Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.cxf.fediz/apache-fediz@1.3.2

Type maven

Namespace org.apache.cxf.fediz

Name apache-fediz

Version 1.3.2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.3.3

Latest_non_vulnerable_version 1.4.4

Affected_by_vulnerabilities

url VCID-65a6-3ngq-kke9

vulnerability_id VCID-65a6-3ngq-kke9

summary

Cross-Site Request Forgery (CSRF)
Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications that were found vulnerable to Cross-Site Request Forgery.

references

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-7661
reference_id	CVE-2017-7661
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-7661

reference_url	http://cxf.apache.org/security-advisories.data/CVE-2017-7661.txt.asc
reference_id	CVE-2017-7661.TXT.ASC
reference_type
scores
url	http://cxf.apache.org/security-advisories.data/CVE-2017-7661.txt.asc

reference_url	https://github.com/advisories/GHSA-whw7-h25v-9qvx
reference_id	GHSA-whw7-h25v-9qvx
reference_type
scores
url	https://github.com/advisories/GHSA-whw7-h25v-9qvx

fixed_packages

url	pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.1
purl	pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.1

aliases CVE-2017-7661, GHSA-whw7-h25v-9qvx

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-65a6-3ngq-kke9

url VCID-kyy8-szgp-bkfh

vulnerability_id VCID-kyy8-szgp-bkfh

summary

Cross-Site Request Forgery (CSRF)
A malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active.

references

reference_url	https://github.com/apache/cxf-fediz/commit/c68e4820816c19241568f4a8fe8600bffb0243cd
reference_id
reference_type
scores
url	https://github.com/apache/cxf-fediz/commit/c68e4820816c19241568f4a8fe8600bffb0243cd

reference_url	https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E

reference_url	http://www.securitytracker.com/id/1038498
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1038498

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-7662
reference_id	CVE-2017-7662
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-7662

reference_url	http://cxf.apache.org/security-advisories.data/CVE-2017-7662.txt.asc
reference_id	CVE-2017-7662.TXT.ASC
reference_type
scores
url	http://cxf.apache.org/security-advisories.data/CVE-2017-7662.txt.asc

reference_url	https://github.com/advisories/GHSA-f5ch-36rg-vfcc
reference_id	GHSA-f5ch-36rg-vfcc
reference_type
scores
url	https://github.com/advisories/GHSA-f5ch-36rg-vfcc

fixed_packages

url	pkg:maven/org.apache.cxf.fediz/apache-fediz@1.3.3
purl	pkg:maven/org.apache.cxf.fediz/apache-fediz@1.3.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf.fediz/apache-fediz@1.3.3

url	pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.1
purl	pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.1

aliases CVE-2017-7662, GHSA-f5ch-36rg-vfcc

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kyy8-szgp-bkfh

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf.fediz/apache-fediz@1.3.2

Package Instance