Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.springframework.security/spring-security-core@4.2.0.RELEASE

Type maven

Namespace org.springframework.security

Name spring-security-core

Version 4.2.0.RELEASE

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.2.3

Latest_non_vulnerable_version 6.5.4

Affected_by_vulnerabilities

url VCID-mqcm-hd3y-cka5

vulnerability_id VCID-mqcm-hd3y-cka5

summary

references

reference_url

https://access.redhat.com/errata/RHSA-2018:2405

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:2405

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1199

reference_id

reference_type

scores

value	0.00846
scoring_system	epss
scoring_elements	0.75134
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1199

reference_url

https://github.com/spring-projects/spring-framework/commit/554662ebab87af97ba25d0c9f5449c7acda8df9c

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/554662ebab87af97ba25d0c9f5449c7acda8df9c

reference_url

https://github.com/spring-projects/spring-framework/commit/73a81f98d40eb6f5faa91aceb868db53fae2a94b

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/73a81f98d40eb6f5faa91aceb868db53fae2a94b

reference_url

https://github.com/spring-projects/spring-framework/commit/e6e6b8f4adcad99d133de97fcfac5ae5dd14153c

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/e6e6b8f4adcad99d133de97fcfac5ae5dd14153c

reference_url

https://github.com/spring-projects/spring-security/commit/0eef5b4b425ab42b9fa0fde1a3f36a37b92558f

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-security/commit/0eef5b4b425ab42b9fa0fde1a3f36a37b92558f

reference_url

https://github.com/spring-projects/spring-security/commit/65da28e4bf62f58fb130ba727cbbd621b44a36d

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-security/commit/65da28e4bf62f58fb130ba727cbbd621b44a36d

reference_url

https://github.com/spring-projects/spring-security/commit/cb8041ba67635edafcc934498ef82707157fd22

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-security/commit/cb8041ba67635edafcc934498ef82707157fd22

reference_url

https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe@%3Cissues.activemq.apache.org%3E

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe@%3Cissues.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c@%3Cissues.activemq.apache.org%3E

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c@%3Cissues.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3Cissues.activemq.apache.org%3E

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3Cissues.activemq.apache.org%3E

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890001
reference_id	890001
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890001

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1199

reference_id

CVE-2018-1199

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1199

reference_url

https://pivotal.io/security/cve-2018-1199

reference_id

CVE-2018-1199

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://pivotal.io/security/cve-2018-1199

reference_url

https://github.com/advisories/GHSA-v596-fwhq-8x48

reference_id

GHSA-v596-fwhq-8x48

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-v596-fwhq-8x48

fixed_packages

url	pkg:maven/org.springframework.security/spring-security-core@4.2.4
purl	pkg:maven/org.springframework.security/spring-security-core@4.2.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.2.4

url pkg:maven/org.springframework.security/spring-security-core@4.2.4.RELEASE

purl pkg:maven/org.springframework.security/spring-security-core@4.2.4.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-p649-29wu-syh9

vulnerability	VCID-rg5c-bu77-bkha

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.2.4.RELEASE

url	pkg:maven/org.springframework.security/spring-security-core@5.0.1
purl	pkg:maven/org.springframework.security/spring-security-core@5.0.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.0.1

url pkg:maven/org.springframework.security/spring-security-core@5.0.1.RELEASE

purl pkg:maven/org.springframework.security/spring-security-core@5.0.1.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rg5c-bu77-bkha

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.0.1.RELEASE

aliases CVE-2018-1199, GHSA-v596-fwhq-8x48

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mqcm-hd3y-cka5

url VCID-p649-29wu-syh9

vulnerability_id VCID-p649-29wu-syh9

summary

PlaintextPasswordEncoder authenticates encoded passwords that are null
Spring Security supports plain text passwords using `PlaintextPasswordEncoder`. a malicious user (or attacker) can authenticate using a password of `null`.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-11272

reference_id

reference_type

scores

value	0.00407
scoring_system	epss
scoring_elements	0.61431
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-11272

reference_url

https://lists.debian.org/debian-lts-announce/2019/07/msg00008.html

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/07/msg00008.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-11272

reference_id

CVE-2019-11272

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-11272

reference_url

https://pivotal.io/security/cve-2019-11272

reference_id

CVE-2019-11272

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pivotal.io/security/cve-2019-11272

reference_url

https://github.com/advisories/GHSA-v33x-prhc-gph5

reference_id

GHSA-v33x-prhc-gph5

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v33x-prhc-gph5

fixed_packages

url	pkg:maven/org.springframework.security/spring-security-core@4.2.13
purl	pkg:maven/org.springframework.security/spring-security-core@4.2.13
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.2.13

url	pkg:maven/org.springframework.security/spring-security-core@4.2.13.RELEASE
purl	pkg:maven/org.springframework.security/spring-security-core@4.2.13.RELEASE
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.2.13.RELEASE

aliases CVE-2019-11272, GHSA-v33x-prhc-gph5

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p649-29wu-syh9

url VCID-rg5c-bu77-bkha

vulnerability_id VCID-rg5c-bu77-bkha

summary

Insufficient Entropy in PRNG
Spring Security contain an insecure randomness vulnerability when using `SecureRandomFactoryBean#setSeed` to configure a `SecureRandom` instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-3795

reference_id

reference_type

scores

value	0.00548
scoring_system	epss
scoring_elements	0.6823
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-3795

reference_url

https://lists.debian.org/debian-lts-announce/2019/05/msg00026.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/05/msg00026.html

reference_url

http://www.securityfocus.com/bid/107802

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/107802

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-3795

reference_id

CVE-2019-3795

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-3795

reference_url

https://pivotal.io/security/cve-2019-3795

reference_id

CVE-2019-3795

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://pivotal.io/security/cve-2019-3795

reference_url

https://github.com/advisories/GHSA-v2r2-7qm7-jj6v

reference_id

GHSA-v2r2-7qm7-jj6v

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-v2r2-7qm7-jj6v

fixed_packages

url	pkg:maven/org.springframework.security/spring-security-core@5.0.12.RELEASE
purl	pkg:maven/org.springframework.security/spring-security-core@5.0.12.RELEASE
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.0.12.RELEASE

url	pkg:maven/org.springframework.security/spring-security-core@5.1.5.RELEASE
purl	pkg:maven/org.springframework.security/spring-security-core@5.1.5.RELEASE
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.1.5.RELEASE

url pkg:maven/org.springframework.security/spring-security-core@4.2.12

purl pkg:maven/org.springframework.security/spring-security-core@4.2.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-p649-29wu-syh9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.2.12

url pkg:maven/org.springframework.security/spring-security-core@4.2.12.RELEASE

purl pkg:maven/org.springframework.security/spring-security-core@4.2.12.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-p649-29wu-syh9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.2.12.RELEASE

url	pkg:maven/org.springframework.security/spring-security-core@4.2.13.RELEASE
purl	pkg:maven/org.springframework.security/spring-security-core@4.2.13.RELEASE
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.2.13.RELEASE

url	pkg:maven/org.springframework.security/spring-security-core@5.0.12
purl	pkg:maven/org.springframework.security/spring-security-core@5.0.12
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.0.12

url	pkg:maven/org.springframework.security/spring-security-core@5.0.13.RELEASE
purl	pkg:maven/org.springframework.security/spring-security-core@5.0.13.RELEASE
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.0.13.RELEASE

url	pkg:maven/org.springframework.security/spring-security-core@5.1.5
purl	pkg:maven/org.springframework.security/spring-security-core@5.1.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.1.5

url	pkg:maven/org.springframework.security/spring-security-core@5.1.6.RELEASE
purl	pkg:maven/org.springframework.security/spring-security-core@5.1.6.RELEASE
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.1.6.RELEASE

aliases CVE-2019-3795, GHSA-v2r2-7qm7-jj6v

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rg5c-bu77-bkha

url VCID-yv65-r27g-qkdv

vulnerability_id VCID-yv65-r27g-qkdv

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-4995

reference_id

reference_type

scores

value	0.00826
scoring_system	epss
scoring_elements	0.74778
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-4995

reference_url

https://github.com/FasterXML/jackson-databind/commit/60d459cedcf079c6106ae7da2ac562bc32dcabe1

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/60d459cedcf079c6106ae7da2ac562bc32dcabe1

reference_url

https://github.com/FasterXML/jackson-databind/commit/6ce32ffd18facac6abdbbf559c817b47fcb622c

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/6ce32ffd18facac6abdbbf559c817b47fcb622c

reference_url

https://github.com/FasterXML/jackson-databind/issues/1599

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/1599

reference_url	https://github.com/spring-projects/spring-security/commit/5dee8534cd1b92952d10cc56335b5d5856f48f3b
reference_id
reference_type
scores
url	https://github.com/spring-projects/spring-security/commit/5dee8534cd1b92952d10cc56335b5d5856f48f3b

reference_url	https://github.com/spring-projects/spring-security/commit/947d11f433b78294942cb5ea56e8aa5c3a0ca43
reference_id
reference_type
scores
url	https://github.com/spring-projects/spring-security/commit/947d11f433b78294942cb5ea56e8aa5c3a0ca43

reference_url

https://github.com/spring-projects/spring-security/issues/4370

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-security/issues/4370

reference_url

https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b@%3Ccommits.cassandra.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b@%3Ccommits.cassandra.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7@%3Ccommits.cassandra.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7@%3Ccommits.cassandra.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c@%3Ccommits.cassandra.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c@%3Ccommits.cassandra.apache.org%3E

reference_url	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-4995
reference_id
reference_type
scores
url	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-4995

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-4995

reference_id

CVE-2017-4995

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-4995

reference_url

https://pivotal.io/security/cve-2017-4995

reference_id

CVE-2017-4995

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pivotal.io/security/cve-2017-4995

reference_url

https://github.com/advisories/GHSA-vhrg-v3cv-p247

reference_id

GHSA-vhrg-v3cv-p247

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vhrg-v3cv-p247

fixed_packages

url pkg:maven/org.springframework.security/spring-security-core@4.2.2.RELEASE

purl pkg:maven/org.springframework.security/spring-security-core@4.2.2.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-mqcm-hd3y-cka5

vulnerability	VCID-p649-29wu-syh9

vulnerability	VCID-rg5c-bu77-bkha

vulnerability	VCID-yv65-r27g-qkdv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.2.2.RELEASE

url	pkg:maven/org.springframework.security/spring-security-core@4.2.3
purl	pkg:maven/org.springframework.security/spring-security-core@4.2.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.2.3

url pkg:maven/org.springframework.security/spring-security-core@4.2.3.RELEASE

purl pkg:maven/org.springframework.security/spring-security-core@4.2.3.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-mqcm-hd3y-cka5

vulnerability	VCID-p649-29wu-syh9

vulnerability	VCID-rg5c-bu77-bkha

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.2.3.RELEASE

url	pkg:maven/org.springframework.security/spring-security-core@5.0.0.M2
purl	pkg:maven/org.springframework.security/spring-security-core@5.0.0.M2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.0.0.M2

aliases CVE-2017-4995, GHSA-vhrg-v3cv-p247

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yv65-r27g-qkdv

url VCID-z6n9-bp24-vkgh

vulnerability_id VCID-z6n9-bp24-vkgh

summary

references

reference_url

https://access.redhat.com/errata/RHSA-2017:1832

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:1832

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9879

reference_id

reference_type

scores

value	0.00322
scoring_system	epss
scoring_elements	0.55525
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9879

reference_url	https://github.com/spring-projects/spring-security/commit/666e356ebc479194ba51e43bb99fc42f849b6175
reference_id
reference_type
scores
url	https://github.com/spring-projects/spring-security/commit/666e356ebc479194ba51e43bb99fc42f849b6175

reference_url

http://www.securityfocus.com/bid/95142

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/95142

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9879

reference_id

CVE-2016-9879

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9879

reference_url

https://pivotal.io/security/cve-2016-9879

reference_id

CVE-2016-9879

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pivotal.io/security/cve-2016-9879

reference_url

https://github.com/advisories/GHSA-v35c-49j6-q8hq

reference_id

GHSA-v35c-49j6-q8hq

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v35c-49j6-q8hq

fixed_packages

url pkg:maven/org.springframework.security/spring-security-core@4.2.1.RELEASE

purl pkg:maven/org.springframework.security/spring-security-core@4.2.1.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-mqcm-hd3y-cka5

vulnerability	VCID-p649-29wu-syh9

vulnerability	VCID-rg5c-bu77-bkha

vulnerability	VCID-yv65-r27g-qkdv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.2.1.RELEASE

aliases CVE-2016-9879, GHSA-v35c-49j6-q8hq

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z6n9-bp24-vkgh

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.2.0.RELEASE

Package Instance