Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.qpid/proton-j@0.12.1
Typemaven
Namespaceorg.apache.qpid
Nameproton-j
Version0.12.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.30.0
Latest_non_vulnerable_version0.30.0
Affected_by_vulnerabilities
0
url VCID-p8k1-664d-yfg4
vulnerability_id VCID-p8k1-664d-yfg4
summary 
Improper Certificate Validation
The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the `transport.ssl(...)` methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with options to configure this explicitly or select a certificate verification mode with or without hostname verification being performed.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17187.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17187.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-17187
reference_id
reference_type
scores
0
value 0.00245
scoring_system epss
scoring_elements 0.4808
published_at 2026-06-05T12:55:00Z
1
value 0.00245
scoring_system epss
scoring_elements 0.48017
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-17187
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17187
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17187
3
reference_url https://github.com/advisories/GHSA-xvch-r4wf-h8w9
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-xvch-r4wf-h8w9
4
reference_url https://github.com/apache/qpid-proton-j/commit/0cb8ca03cec42120dcfc434561592d89a89a805e
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/qpid-proton-j/commit/0cb8ca03cec42120dcfc434561592d89a89a805e
5
reference_url https://issues.apache.org/jira/browse/PROTON-1962
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/PROTON-1962
6
reference_url https://mail-archives.apache.org/mod_mbox/qpid-users/201811.mbox/%3CCAFitrpQSV73Vz7rJYfLJK7gvEymZSCR5ooWUeU8j4jzRydk-eg%40mail.gmail.com%3E
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://mail-archives.apache.org/mod_mbox/qpid-users/201811.mbox/%3CCAFitrpQSV73Vz7rJYfLJK7gvEymZSCR5ooWUeU8j4jzRydk-eg%40mail.gmail.com%3E
7
reference_url http://www.securityfocus.com/bid/105935
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/105935
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1651837
reference_id 1651837
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1651837
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-17187
reference_id CVE-2018-17187
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-17187
10
reference_url https://qpid.apache.org/cves/CVE-2018-17187.html
reference_id CVE-2018-17187.HTML
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://qpid.apache.org/cves/CVE-2018-17187.html
fixed_packages
0
url pkg:maven/org.apache.qpid/proton-j@0.30.0
purl pkg:maven/org.apache.qpid/proton-j@0.30.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.qpid/proton-j@0.30.0
aliases CVE-2018-17187, GHSA-xvch-r4wf-h8w9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p8k1-664d-yfg4
1
url VCID-xdgc-mntb-zkgu
vulnerability_id VCID-xdgc-mntb-zkgu
summary While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0223.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0223.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-0223
reference_id
reference_type
scores
0
value 0.00399
scoring_system epss
scoring_elements 0.61039
published_at 2026-06-05T12:55:00Z
1
value 0.00399
scoring_system epss
scoring_elements 0.6099
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-0223
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0223
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0223
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://issues.apache.org/jira/browse/PROTON-2014?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/PROTON-2014?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel
5
reference_url https://lists.apache.org/thread.html/008ee5e78e5a090e1fcc5f6617f425e4e51d59f03d3eda2dd006df9f@%3Cusers.qpid.apache.org%3E
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/008ee5e78e5a090e1fcc5f6617f425e4e51d59f03d3eda2dd006df9f@%3Cusers.qpid.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/3adb2f020f705b4fd453982992a68cd10f9d5ac728b699efdb73c1f5@%3Cdev.qpid.apache.org%3E
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/3adb2f020f705b4fd453982992a68cd10f9d5ac728b699efdb73c1f5@%3Cdev.qpid.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/49c83f0acce5ceaeffca51714ec2ba0f0199bcb8f99167181bba441b@%3Cdev.qpid.apache.org%3E
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/49c83f0acce5ceaeffca51714ec2ba0f0199bcb8f99167181bba441b@%3Cdev.qpid.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d@%3Ccommits.qpid.apache.org%3E
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d@%3Ccommits.qpid.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/d9c9a882a292e2defaed1f954528c916fb64497ce57db652727e39b0@%3Cannounce.apache.org%3E
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/d9c9a882a292e2defaed1f954528c916fb64497ce57db652727e39b0@%3Cannounce.apache.org%3E
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-0223
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-0223
11
reference_url http://www.openwall.com/lists/oss-security/2019/04/23/4
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/04/23/4
12
reference_url http://www.securityfocus.com/bid/108044
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/108044
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1702439
reference_id 1702439
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1702439
14
reference_url https://github.com/advisories/GHSA-5h6x-m52p-23ph
reference_id GHSA-5h6x-m52p-23ph
reference_type
scores
url https://github.com/advisories/GHSA-5h6x-m52p-23ph
15
reference_url https://access.redhat.com/errata/RHSA-2019:0886
reference_id RHSA-2019:0886
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:0886
16
reference_url https://access.redhat.com/errata/RHSA-2019:1398
reference_id RHSA-2019:1398
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1398
17
reference_url https://access.redhat.com/errata/RHSA-2019:1399
reference_id RHSA-2019:1399
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1399
18
reference_url https://access.redhat.com/errata/RHSA-2019:1400
reference_id RHSA-2019:1400
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1400
19
reference_url https://access.redhat.com/errata/RHSA-2019:2777
reference_id RHSA-2019:2777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2777
20
reference_url https://access.redhat.com/errata/RHSA-2019:2778
reference_id RHSA-2019:2778
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2778
21
reference_url https://access.redhat.com/errata/RHSA-2019:2779
reference_id RHSA-2019:2779
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2779
22
reference_url https://access.redhat.com/errata/RHSA-2019:2780
reference_id RHSA-2019:2780
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2780
23
reference_url https://access.redhat.com/errata/RHSA-2019:2781
reference_id RHSA-2019:2781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2781
24
reference_url https://access.redhat.com/errata/RHSA-2019:2782
reference_id RHSA-2019:2782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2782
fixed_packages
0
url pkg:maven/org.apache.qpid/proton-j@0.27.1
purl pkg:maven/org.apache.qpid/proton-j@0.27.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p8k1-664d-yfg4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.qpid/proton-j@0.27.1
aliases CVE-2019-0223, GHSA-5h6x-m52p-23ph
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xdgc-mntb-zkgu
Fixing_vulnerabilities
0
url VCID-2a6m-asyd-8uax
vulnerability_id VCID-2a6m-asyd-8uax
summary 
Exposure of Sensitive Information to an Unauthorized Actor
The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182414.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182414.html
1
reference_url http://packetstormsecurity.com/files/136403/Apache-Qpid-Proton-0.12.0-SSL-Failure.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/136403/Apache-Qpid-Proton-0.12.0-SSL-Failure.html
2
reference_url http://qpid.apache.org/releases/qpid-proton-0.12.1/release-notes.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://qpid.apache.org/releases/qpid-proton-0.12.1/release-notes.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2166.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2166.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-2166
reference_id
reference_type
scores
0
value 0.00271
scoring_system epss
scoring_elements 0.50825
published_at 2026-06-05T12:55:00Z
1
value 0.00271
scoring_system epss
scoring_elements 0.50765
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-2166
5
reference_url https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git;h=a058585
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git;h=a058585
6
reference_url https://issues.apache.org/jira/browse/PROTON-1157
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/PROTON-1157
7
reference_url https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d@%3Ccommits.qpid.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d@%3Ccommits.qpid.apache.org%3E
8
reference_url http://www.securityfocus.com/archive/1/537864/100/0/threaded
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/archive/1/537864/100/0/threaded
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1320842
reference_id 1320842
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1320842
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-2166
reference_id CVE-2016-2166
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-2166
11
reference_url https://github.com/advisories/GHSA-f5cf-f7px-xpmh
reference_id GHSA-f5cf-f7px-xpmh
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-f5cf-f7px-xpmh
fixed_packages
0
url pkg:maven/org.apache.qpid/proton-j@0.12.1
purl pkg:maven/org.apache.qpid/proton-j@0.12.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p8k1-664d-yfg4
1
vulnerability VCID-xdgc-mntb-zkgu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.qpid/proton-j@0.12.1
aliases CVE-2016-2166, GHSA-f5cf-f7px-xpmh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2a6m-asyd-8uax
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.qpid/proton-j@0.12.1