitrary code." Mitigation: Upgrade to Apache ActiveMQ 5.15.13
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-11998
reference_id
reference_type
scores
0
value 0.06913
scoring_system epss
scoring_elements 0.91424
published_at 2026-04-18T12:55:00Z
1
value 0.06913
scoring_system epss
scoring_elements 0.91428
published_at 2026-04-16T12:55:00Z
2
value 0.06913
scoring_system epss
scoring_elements 0.91403
published_at 2026-04-13T12:55:00Z
3
value 0.06913
scoring_system epss
scoring_elements 0.91404
published_at 2026-04-12T12:55:00Z
4
value 0.06913
scoring_system epss
scoring_elements 0.91401
published_at 2026-04-11T12:55:00Z
5
value 0.06913
scoring_system epss
scoring_elements 0.91395
published_at 2026-04-09T12:55:00Z
6
value 0.06913
scoring_system epss
scoring_elements 0.91388
published_at 2026-04-08T12:55:00Z
7
value 0.06913
scoring_system epss
scoring_elements 0.91376
published_at 2026-04-07T12:55:00Z
8
value 0.06913
scoring_system epss
scoring_elements 0.91353
published_at 2026-04-01T12:55:00Z
9
value 0.06913
scoring_system epss
scoring_elements 0.91368
published_at 2026-04-04T12:55:00Z
10
value 0.06913
scoring_system epss
scoring_elements 0.91358
published_at 2026-04-02T12:55:00Z
11
value 0.06913
scoring_system epss
scoring_elements 0.91425
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-11998
1
reference_url https://github.com/apache/activemq/commit/0d6e5f2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/commit/0d6e5f2
2
reference_url https://github.com/apache/activemq/commit/88b78d0
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/commit/88b78d0
3
reference_url https://github.com/apache/activemq/commit/aa8900c
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/commit/aa8900c
4
reference_url https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7@%3Ccommits.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7@%3Ccommits.activemq.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d@%3Ccommits.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d@%3Ccommits.activemq.apache.org%3E
6
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
7
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2021.html
8
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
9
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-11998
reference_id CVE-2020-11998
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-11998
11
reference_url http://activemq.apache.org/security-advisories.data/CVE-2020-11998-announcement.txt
reference_id CVE-2020-11998-ANNOUNCEMENT.TXT
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://activemq.apache.org/security-advisories.data/CVE-2020-11998-announcement.txt
12
reference_url https://github.com/advisories/GHSA-wqfh-9m4g-7x6x
reference_id GHSA-wqfh-9m4g-7x6x
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wqfh-9m4g-7x6x
fixed_packages
0
url pkg:maven/org.apache.activemq/activemq-parent@5.15.13
purl pkg:maven/org.apache.activemq/activemq-parent@5.15.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-parent@5.15.13
aliases CVE-2020-11998, GHSA-wqfh-9m4g-7x6x
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pe37-xakm-3qb4
Fixing_vulnerabilities
0
url VCID-a3nb-p5p6-zbf7
vulnerability_id VCID-a3nb-p5p6-zbf7
summary 
Missing Authentication for Critical Function
Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13920.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13920.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13920
reference_id
reference_type
scores
0
value 0.00174
scoring_system epss
scoring_elements 0.3883
published_at 2026-04-16T12:55:00Z
1
value 0.00174
scoring_system epss
scoring_elements 0.38785
published_at 2026-04-13T12:55:00Z
2
value 0.00174
scoring_system epss
scoring_elements 0.38813
published_at 2026-04-12T12:55:00Z
3
value 0.00174
scoring_system epss
scoring_elements 0.38849
published_at 2026-04-11T12:55:00Z
4
value 0.00174
scoring_system epss
scoring_elements 0.38728
published_at 2026-04-21T12:55:00Z
5
value 0.00174
scoring_system epss
scoring_elements 0.38837
published_at 2026-04-09T12:55:00Z
6
value 0.00174
scoring_system epss
scoring_elements 0.38826
published_at 2026-04-08T12:55:00Z
7
value 0.00174
scoring_system epss
scoring_elements 0.38808
published_at 2026-04-18T12:55:00Z
8
value 0.00179
scoring_system epss
scoring_elements 0.39514
published_at 2026-04-02T12:55:00Z
9
value 0.00179
scoring_system epss
scoring_elements 0.39352
published_at 2026-04-01T12:55:00Z
10
value 0.00179
scoring_system epss
scoring_elements 0.39451
published_at 2026-04-07T12:55:00Z
11
value 0.00179
scoring_system epss
scoring_elements 0.39537
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13920
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13920
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13920
3
reference_url https://github.com/apache/activemq
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq
4
reference_url https://github.com/apache/activemq/commit/359ae4b
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/commit/359ae4b
5
reference_url https://github.com/apache/activemq/commit/48cd61d
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/commit/48cd61d
6
reference_url https://github.com/apache/activemq/commit/58382283330f7c7b110c7afd8ef4ca2648786532
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/commit/58382283330f7c7b110c7afd8ef4ca2648786532
7
reference_url https://github.com/apache/activemq/commit/b7dca5e
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/commit/b7dca5e
8
reference_url https://issues.apache.org/jira/browse/AMQ-7400
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/AMQ-7400
9
reference_url https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7@%3Ccommits.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7@%3Ccommits.activemq.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d@%3Ccommits.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d@%3Ccommits.activemq.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E
13
reference_url https://lists.debian.org/debian-lts-announce/2020/10/msg00013.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/10/msg00013.html
14
reference_url https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html
15
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1880101
reference_id 1880101
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1880101
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13920
reference_id CVE-2020-13920
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13920
18
reference_url http://activemq.apache.org/security-advisories.data/CVE-2020-13920-announcement.txt
reference_id CVE-2020-13920-ANNOUNCEMENT.TXT
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://activemq.apache.org/security-advisories.data/CVE-2020-13920-announcement.txt
19
reference_url https://github.com/advisories/GHSA-xgrx-xpv2-6vp4
reference_id GHSA-xgrx-xpv2-6vp4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xgrx-xpv2-6vp4
20
reference_url https://access.redhat.com/errata/RHSA-2021:3205
reference_id RHSA-2021:3205
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3205
21
reference_url https://access.redhat.com/errata/RHSA-2021:3207
reference_id RHSA-2021:3207
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3207
22
reference_url https://usn.ubuntu.com/6910-1/
reference_id USN-6910-1
reference_type
scores
url https://usn.ubuntu.com/6910-1/
fixed_packages
0
url pkg:maven/org.apache.activemq/activemq-parent@5.15.12
purl pkg:maven/org.apache.activemq/activemq-parent@5.15.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pe37-xakm-3qb4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-parent@5.15.12
aliases CVE-2020-13920, GHSA-xgrx-xpv2-6vp4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a3nb-p5p6-zbf7
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-parent@5.15.12