Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.0
Typemaven
Namespaceorg.apache.cxf.fediz
Nameapache-fediz
Version1.4.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.4.1
Latest_non_vulnerable_version1.4.4
Affected_by_vulnerabilities
0
url VCID-65a6-3ngq-kke9
vulnerability_id VCID-65a6-3ngq-kke9
summary 
Cross-Site Request Forgery (CSRF)
Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications that were found vulnerable to Cross-Site Request Forgery.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7661
reference_id CVE-2017-7661
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-7661
1
reference_url http://cxf.apache.org/security-advisories.data/CVE-2017-7661.txt.asc
reference_id CVE-2017-7661.TXT.ASC
reference_type
scores
url http://cxf.apache.org/security-advisories.data/CVE-2017-7661.txt.asc
2
reference_url https://github.com/advisories/GHSA-whw7-h25v-9qvx
reference_id GHSA-whw7-h25v-9qvx
reference_type
scores
url https://github.com/advisories/GHSA-whw7-h25v-9qvx
fixed_packages
0
url pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.1
purl pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.1
aliases CVE-2017-7661, GHSA-whw7-h25v-9qvx
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-65a6-3ngq-kke9
1
url VCID-kyy8-szgp-bkfh
vulnerability_id VCID-kyy8-szgp-bkfh
summary 
Cross-Site Request Forgery (CSRF)
A malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active.
references
0
reference_url https://github.com/apache/cxf-fediz/commit/c68e4820816c19241568f4a8fe8600bffb0243cd
reference_id
reference_type
scores
url https://github.com/apache/cxf-fediz/commit/c68e4820816c19241568f4a8fe8600bffb0243cd
1
reference_url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
2
reference_url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
3
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
7
reference_url http://www.securitytracker.com/id/1038498
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1038498
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7662
reference_id CVE-2017-7662
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-7662
9
reference_url http://cxf.apache.org/security-advisories.data/CVE-2017-7662.txt.asc
reference_id CVE-2017-7662.TXT.ASC
reference_type
scores
url http://cxf.apache.org/security-advisories.data/CVE-2017-7662.txt.asc
10
reference_url https://github.com/advisories/GHSA-f5ch-36rg-vfcc
reference_id GHSA-f5ch-36rg-vfcc
reference_type
scores
url https://github.com/advisories/GHSA-f5ch-36rg-vfcc
fixed_packages
0
url pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.1
purl pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.1
aliases CVE-2017-7662, GHSA-f5ch-36rg-vfcc
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kyy8-szgp-bkfh
2
url VCID-zw44-zqrm-jycc
vulnerability_id VCID-zw44-zqrm-jycc
summary 
Cross-Site Request Forgery (CSRF)
Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, Spring 3 and Spring 4 plugins. The vulnerability can result in a security context that is set up using a malicious client's roles for the given enduser.
references
0
reference_url http://www.securityfocus.com/bid/102127
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/102127
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12631
reference_id CVE-2017-12631
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-12631
2
reference_url https://github.com/advisories/GHSA-fv7x-4hpc-hf9f
reference_id GHSA-fv7x-4hpc-hf9f
reference_type
scores
url https://github.com/advisories/GHSA-fv7x-4hpc-hf9f
fixed_packages
0
url pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.3
purl pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.3
aliases CVE-2017-12631, GHSA-fv7x-4hpc-hf9f
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zw44-zqrm-jycc
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.0