Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/569639?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/569639?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.40", "type": "maven", "namespace": "org.eclipse.jetty", "name": "jetty-server", "version": "9.4.40", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "9.4.57.v20241219", "latest_non_vulnerable_version": "12.1.6", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44608?format=api", "vulnerability_id": "VCID-q35p-8qhp-aqec", "summary": "SessionListener can prevent a session from being invalidated breaking logout\n### Impact\nIf an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in.\n\nThere is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out.\n\n### Workarounds\nThe application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34428.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34428.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-34428", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.5057", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71344", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71298", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71314", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.7133", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71308", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71294", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71252", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.7135", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.71278", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00669", "scoring_system": "epss", "scoring_elements": "0.7126", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-34428" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10241", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10241" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10247", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10247" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27216", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27216" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27223", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27223" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28165", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28165" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34428", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34428" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/eclipse/jetty.project", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/eclipse/jetty.project" }, { "reference_url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-m6cp-vxjx-65j6", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-m6cp-vxjx-65j6" }, { "reference_url": "https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec@%3Cissues.zookeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec@%3Cissues.zookeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd5eb084@%3Cnotifications.zookeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd5eb084@%3Cnotifications.zookeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29eaf5e6fd@%3Cnotifications.zookeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29eaf5e6fd@%3Cnotifications.zookeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450@%3Cissues.zookeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450@%3Cissues.zookeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ref1c161a1621504e673f9197b49e6efe5a33ce3f0e6d8f1f804fc695@%3Cjira.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ref1c161a1621504e673f9197b49e6efe5a33ce3f0e6d8f1f804fc695@%3Cjira.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a@%3Cissues.zookeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a@%3Cissues.zookeeper.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34428", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34428" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210813-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210813-0003" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210813-0003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210813-0003/" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4949", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4949" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1974891", "reference_id": "1974891", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1974891" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990578", "reference_id": "990578", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990578" }, { "reference_url": "https://github.com/advisories/GHSA-m6cp-vxjx-65j6", "reference_id": "GHSA-m6cp-vxjx-65j6", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m6cp-vxjx-65j6" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3225", "reference_id": "RHSA-2021:3225", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3225" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3700", "reference_id": "RHSA-2021:3700", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3700" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3758", "reference_id": "RHSA-2021:3758", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3758" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4767", "reference_id": "RHSA-2021:4767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4767" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5134", "reference_id": "RHSA-2021:5134", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5134" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/253570?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.40.v20210413", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9xw3-4a4u-hbbb" }, { "vulnerability": "VCID-kx4x-gnk4-yugu" }, { "vulnerability": "VCID-q3k2-1x5q-buhy" }, { "vulnerability": "VCID-y3mv-vmwd-tydt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.40.v20210413" }, { "url": "http://public2.vulnerablecode.io/api/packages/76401?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.41", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.41" }, { "url": "http://public2.vulnerablecode.io/api/packages/76405?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@10.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9xw3-4a4u-hbbb" }, { "vulnerability": "VCID-h3wz-rdkt-7ue6" }, { "vulnerability": "VCID-q3k2-1x5q-buhy" }, { "vulnerability": "VCID-y3mv-vmwd-tydt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@10.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/76406?format=api", "purl": "pkg:maven/org.eclipse.jetty/jetty-server@11.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9xw3-4a4u-hbbb" }, { "vulnerability": "VCID-h3wz-rdkt-7ue6" }, { "vulnerability": "VCID-q3k2-1x5q-buhy" }, { "vulnerability": "VCID-y3mv-vmwd-tydt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@11.0.3" } ], "aliases": [ "CVE-2021-34428", "GHSA-m6cp-vxjx-65j6" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q35p-8qhp-aqec" } ], "fixing_vulnerabilities": [], "risk_score": "1.6", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.40" }