Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.solr/solr-core@4.6.0
Typemaven
Namespaceorg.apache.solr
Namesolr-core
Version4.6.0
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version6.4.1
Latest_non_vulnerable_version9.10.1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-5w3j-gqqb-qbgf
vulnerability_id VCID-5w3j-gqqb-qbgf
summary 
Path Traversal
Directory traversal vulnerability in `SolrResourceLoader` in Apache Solr allows remote attackers to read arbitrary files via a `..` (dot dot) or full pathname in the tr parameter to `solr/select/`, when the response writer (wt parameter) is set to XSLT.
references
0
reference_url https://bugzilla.redhat.com/CVE-2013-6397
reference_id CVE-2013-6397
reference_type
scores
url https://bugzilla.redhat.com/CVE-2013-6397
fixed_packages
0
url pkg:maven/org.apache.solr/solr-core@4.6.0
purl pkg:maven/org.apache.solr/solr-core@4.6.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.solr/solr-core@4.6.0
1
url pkg:maven/org.apache.solr/solr-core@5.0.0
purl pkg:maven/org.apache.solr/solr-core@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g95c-rfw6-kqgs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.solr/solr-core@5.0.0
aliases CVE-2013-6397
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5w3j-gqqb-qbgf
1
url VCID-dvqy-cfd4-ybgn
vulnerability_id VCID-dvqy-cfd4-ybgn
summary 
XML eXternal Entity (XXE) flaw in DocumentAnalysisRequestHandler
The DocumentAnalysisRequestHandler in this package does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6407.
references
0
reference_url https://issues.apache.org/jira/browse/SOLR-5520
reference_id
reference_type
scores
url https://issues.apache.org/jira/browse/SOLR-5520
1
reference_url https://bugzilla.redhat.com/CVE-2013-6408
reference_id CVE-2013-6408
reference_type
scores
url https://bugzilla.redhat.com/CVE-2013-6408
fixed_packages
0
url pkg:maven/org.apache.solr/solr-core@4.6.0
purl pkg:maven/org.apache.solr/solr-core@4.6.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.solr/solr-core@4.6.0
1
url pkg:maven/org.apache.solr/solr-core@5.0.0
purl pkg:maven/org.apache.solr/solr-core@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g95c-rfw6-kqgs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.solr/solr-core@5.0.0
aliases CVE-2013-6408
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dvqy-cfd4-ybgn
2
url VCID-z6tk-uqhb-wuav
vulnerability_id VCID-z6tk-uqhb-wuav
summary 
XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler
This package allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
references
0
reference_url https://issues.apache.org/jira/browse/SOLR-5520
reference_id
reference_type
scores
url https://issues.apache.org/jira/browse/SOLR-5520
1
reference_url https://bugzilla.redhat.com/CVE-2013-6407
reference_id CVE-2013-6407
reference_type
scores
url https://bugzilla.redhat.com/CVE-2013-6407
fixed_packages
0
url pkg:maven/org.apache.solr/solr-core@4.6.0
purl pkg:maven/org.apache.solr/solr-core@4.6.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.solr/solr-core@4.6.0
1
url pkg:maven/org.apache.solr/solr-core@5.0.0
purl pkg:maven/org.apache.solr/solr-core@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g95c-rfw6-kqgs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.solr/solr-core@5.0.0
aliases CVE-2013-6407
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z6tk-uqhb-wuav
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.solr/solr-core@4.6.0