Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.bookkeeper/bookkeeper-common@4.7.3

Type maven

Namespace org.apache.bookkeeper

Name bookkeeper-common

Version 4.7.3

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.14.6

Latest_non_vulnerable_version 4.15.1

Affected_by_vulnerabilities

url VCID-t8wj-2nk6-rqbf

vulnerability_id VCID-t8wj-2nk6-rqbf

summary

The Apache Bookkeeper Java Client (before 4.14.6 and also 4.15.0) does not close the connection to the bookkeeper server when TLS hostname verification fails. This leaves
the bookkeeper client vulnerable to a man in the middle attack.

The problem affects BookKeeper client prior to versions 4.14.6 and 4.15.1.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-32531

reference_id

reference_type

scores

value	0.00798
scoring_system	epss
scoring_elements	0.74526
published_at	2026-06-12T12:55:00Z

value	0.00798
scoring_system	epss
scoring_elements	0.74453
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-32531

reference_url

https://github.com/apache/bookkeeper

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/bookkeeper

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/apache-bookkeeper-client/PYSEC-2022-43060.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/apache-bookkeeper-client/PYSEC-2022-43060.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-32531

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-32531

reference_url

https://github.com/advisories/GHSA-gxq5-79m2-gvvq

reference_id

GHSA-gxq5-79m2-gvvq

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gxq5-79m2-gvvq

reference_url

https://lists.apache.org/thread/xyk2lfc7lzof8mksmwyympbqxts1b5s9

reference_id

xyk2lfc7lzof8mksmwyympbqxts1b5s9

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-17T18:20:02Z/

url

https://lists.apache.org/thread/xyk2lfc7lzof8mksmwyympbqxts1b5s9

fixed_packages

url	pkg:maven/org.apache.bookkeeper/bookkeeper-common@4.14.6
purl	pkg:maven/org.apache.bookkeeper/bookkeeper-common@4.14.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.bookkeeper/bookkeeper-common@4.14.6

url	pkg:maven/org.apache.bookkeeper/bookkeeper-common@4.15.1
purl	pkg:maven/org.apache.bookkeeper/bookkeeper-common@4.15.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.bookkeeper/bookkeeper-common@4.15.1

aliases CVE-2022-32531, GHSA-gxq5-79m2-gvvq, PYSEC-2022-43060

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t8wj-2nk6-rqbf

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.bookkeeper/bookkeeper-common@4.7.3

Package Instance