Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.springframework/spring-oxm@5.2.0

Type maven

Namespace org.springframework

Name spring-oxm

Version 5.2.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 5.2.8.RELEASE

Latest_non_vulnerable_version 5.2.9.RELEASE

Affected_by_vulnerabilities

url VCID-vac6-v6g7-a7e3

vulnerability_id VCID-vac6-v6g7-a7e3

summary

CSRF attack via CORS preflight requests with Spring MVC or Spring WebFlux
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5397.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5397.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-5397

reference_id

reference_type

scores

value	0.00855
scoring_system	epss
scoring_elements	0.74978
published_at	2026-04-21T12:55:00Z

value	0.00855
scoring_system	epss
scoring_elements	0.74987
published_at	2026-04-18T12:55:00Z

value	0.00855
scoring_system	epss
scoring_elements	0.7498
published_at	2026-04-16T12:55:00Z

value	0.00855
scoring_system	epss
scoring_elements	0.74943
published_at	2026-04-13T12:55:00Z

value	0.00855
scoring_system	epss
scoring_elements	0.74953
published_at	2026-04-12T12:55:00Z

value	0.00855
scoring_system	epss
scoring_elements	0.74974
published_at	2026-04-11T12:55:00Z

value	0.00855
scoring_system	epss
scoring_elements	0.74939
published_at	2026-04-08T12:55:00Z

value	0.00855
scoring_system	epss
scoring_elements	0.74906
published_at	2026-04-07T12:55:00Z

value	0.00855
scoring_system	epss
scoring_elements	0.74932
published_at	2026-04-04T12:55:00Z

value	0.00855
scoring_system	epss
scoring_elements	0.74952
published_at	2026-04-09T12:55:00Z

value	0.00855
scoring_system	epss
scoring_elements	0.74904
published_at	2026-04-02T12:55:00Z

value	0.00855
scoring_system	epss
scoring_elements	0.74901
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-5397

reference_url

https://github.com/spring-projects/spring-framework

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework

reference_url

https://github.com/spring-projects/spring-framework/commit/bc7d01048579430b4b2df668178809b63d3f1929

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/bc7d01048579430b4b2df668178809b63d3f1929

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-5397

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-5397

reference_url

https://pivotal.io/security/cve-2020-5397

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://pivotal.io/security/cve-2020-5397

reference_url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1800617
reference_id	1800617
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1800617

reference_url

https://github.com/advisories/GHSA-7pm4-g2qj-j85x

reference_id

GHSA-7pm4-g2qj-j85x

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7pm4-g2qj-j85x

fixed_packages

url pkg:maven/org.springframework/spring-oxm@5.2.3.RELEASE

purl pkg:maven/org.springframework/spring-oxm@5.2.3.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y3uz-etva-sufh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-oxm@5.2.3.RELEASE

aliases CVE-2020-5397, GHSA-7pm4-g2qj-j85x

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vac6-v6g7-a7e3

url VCID-y3uz-etva-sufh

vulnerability_id VCID-y3uz-etva-sufh

summary

Improper Input Validation in Spring Framework
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5421.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5421.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-5421

reference_id

reference_type

scores

value	0.63828
scoring_system	epss
scoring_elements	0.98431
published_at	2026-04-21T12:55:00Z

value	0.63828
scoring_system	epss
scoring_elements	0.98432
published_at	2026-04-16T12:55:00Z

value	0.63828
scoring_system	epss
scoring_elements	0.98427
published_at	2026-04-13T12:55:00Z

value	0.63828
scoring_system	epss
scoring_elements	0.98424
published_at	2026-04-09T12:55:00Z

value	0.63828
scoring_system	epss
scoring_elements	0.98423
published_at	2026-04-08T12:55:00Z

value	0.63828
scoring_system	epss
scoring_elements	0.9842
published_at	2026-04-07T12:55:00Z

value	0.63828
scoring_system	epss
scoring_elements	0.98417
published_at	2026-04-04T12:55:00Z

value	0.63828
scoring_system	epss
scoring_elements	0.98414
published_at	2026-04-02T12:55:00Z

value	0.63828
scoring_system	epss
scoring_elements	0.98412
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-5421

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5421
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5421

reference_url

https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163@%3Ccommits.ambari.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163@%3Ccommits.ambari.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a@%3Cissues.ambari.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a@%3Cissues.ambari.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r3589ed0d18edeb79028615080d5a0e8878856436bb91774a3196d9eb@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r3589ed0d18edeb79028615080d5a0e8878856436bb91774a3196d9eb@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r503e64b43a57fd68229cac4a869d1a9a2eac9e75f8719cad3a840211@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r503e64b43a57fd68229cac4a869d1a9a2eac9e75f8719cad3a840211@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5@%3Cissues.ambari.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5@%3Cissues.ambari.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r7e6a213eea7f04fc6d9e3bd6eb8d68c4df92a22e956e95cb2c482865@%3Cissues.hive.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r7e6a213eea7f04fc6d9e3bd6eb8d68c4df92a22e956e95cb2c482865@%3Cissues.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a@%3Cdev.ambari.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a@%3Cdev.ambari.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r918caad55dcc640a16753b00d8d6acb90b4e36de4b6156d0867246ec@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r918caad55dcc640a16753b00d8d6acb90b4e36de4b6156d0867246ec@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1@%3Cdev.ambari.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1@%3Cdev.ambari.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra889d95141059c6cbe77dd80249bb488ae53b274b5f3abad09d9511d@%3Cuser.ignite.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra889d95141059c6cbe77dd80249bb488ae53b274b5f3abad09d9511d@%3Cuser.ignite.apache.org%3E

reference_url

https://lists.apache.org/thread.html/raf7ca57033e537e4f9d7df7f192fa6968c1e49409b2348e08d807ccb@%3Cuser.ignite.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/raf7ca57033e537e4f9d7df7f192fa6968c1e49409b2348e08d807ccb@%3Cuser.ignite.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb18ed999153ef0f0cb7af03efe0046c42c7242fd77fbd884a75ecfdc@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb18ed999153ef0f0cb7af03efe0046c42c7242fd77fbd884a75ecfdc@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rc9efaf6db98bee19db1bc911d0fa442287dac5cb229d4aaa08b6a13d@%3Cissues.hive.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rc9efaf6db98bee19db1bc911d0fa442287dac5cb229d4aaa08b6a13d@%3Cissues.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd462a8b0dfab4c15e67c0672cd3c211ecd0e4f018f824082ed54f665@%3Cissues.hive.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd462a8b0dfab4c15e67c0672cd3c211ecd0e4f018f824082ed54f665@%3Cissues.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/re014a49d77f038ba70e5e9934d400af6653e8c9ac110d32b1254127e@%3Cdev.ranger.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/re014a49d77f038ba70e5e9934d400af6653e8c9ac110d32b1254127e@%3Cdev.ranger.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf00d8f4101a1c1ea4de6ea1e09ddf7472cfd306745c90d6da87ae074@%3Cdev.hive.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf00d8f4101a1c1ea4de6ea1e09ddf7472cfd306745c90d6da87ae074@%3Cdev.hive.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-5421

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-5421

reference_url

https://security.netapp.com/advisory/ntap-20210513-0009

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210513-0009

reference_url	https://security.netapp.com/advisory/ntap-20210513-0009/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210513-0009/

reference_url

https://tanzu.vmware.com/security/cve-2020-5421

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://tanzu.vmware.com/security/cve-2020-5421

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1881158
reference_id	1881158
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1881158

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973381
reference_id	973381
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973381

reference_url

https://github.com/advisories/GHSA-rv39-3qh7-9v7w

reference_id

GHSA-rv39-3qh7-9v7w

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rv39-3qh7-9v7w

fixed_packages

url	pkg:maven/org.springframework/spring-oxm@5.2.8.RELEASE
purl	pkg:maven/org.springframework/spring-oxm@5.2.8.RELEASE
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-oxm@5.2.8.RELEASE

url	pkg:maven/org.springframework/spring-oxm@5.2.9.RELEASE
purl	pkg:maven/org.springframework/spring-oxm@5.2.9.RELEASE
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-oxm@5.2.9.RELEASE

aliases CVE-2020-5421, GHSA-rv39-3qh7-9v7w

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y3uz-etva-sufh

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-oxm@5.2.0

Package Instance