Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.cxf/cxf-core@3.4.9

Type maven

Namespace org.apache.cxf

Name cxf-core

Version 3.4.9

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.5.11

Latest_non_vulnerable_version 4.1.1

Affected_by_vulnerabilities

url VCID-3884-4stp-e7fz

vulnerability_id VCID-3884-4stp-e7fz

summary CXF: directory listing / code exfiltration

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46363.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46363.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-46363

reference_id

reference_type

scores

value	0.00121
scoring_system	epss
scoring_elements	0.30683
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-46363

reference_url

https://github.com/apache/cxf

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/cxf

reference_url

https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T02:50:18Z/

url

https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-46363

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-46363

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2155681
reference_id	2155681
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2155681

reference_url	https://github.com/advisories/GHSA-3w37-5p3p-jv92
reference_id	GHSA-3w37-5p3p-jv92
reference_type
scores
url	https://github.com/advisories/GHSA-3w37-5p3p-jv92

reference_url	https://access.redhat.com/errata/RHSA-2023:0483
reference_id	RHSA-2023:0483
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0483

reference_url	https://access.redhat.com/errata/RHSA-2023:0544
reference_id	RHSA-2023:0544
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0544

reference_url	https://access.redhat.com/errata/RHSA-2023:0556
reference_id	RHSA-2023:0556
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0556

reference_url	https://access.redhat.com/errata/RHSA-2023:3641
reference_id	RHSA-2023:3641
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3641

reference_url	https://access.redhat.com/errata/RHSA-2025:1746
reference_id	RHSA-2025:1746
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1746

reference_url	https://access.redhat.com/errata/RHSA-2025:1747
reference_id	RHSA-2025:1747
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1747

fixed_packages

url pkg:maven/org.apache.cxf/cxf-core@3.4.10

purl pkg:maven/org.apache.cxf/cxf-core@3.4.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-e6nv-j7eu-63h1

vulnerability	VCID-kzx4-pepf-nqd7

vulnerability	VCID-nq3u-yu1a-w3hh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-core@3.4.10

url pkg:maven/org.apache.cxf/cxf-core@3.5.5

purl pkg:maven/org.apache.cxf/cxf-core@3.5.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-e6nv-j7eu-63h1

vulnerability	VCID-kzx4-pepf-nqd7

vulnerability	VCID-nq3u-yu1a-w3hh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-core@3.5.5

aliases CVE-2022-46363, GHSA-3w37-5p3p-jv92

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3884-4stp-e7fz

url VCID-e6nv-j7eu-63h1

vulnerability_id VCID-e6nv-j7eu-63h1

summary

SSRF vulnerability using the Aegis DataBinding in Apache CXF
A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28752.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28752.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-28752

reference_id

reference_type

scores

value	0.50829
scoring_system	epss
scoring_elements	0.97906
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-28752

reference_url

https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-20T03:55:33Z/

url

https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt

reference_url

https://github.com/apache/cxf

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/cxf

reference_url

https://github.com/apache/cxf/commit/d0baeb3ee64c6d7c883bd2f5c4cb0de6b0b5f463

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/cxf/commit/d0baeb3ee64c6d7c883bd2f5c4cb0de6b0b5f463

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-28752

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-28752

reference_url

https://security.netapp.com/advisory/ntap-20240517-0001

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240517-0001

reference_url

http://www.openwall.com/lists/oss-security/2024/03/14/3

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-20T03:55:33Z/

url

http://www.openwall.com/lists/oss-security/2024/03/14/3

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2270732
reference_id	2270732
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2270732

reference_url

https://github.com/advisories/GHSA-qmgx-j96g-4428

reference_id

GHSA-qmgx-j96g-4428

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qmgx-j96g-4428

reference_url

https://security.netapp.com/advisory/ntap-20240517-0001/

reference_id

ntap-20240517-0001

reference_type

scores

value	9.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-20T03:55:33Z/

url

https://security.netapp.com/advisory/ntap-20240517-0001/

reference_url	https://access.redhat.com/errata/RHSA-2024:2834
reference_id	RHSA-2024:2834
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2834

reference_url	https://access.redhat.com/errata/RHSA-2024:2852
reference_id	RHSA-2024:2852
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2852

reference_url	https://access.redhat.com/errata/RHSA-2024:3708
reference_id	RHSA-2024:3708
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3708

reference_url	https://access.redhat.com/errata/RHSA-2024:5479
reference_id	RHSA-2024:5479
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5479

reference_url	https://access.redhat.com/errata/RHSA-2024:5481
reference_id	RHSA-2024:5481
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5481

reference_url	https://access.redhat.com/errata/RHSA-2024:5482
reference_id	RHSA-2024:5482
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5482

reference_url	https://access.redhat.com/errata/RHSA-2024:8339
reference_id	RHSA-2024:8339
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8339

fixed_packages

url pkg:maven/org.apache.cxf/cxf-core@3.5.8

purl pkg:maven/org.apache.cxf/cxf-core@3.5.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kzx4-pepf-nqd7

vulnerability	VCID-nq3u-yu1a-w3hh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-core@3.5.8

url pkg:maven/org.apache.cxf/cxf-core@3.6.3

purl pkg:maven/org.apache.cxf/cxf-core@3.6.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kzx4-pepf-nqd7

vulnerability	VCID-nq3u-yu1a-w3hh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-core@3.6.3

url pkg:maven/org.apache.cxf/cxf-core@4.0.4

purl pkg:maven/org.apache.cxf/cxf-core@4.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kzx4-pepf-nqd7

vulnerability	VCID-nq3u-yu1a-w3hh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-core@4.0.4

aliases CVE-2024-28752, GHSA-qmgx-j96g-4428

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e6nv-j7eu-63h1

url VCID-kzx4-pepf-nqd7

vulnerability_id VCID-kzx4-pepf-nqd7

summary org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23184.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23184.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-23184

reference_id

reference_type

scores

value	0.00147
scoring_system	epss
scoring_elements	0.34827
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-23184

reference_url

https://github.com/apache/cxf

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/cxf

reference_url

https://github.com/apache/cxf/pull/2048

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/cxf/pull/2048

reference_url

https://github.com/apache/cxf/pull/2111

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/cxf/pull/2111

reference_url

https://issues.apache.org/jira/browse/CXF-7396

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/CXF-7396

reference_url

https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-21T15:12:38Z/

url

https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-23184

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-23184

reference_url

https://security.netapp.com/advisory/ntap-20250214-0003

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20250214-0003

reference_url

https://www.vicarius.io/vsociety/posts/cve-2025-23184-detect-apache-cxf-vulnerability

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.vicarius.io/vsociety/posts/cve-2025-23184-detect-apache-cxf-vulnerability

reference_url

https://www.vicarius.io/vsociety/posts/cve-2025-23184-mitigate-apache-cxf-vulnerability

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.vicarius.io/vsociety/posts/cve-2025-23184-mitigate-apache-cxf-vulnerability

reference_url

http://www.openwall.com/lists/oss-security/2025/01/20/3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2025/01/20/3

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2339095
reference_id	2339095
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2339095

reference_url	https://github.com/advisories/GHSA-fh5r-crhr-qrrq
reference_id	GHSA-fh5r-crhr-qrrq
reference_type
scores
url	https://github.com/advisories/GHSA-fh5r-crhr-qrrq

reference_url	https://access.redhat.com/errata/RHSA-2025:10452
reference_id	RHSA-2025:10452
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10452

reference_url	https://access.redhat.com/errata/RHSA-2025:10453
reference_id	RHSA-2025:10453
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10453

reference_url	https://access.redhat.com/errata/RHSA-2025:10459
reference_id	RHSA-2025:10459
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10459

reference_url	https://access.redhat.com/errata/RHSA-2025:10924
reference_id	RHSA-2025:10924
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10924

reference_url	https://access.redhat.com/errata/RHSA-2025:10925
reference_id	RHSA-2025:10925
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10925

reference_url	https://access.redhat.com/errata/RHSA-2025:10926
reference_id	RHSA-2025:10926
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10926

reference_url	https://access.redhat.com/errata/RHSA-2025:10931
reference_id	RHSA-2025:10931
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10931

fixed_packages

url pkg:maven/org.apache.cxf/cxf-core@3.5.10

purl pkg:maven/org.apache.cxf/cxf-core@3.5.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nq3u-yu1a-w3hh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-core@3.5.10

url pkg:maven/org.apache.cxf/cxf-core@3.6.5

purl pkg:maven/org.apache.cxf/cxf-core@3.6.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nq3u-yu1a-w3hh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-core@3.6.5

url pkg:maven/org.apache.cxf/cxf-core@4.0.6

purl pkg:maven/org.apache.cxf/cxf-core@4.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nq3u-yu1a-w3hh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-core@4.0.6

aliases CVE-2025-23184, GHSA-fh5r-crhr-qrrq

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kzx4-pepf-nqd7

url VCID-nq3u-yu1a-w3hh

vulnerability_id VCID-nq3u-yu1a-w3hh

summary org.apache.cxf/cxf: Apache CXF denial of service and data exposure

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48795.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48795.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-48795

reference_id

reference_type

scores

value	0.0031
scoring_system	epss
scoring_elements	0.54434
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-48795

reference_url

https://github.com/apache/cxf

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/cxf

reference_url

https://github.com/apache/cxf/commit/1c1d687f8e295f433a3592a3bc0b0a63c432bfde

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/cxf/commit/1c1d687f8e295f433a3592a3bc0b0a63c432bfde

reference_url

https://github.com/apache/cxf/pull/2258

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/cxf/pull/2258

reference_url

https://lists.apache.org/thread/vo5qv02mvv5plmb6z2xf1ktjmrpv3jmn

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-15T20:44:08Z/

url

https://lists.apache.org/thread/vo5qv02mvv5plmb6z2xf1ktjmrpv3jmn

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-48795

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-48795

reference_url

http://www.openwall.com/lists/oss-security/2025/07/15/3

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2025/07/15/3

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2380189
reference_id	2380189
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2380189

reference_url	https://github.com/advisories/GHSA-36wv-v2qp-v4g4
reference_id	GHSA-36wv-v2qp-v4g4
reference_type
scores
url	https://github.com/advisories/GHSA-36wv-v2qp-v4g4

fixed_packages

url	pkg:maven/org.apache.cxf/cxf-core@3.5.11
purl	pkg:maven/org.apache.cxf/cxf-core@3.5.11
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-core@3.5.11

url	pkg:maven/org.apache.cxf/cxf-core@3.6.6
purl	pkg:maven/org.apache.cxf/cxf-core@3.6.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-core@3.6.6

url	pkg:maven/org.apache.cxf/cxf-core@4.0.7
purl	pkg:maven/org.apache.cxf/cxf-core@4.0.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-core@4.0.7

url	pkg:maven/org.apache.cxf/cxf-core@4.1.1
purl	pkg:maven/org.apache.cxf/cxf-core@4.1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-core@4.1.1

aliases CVE-2025-48795, GHSA-36wv-v2qp-v4g4

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nq3u-yu1a-w3hh

url VCID-yzgu-3jyh-cfeg

vulnerability_id VCID-yzgu-3jyh-cfeg

summary CXF: SSRF Vulnerability

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46364.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46364.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-46364

reference_id

reference_type

scores

value	0.0009
scoring_system	epss
scoring_elements	0.25548
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-46364

reference_url

https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-22T02:48:12Z/

url

https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-46364

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-46364

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2155682
reference_id	2155682
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2155682

reference_url	https://github.com/advisories/GHSA-x3x3-qwjq-8gj4
reference_id	GHSA-x3x3-qwjq-8gj4
reference_type
scores
url	https://github.com/advisories/GHSA-x3x3-qwjq-8gj4

reference_url	https://access.redhat.com/errata/RHSA-2023:0163
reference_id	RHSA-2023:0163
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0163

reference_url	https://access.redhat.com/errata/RHSA-2023:0164
reference_id	RHSA-2023:0164
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0164

reference_url	https://access.redhat.com/errata/RHSA-2023:0483
reference_id	RHSA-2023:0483
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0483

reference_url	https://access.redhat.com/errata/RHSA-2023:0544
reference_id	RHSA-2023:0544
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0544

reference_url	https://access.redhat.com/errata/RHSA-2023:0556
reference_id	RHSA-2023:0556
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0556

reference_url	https://access.redhat.com/errata/RHSA-2023:1285
reference_id	RHSA-2023:1285
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1285

reference_url	https://access.redhat.com/errata/RHSA-2023:1286
reference_id	RHSA-2023:1286
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1286

reference_url	https://access.redhat.com/errata/RHSA-2023:2041
reference_id	RHSA-2023:2041
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2041

reference_url	https://access.redhat.com/errata/RHSA-2023:3641
reference_id	RHSA-2023:3641
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3641

fixed_packages

url pkg:maven/org.apache.cxf/cxf-core@3.4.10

purl pkg:maven/org.apache.cxf/cxf-core@3.4.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-e6nv-j7eu-63h1

vulnerability	VCID-kzx4-pepf-nqd7

vulnerability	VCID-nq3u-yu1a-w3hh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-core@3.4.10

url pkg:maven/org.apache.cxf/cxf-core@3.5.5

purl pkg:maven/org.apache.cxf/cxf-core@3.5.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-e6nv-j7eu-63h1

vulnerability	VCID-kzx4-pepf-nqd7

vulnerability	VCID-nq3u-yu1a-w3hh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-core@3.5.5

aliases CVE-2022-46364, GHSA-x3x3-qwjq-8gj4

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yzgu-3jyh-cfeg

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-core@3.4.9

Package Instance