Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.springframework.security/spring-security-core@5.4.2
Typemaven
Namespaceorg.springframework.security
Namespring-security-core
Version5.4.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.2.8
Latest_non_vulnerable_version7.0.5
Affected_by_vulnerabilities
0
url VCID-2b4h-659w-77ak
vulnerability_id VCID-2b4h-659w-77ak
summary The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38827.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38827.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-38827
reference_id
reference_type
scores
0
value 0.00399
scoring_system epss
scoring_elements 0.61183
published_at 2026-06-14T12:55:00Z
1
value 0.00399
scoring_system epss
scoring_elements 0.61073
published_at 2026-06-11T12:55:00Z
2
value 0.00399
scoring_system epss
scoring_elements 0.61187
published_at 2026-06-13T12:55:00Z
3
value 0.00399
scoring_system epss
scoring_elements 0.61178
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-38827
2
reference_url https://github.com/spring-projects/spring-framework
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-framework
3
reference_url https://github.com/spring-projects/spring-framework/commit/11d4272ff48b4a4dabc4b28dfbff0364a4204bc9
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/11d4272ff48b4a4dabc4b28dfbff0364a4204bc9
4
reference_url https://github.com/spring-projects/spring-framework/issues/33708
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/issues/33708
5
reference_url https://github.com/spring-projects/spring-framework/issues/34232
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/issues/34232
6
reference_url https://github.com/spring-projects/spring-security
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-38827
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-38827
8
reference_url https://security.netapp.com/advisory/ntap-20250124-0007
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250124-0007
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2329971
reference_id 2329971
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2329971
10
reference_url https://spring.io/security/cve-2024-38827
reference_id cve-2024-38827
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T15:27:02Z/
url https://spring.io/security/cve-2024-38827
11
reference_url https://github.com/advisories/GHSA-q3v6-hm2v-pw99
reference_id GHSA-q3v6-hm2v-pw99
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q3v6-hm2v-pw99
fixed_packages
0
url pkg:maven/org.springframework.security/spring-security-core@5.7.14
purl pkg:maven/org.springframework.security/spring-security-core@5.7.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-j3pn-a1kb-tues
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.7.14
1
url pkg:maven/org.springframework.security/spring-security-core@5.8.16
purl pkg:maven/org.springframework.security/spring-security-core@5.8.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-j3pn-a1kb-tues
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.8.16
2
url pkg:maven/org.springframework.security/spring-security-core@6.0.14
purl pkg:maven/org.springframework.security/spring-security-core@6.0.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@6.0.14
3
url pkg:maven/org.springframework.security/spring-security-core@6.1.12
purl pkg:maven/org.springframework.security/spring-security-core@6.1.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@6.1.12
4
url pkg:maven/org.springframework.security/spring-security-core@6.2.8
purl pkg:maven/org.springframework.security/spring-security-core@6.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@6.2.8
5
url pkg:maven/org.springframework.security/spring-security-core@6.3.5
purl pkg:maven/org.springframework.security/spring-security-core@6.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-j3pn-a1kb-tues
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@6.3.5
aliases CVE-2024-38827, GHSA-q3v6-hm2v-pw99
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2b4h-659w-77ak
1
url VCID-93wt-cm81-dqbh
vulnerability_id VCID-93wt-cm81-dqbh
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22119.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22119.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22119
reference_id
reference_type
scores
0
value 0.04895
scoring_system epss
scoring_elements 0.89855
published_at 2026-06-12T12:55:00Z
1
value 0.04895
scoring_system epss
scoring_elements 0.89859
published_at 2026-06-14T12:55:00Z
2
value 0.04895
scoring_system epss
scoring_elements 0.89822
published_at 2026-06-11T12:55:00Z
3
value 0.04895
scoring_system epss
scoring_elements 0.89862
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22119
2
reference_url https://github.com/spring-projects/spring-security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security
3
reference_url https://github.com/spring-projects/spring-security/pull/9513
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security/pull/9513
4
reference_url https://lists.apache.org/thread.html/r08a449010786e0bcffa4b5781b04fcb55d6eafa62cb79b8347680aad@%3Cissues.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r08a449010786e0bcffa4b5781b04fcb55d6eafa62cb79b8347680aad@%3Cissues.nifi.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-22119
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-22119
11
reference_url https://tanzu.vmware.com/security/cve-2021-22119
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tanzu.vmware.com/security/cve-2021-22119
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1977064
reference_id 1977064
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1977064
13
reference_url https://github.com/advisories/GHSA-w9jg-gvgr-354m
reference_id GHSA-w9jg-gvgr-354m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w9jg-gvgr-354m
14
reference_url https://access.redhat.com/errata/RHSA-2022:5532
reference_id RHSA-2022:5532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5532
fixed_packages
0
url pkg:maven/org.springframework.security/spring-security-core@5.4.7
purl pkg:maven/org.springframework.security/spring-security-core@5.4.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2b4h-659w-77ak
1
vulnerability VCID-ctuz-c8x2-z7df
2
vulnerability VCID-e8tz-73s8-myct
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.4.7
1
url pkg:maven/org.springframework.security/spring-security-core@5.5.1
purl pkg:maven/org.springframework.security/spring-security-core@5.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2b4h-659w-77ak
1
vulnerability VCID-ctuz-c8x2-z7df
2
vulnerability VCID-e8tz-73s8-myct
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.5.1
aliases CVE-2021-22119, GHSA-w9jg-gvgr-354m
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-93wt-cm81-dqbh
2
url VCID-ctuz-c8x2-z7df
vulnerability_id VCID-ctuz-c8x2-z7df
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22976.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22976.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-22976
reference_id
reference_type
scores
0
value 0.0036
scoring_system epss
scoring_elements 0.58587
published_at 2026-06-11T12:55:00Z
1
value 0.0036
scoring_system epss
scoring_elements 0.58699
published_at 2026-06-12T12:55:00Z
2
value 0.0036
scoring_system epss
scoring_elements 0.58703
published_at 2026-06-14T12:55:00Z
3
value 0.0036
scoring_system epss
scoring_elements 0.58714
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-22976
2
reference_url https://github.com/spring-projects/spring-security
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security
3
reference_url https://github.com/spring-projects/spring-security/commit/388a7b62b906bd56deadb7ca45248fa1a63bdf12
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security/commit/388a7b62b906bd56deadb7ca45248fa1a63bdf12
4
reference_url https://github.com/spring-projects/spring-security/commit/a40f73521c0dd88b879ff6165d280e78bdf8154f
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security/commit/a40f73521c0dd88b879ff6165d280e78bdf8154f
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22976
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-22976
6
reference_url https://security.netapp.com/advisory/ntap-20220707-0003
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220707-0003
7
reference_url https://tanzu.vmware.com/security/cve-2022-22976
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://tanzu.vmware.com/security/cve-2022-22976
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2087214
reference_id 2087214
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2087214
9
reference_url https://github.com/advisories/GHSA-wx54-3278-m5g4
reference_id GHSA-wx54-3278-m5g4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wx54-3278-m5g4
10
reference_url https://access.redhat.com/errata/RHSA-2022:5532
reference_id RHSA-2022:5532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5532
11
reference_url https://access.redhat.com/errata/RHSA-2023:3663
reference_id RHSA-2023:3663
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3663
fixed_packages
0
url pkg:maven/org.springframework.security/spring-security-core@5.5.7
purl pkg:maven/org.springframework.security/spring-security-core@5.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2b4h-659w-77ak
1
vulnerability VCID-e8tz-73s8-myct
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.5.7
1
url pkg:maven/org.springframework.security/spring-security-core@5.6.4
purl pkg:maven/org.springframework.security/spring-security-core@5.6.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2b4h-659w-77ak
1
vulnerability VCID-buca-suya-q3an
2
vulnerability VCID-e8tz-73s8-myct
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.6.4
aliases CVE-2022-22976, GHSA-wx54-3278-m5g4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ctuz-c8x2-z7df
3
url VCID-e8tz-73s8-myct
vulnerability_id VCID-e8tz-73s8-myct
summary 
In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 
5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, 
versions 6.2.x prior to 6.2.3, an application is possible vulnerable to 
broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22257.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22257.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-22257
reference_id
reference_type
scores
0
value 0.00394
scoring_system epss
scoring_elements 0.60815
published_at 2026-06-14T12:55:00Z
1
value 0.00394
scoring_system epss
scoring_elements 0.60824
published_at 2026-06-13T12:55:00Z
2
value 0.00394
scoring_system epss
scoring_elements 0.60814
published_at 2026-06-12T12:55:00Z
3
value 0.00394
scoring_system epss
scoring_elements 0.60708
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-22257
2
reference_url https://github.com/spring-projects/spring-security
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security
3
reference_url https://github.com/spring-projects/spring-security/commit/5a7f12f1a9fdb4edaab6f61495f1d781a7273b61
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security/commit/5a7f12f1a9fdb4edaab6f61495f1d781a7273b61
4
reference_url https://security.netapp.com/advisory/ntap-20240419-0005
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240419-0005
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2270158
reference_id 2270158
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2270158
6
reference_url https://spring.io/security/cve-2024-22257
reference_id cve-2024-22257
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T15:22:14Z/
url https://spring.io/security/cve-2024-22257
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-22257
reference_id CVE-2024-22257
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-22257
8
reference_url https://github.com/advisories/GHSA-f3jh-qvm4-mg39
reference_id GHSA-f3jh-qvm4-mg39
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f3jh-qvm4-mg39
9
reference_url https://security.netapp.com/advisory/ntap-20240419-0005/
reference_id ntap-20240419-0005
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T15:22:14Z/
url https://security.netapp.com/advisory/ntap-20240419-0005/
10
reference_url https://access.redhat.com/errata/RHSA-2024:3354
reference_id RHSA-2024:3354
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3354
11
reference_url https://access.redhat.com/errata/RHSA-2024:3708
reference_id RHSA-2024:3708
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3708
12
reference_url https://access.redhat.com/errata/RHSA-2024:4884
reference_id RHSA-2024:4884
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4884
fixed_packages
0
url pkg:maven/org.springframework.security/spring-security-core@5.7.12
purl pkg:maven/org.springframework.security/spring-security-core@5.7.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2b4h-659w-77ak
1
vulnerability VCID-j3pn-a1kb-tues
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.7.12
1
url pkg:maven/org.springframework.security/spring-security-core@5.8.11
purl pkg:maven/org.springframework.security/spring-security-core@5.8.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2b4h-659w-77ak
1
vulnerability VCID-j3pn-a1kb-tues
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.8.11
2
url pkg:maven/org.springframework.security/spring-security-core@6.1.8
purl pkg:maven/org.springframework.security/spring-security-core@6.1.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2b4h-659w-77ak
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@6.1.8
3
url pkg:maven/org.springframework.security/spring-security-core@6.2.3
purl pkg:maven/org.springframework.security/spring-security-core@6.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2b4h-659w-77ak
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@6.2.3
aliases CVE-2024-22257, GHSA-f3jh-qvm4-mg39
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e8tz-73s8-myct
4
url VCID-ry8m-bvze-buax
vulnerability_id VCID-ry8m-bvze-buax
summary privilege escalation
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22112.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22112.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22112
reference_id
reference_type
scores
0
value 0.00979
scoring_system epss
scoring_elements 0.77246
published_at 2026-06-12T12:55:00Z
1
value 0.00979
scoring_system epss
scoring_elements 0.77251
published_at 2026-06-14T12:55:00Z
2
value 0.00979
scoring_system epss
scoring_elements 0.77175
published_at 2026-06-11T12:55:00Z
3
value 0.00979
scoring_system epss
scoring_elements 0.77258
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22112
2
reference_url https://github.com/spring-projects/spring-security
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security
3
reference_url https://github.com/spring-projects/spring-security/releases/tag/5.4.4
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security/releases/tag/5.4.4
4
reference_url https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r2cb05e499807900ba23e539643eead9c5f0652fd271f223f89da1804@%3Cpluto-scm.portals.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r2cb05e499807900ba23e539643eead9c5f0652fd271f223f89da1804@%3Cpluto-scm.portals.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r37423ec7eea340e92a409452c35b649dce02fdc467f0b3f52086c177@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r37423ec7eea340e92a409452c35b649dce02fdc467f0b3f52086c177@%3Cpluto-dev.portals.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/r413e380088c427f56102968df89ef2f336473e1b56b7d4b3a571a378@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r413e380088c427f56102968df89ef2f336473e1b56b7d4b3a571a378@%3Cpluto-dev.portals.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/ra6389b1b82108a3b6bbcd22979f7665fd437c2a3408c9509a15a9ca1@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra6389b1b82108a3b6bbcd22979f7665fd437c2a3408c9509a15a9ca1@%3Cpluto-dev.portals.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/redbd004a503b3520ae5746c2ab5e93fd7da807a8c128e60d2002cd9b@%3Cissues.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/redbd004a503b3520ae5746c2ab5e93fd7da807a8c128e60d2002cd9b@%3Cissues.nifi.apache.org%3E
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-22112
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-22112
15
reference_url https://tanzu.vmware.com/security/cve-2021-22112
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tanzu.vmware.com/security/cve-2021-22112
16
reference_url https://www.jenkins.io/security/advisory/2021-02-19
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.jenkins.io/security/advisory/2021-02-19
17
reference_url https://www.jenkins.io/security/advisory/2021-02-19/
reference_id
reference_type
scores
url https://www.jenkins.io/security/advisory/2021-02-19/
18
reference_url http://www.openwall.com/lists/oss-security/2021/02/19/7
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/02/19/7
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1931453
reference_id 1931453
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1931453
20
reference_url https://security.archlinux.org/AVG-1595
reference_id AVG-1595
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1595
21
reference_url https://github.com/advisories/GHSA-gq28-h5vg-8prx
reference_id GHSA-gq28-h5vg-8prx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gq28-h5vg-8prx
fixed_packages
0
url pkg:maven/org.springframework.security/spring-security-core@5.4.4
purl pkg:maven/org.springframework.security/spring-security-core@5.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2b4h-659w-77ak
1
vulnerability VCID-93wt-cm81-dqbh
2
vulnerability VCID-ctuz-c8x2-z7df
3
vulnerability VCID-e8tz-73s8-myct
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.4.4
aliases CVE-2021-22112, GHSA-gq28-h5vg-8prx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ry8m-bvze-buax
Fixing_vulnerabilities
Risk_score4.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.4.2