Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.cxf.fediz/apache-fediz@1.3.0

Type maven

Namespace org.apache.cxf.fediz

Name apache-fediz

Version 1.3.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.4.4

Latest_non_vulnerable_version 1.4.4

Affected_by_vulnerabilities

url VCID-3579-h8fu-j7e5

vulnerability_id VCID-3579-h8fu-j7e5

summary

Improper Input Validation
Versions of Apache CXF Fediz do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-8038

reference_id

reference_type

scores

value	0.50435
scoring_system	epss
scoring_elements	0.97896
published_at	2026-06-05T12:55:00Z

value	0.50435
scoring_system	epss
scoring_elements	0.97892
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-8038

reference_url

https://github.com/apache/cxf-fediz/commit/b6ed9865d0614332fa419fe4b6d0fe81bc2e660d

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/cxf-fediz/commit/b6ed9865d0614332fa419fe4b6d0fe81bc2e660d

reference_url

https://lists.apache.org/thread.html/f0a6a05ec3b3a00458da43712b0ff3a2f573175d9bfb39fb0de21424@%3Cdev.cxf.apache.org%3E

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/f0a6a05ec3b3a00458da43712b0ff3a2f573175d9bfb39fb0de21424@%3Cdev.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E

reference_url

http://www.securitytracker.com/id/1041220

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securitytracker.com/id/1041220

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-8038

reference_id

CVE-2018-8038

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-8038

reference_url

http://cxf.apache.org/security-advisories.data/CVE-2018-8038.txt.asc

reference_id

CVE-2018-8038.TXT.ASC

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://cxf.apache.org/security-advisories.data/CVE-2018-8038.txt.asc

reference_url

https://github.com/advisories/GHSA-w3gh-g32m-cvhr

reference_id

GHSA-w3gh-g32m-cvhr

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-w3gh-g32m-cvhr

fixed_packages

url	pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.4
purl	pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.4

aliases CVE-2018-8038, GHSA-w3gh-g32m-cvhr

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3579-h8fu-j7e5

url VCID-kyy8-szgp-bkfh

vulnerability_id VCID-kyy8-szgp-bkfh

summary

Cross-Site Request Forgery (CSRF)
A malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7662

reference_id

reference_type

scores

value	0.00987
scoring_system	epss
scoring_elements	0.7722
published_at	2026-06-05T12:55:00Z

value	0.00987
scoring_system	epss
scoring_elements	0.77188
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7662

reference_url

https://github.com/apache/cxf-fediz/commit/c68e4820816c19241568f4a8fe8600bffb0243cd

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/cxf-fediz/commit/c68e4820816c19241568f4a8fe8600bffb0243cd

reference_url

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E

reference_url

http://www.securitytracker.com/id/1038498

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securitytracker.com/id/1038498

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-7662

reference_id

CVE-2017-7662

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-7662

reference_url

http://cxf.apache.org/security-advisories.data/CVE-2017-7662.txt.asc

reference_id

CVE-2017-7662.TXT.ASC

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://cxf.apache.org/security-advisories.data/CVE-2017-7662.txt.asc

reference_url

https://github.com/advisories/GHSA-f5ch-36rg-vfcc

reference_id

GHSA-f5ch-36rg-vfcc

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-f5ch-36rg-vfcc

fixed_packages

url pkg:maven/org.apache.cxf.fediz/apache-fediz@1.3.3

purl pkg:maven/org.apache.cxf.fediz/apache-fediz@1.3.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3579-h8fu-j7e5

vulnerability	VCID-65a6-3ngq-kke9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf.fediz/apache-fediz@1.3.3

url pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.1

purl pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3579-h8fu-j7e5

vulnerability	VCID-zw44-zqrm-jycc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.1

aliases CVE-2017-7662, GHSA-f5ch-36rg-vfcc

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kyy8-szgp-bkfh

url VCID-zw44-zqrm-jycc

vulnerability_id VCID-zw44-zqrm-jycc

summary

Cross-Site Request Forgery (CSRF)
Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, Spring 3 and Spring 4 plugins. The vulnerability can result in a security context that is set up using a malicious client's roles for the given enduser.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-12631

reference_id

reference_type

scores

value	0.01374
scoring_system	epss
scoring_elements	0.80602
published_at	2026-06-05T12:55:00Z

value	0.01374
scoring_system	epss
scoring_elements	0.80575
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-12631

reference_url

https://github.com/apache/cxf-fediz

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/cxf-fediz

reference_url	https://github.com/apache/cxf-fediz/commit/48dd9b68d67c6b729376c1ce8886f52a57df6c4
reference_id
reference_type
scores
url	https://github.com/apache/cxf-fediz/commit/48dd9b68d67c6b729376c1ce8886f52a57df6c4

reference_url

https://github.com/apache/cxf-fediz/commit/48dd9b68d67c6b729376c1ce8886f52a57df6c45

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/cxf-fediz/commit/48dd9b68d67c6b729376c1ce8886f52a57df6c45

reference_url	https://github.com/apache/cxf-fediz/commit/ccdb12b26ff89e0a998a333e84dd84bd713ac76
reference_id
reference_type
scores
url	https://github.com/apache/cxf-fediz/commit/ccdb12b26ff89e0a998a333e84dd84bd713ac76

reference_url

https://github.com/apache/cxf-fediz/commit/ccdb12b26ff89e0a998a333e84dd84bd713ac76c

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/cxf-fediz/commit/ccdb12b26ff89e0a998a333e84dd84bd713ac76c

reference_url	https://github.com/apache/cxf-fediz/commit/e7127129dbc0f4ee83985052085e185e750cebbf
reference_id
reference_type
scores
url	https://github.com/apache/cxf-fediz/commit/e7127129dbc0f4ee83985052085e185e750cebbf

reference_url

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E

reference_url

https://web.archive.org/web/20180122175008/http://cxf.547215.n5.nabble.com/Apache-CXF-Fediz-1-4-3-and-1-3-3-released-with-a-new-security-advisory-CVE-2017-12631-td5785868.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20180122175008/http://cxf.547215.n5.nabble.com/Apache-CXF-Fediz-1-4-3-and-1-3-3-released-with-a-new-security-advisory-CVE-2017-12631-td5785868.html

reference_url

https://web.archive.org/web/20201208184733/http://www.securitytracker.com/id/1040487

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201208184733/http://www.securitytracker.com/id/1040487

reference_url

http://www.securityfocus.com/bid/102127

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/102127

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-12631

reference_id

CVE-2017-12631

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-12631

reference_url

https://github.com/advisories/GHSA-fv7x-4hpc-hf9f

reference_id

GHSA-fv7x-4hpc-hf9f

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-fv7x-4hpc-hf9f

fixed_packages

url pkg:maven/org.apache.cxf.fediz/apache-fediz@1.3.3

purl pkg:maven/org.apache.cxf.fediz/apache-fediz@1.3.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3579-h8fu-j7e5

vulnerability	VCID-65a6-3ngq-kke9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf.fediz/apache-fediz@1.3.3

url pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.3

purl pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3579-h8fu-j7e5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.3

aliases CVE-2017-12631, GHSA-fv7x-4hpc-hf9f

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zw44-zqrm-jycc

Fixing_vulnerabilities

url VCID-65a6-3ngq-kke9

vulnerability_id VCID-65a6-3ngq-kke9

summary

Cross-Site Request Forgery (CSRF)
Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications that were found vulnerable to Cross-Site Request Forgery.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7661

reference_id

reference_type

scores

value	0.00925
scoring_system	epss
scoring_elements	0.76439
published_at	2026-06-05T12:55:00Z

value	0.00925
scoring_system	epss
scoring_elements	0.76411
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7661

reference_url	https://github.com/apache/cxf-fediz/commit/acdbe8c213576792dd95d87315bcc181ea61b57f
reference_id
reference_type
scores
url	https://github.com/apache/cxf-fediz/commit/acdbe8c213576792dd95d87315bcc181ea61b57f

reference_url

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E

reference_url

http://www.securitytracker.com/id/1038497

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securitytracker.com/id/1038497

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-7661

reference_id

CVE-2017-7661

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-7661

reference_url

http://cxf.apache.org/security-advisories.data/CVE-2017-7661.txt.asc

reference_id

CVE-2017-7661.TXT.ASC

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://cxf.apache.org/security-advisories.data/CVE-2017-7661.txt.asc

reference_url

https://github.com/advisories/GHSA-whw7-h25v-9qvx

reference_id

GHSA-whw7-h25v-9qvx

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-whw7-h25v-9qvx

fixed_packages

url pkg:maven/org.apache.cxf.fediz/apache-fediz@1.3.0

purl pkg:maven/org.apache.cxf.fediz/apache-fediz@1.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3579-h8fu-j7e5

vulnerability	VCID-kyy8-szgp-bkfh

vulnerability	VCID-zw44-zqrm-jycc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf.fediz/apache-fediz@1.3.0

url pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.1

purl pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3579-h8fu-j7e5

vulnerability	VCID-zw44-zqrm-jycc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.1

aliases CVE-2017-7661, GHSA-whw7-h25v-9qvx

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-65a6-3ngq-kke9

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf.fediz/apache-fediz@1.3.0

Package Instance