Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.eclipse.hawkbit/hawkbit-boot-starter-mgmt-api@0.3.0M1
Typemaven
Namespaceorg.eclipse.hawkbit
Namehawkbit-boot-starter-mgmt-api
Version0.3.0M1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.3.0M2
Latest_non_vulnerable_version0.3.0M2
Affected_by_vulnerabilities
0
url VCID-ksap-gbj6-7qb5
vulnerability_id VCID-ksap-gbj6-7qb5
summary 
Man in the Middle
Eclipse hawkBit resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10240
reference_id
reference_type
scores
0
value 0.00082
scoring_system epss
scoring_elements 0.23996
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10240
1
reference_url https://bugs.eclipse.org/bugs/show_bug.cgi?id=546053
reference_id
reference_type
scores
url https://bugs.eclipse.org/bugs/show_bug.cgi?id=546053
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10240
reference_id CVE-2019-10240
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10240
3
reference_url https://github.com/advisories/GHSA-jwqm-c9f2-2cq3
reference_id GHSA-jwqm-c9f2-2cq3
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-jwqm-c9f2-2cq3
fixed_packages
0
url pkg:maven/org.eclipse.hawkbit/hawkbit-boot-starter-mgmt-api@0.3.0M2
purl pkg:maven/org.eclipse.hawkbit/hawkbit-boot-starter-mgmt-api@0.3.0M2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.hawkbit/hawkbit-boot-starter-mgmt-api@0.3.0M2
aliases CVE-2019-10240, GHSA-jwqm-c9f2-2cq3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ksap-gbj6-7qb5
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.hawkbit/hawkbit-boot-starter-mgmt-api@0.3.0M1