Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.wso2.am.microgw/org.wso2.micro.gateway.core@2.2.0
Typemaven
Namespaceorg.wso2.am.microgw
Nameorg.wso2.micro.gateway.core
Version2.2.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-1ubv-cmf7-3ffv
vulnerability_id VCID-1ubv-cmf7-3ffv
summary 
Improper Restriction of XML External Entity Reference
Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information.
references
0
reference_url https://github.com/wso2/carbon-analytics-common/commit/9478336859306d3ea13b25cb386f29c183707fde
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wso2/carbon-analytics-common/commit/9478336859306d3ea13b25cb386f29c183707fde
1
reference_url https://github.com/wso2/carbon-commons/commit/a08a587e3dd5146121a7b47a0fdd06ddbcd903f4
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wso2/carbon-commons/commit/a08a587e3dd5146121a7b47a0fdd06ddbcd903f4
2
reference_url https://github.com/wso2/carbon-event-processing/commit/e9953afd46a45f704de341a081f710cbdfa3f975
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wso2/carbon-event-processing/commit/e9953afd46a45f704de341a081f710cbdfa3f975
3
reference_url https://github.com/wso2/carbon-governance/commit/ad36968d5a11d4fc35fa5cc4e8b5ae9a04e5bb4c
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wso2/carbon-governance/commit/ad36968d5a11d4fc35fa5cc4e8b5ae9a04e5bb4c
4
reference_url https://github.com/wso2/carbon-registry/commit/738b2a0b3e5f118527da236467ed72d9fd9ce40e
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wso2/carbon-registry/commit/738b2a0b3e5f118527da236467ed72d9fd9ce40e
5
reference_url https://github.com/wso2/product-apim/commit/96e8f5d6566d57bbbb8d4257f6f55057a79d00b5
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wso2/product-apim/commit/96e8f5d6566d57bbbb8d4257f6f55057a79d00b5
6
reference_url https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-0716
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-0716
7
reference_url https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-0716/
reference_id
reference_type
scores
url https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-0716/
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-6836
reference_id CVE-2023-6836
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-6836
9
reference_url https://github.com/advisories/GHSA-cr8h-fr86-8vfv
reference_id GHSA-cr8h-fr86-8vfv
reference_type
scores
url https://github.com/advisories/GHSA-cr8h-fr86-8vfv
fixed_packages
aliases CVE-2023-6836, GHSA-cr8h-fr86-8vfv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1ubv-cmf7-3ffv
1
url VCID-afh6-1arv-wkbk
vulnerability_id VCID-afh6-1arv-wkbk
summary An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager, API Manager Analytics, API Microgateway, Data Analytics Server, Enterprise Integrat, IS as Key Manager, Identity Server, Identity Server Analytics, and IoT Server
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-24703
reference_id
reference_type
scores
0
value 0.00397
scoring_system epss
scoring_elements 0.60823
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-24703
1
reference_url https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0687
reference_id
reference_type
scores
url https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0687
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-24703
reference_id CVE-2020-24703
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-24703
fixed_packages
aliases CVE-2020-24703
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-afh6-1arv-wkbk
2
url VCID-cjdq-8bzy-8uft
vulnerability_id VCID-cjdq-8bzy-8uft
summary 
Improper Restriction of Recursive Entity References in DTDs (XML Entity Expansion)
The Management Console in WSO2 API Manager allows XML External Entity injection (XXE) attacks.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-24589
reference_id
reference_type
scores
0
value 0.90156
scoring_system epss
scoring_elements 0.99605
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-24589
1
reference_url https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0742
reference_id
reference_type
scores
url https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0742
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-24589
reference_id CVE-2020-24589
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-24589
fixed_packages
aliases CVE-2020-24589
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cjdq-8bzy-8uft
3
url VCID-cs6r-dpvb-r7bw
vulnerability_id VCID-cs6r-dpvb-r7bw
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0; Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0; Identity Server Analytics 5.5.0 and 5.6.0; and WSO2 Micro Integrator 1.0.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-29548
reference_id
reference_type
scores
0
value 0.76361
scoring_system epss
scoring_elements 0.98953
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-29548
1
reference_url https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2021-1603
reference_id
reference_type
scores
url https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2021-1603
2
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/50970.py
reference_id CVE-2022-29548
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/50970.py
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-29548
reference_id CVE-2022-29548
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-29548
fixed_packages
aliases CVE-2022-29548
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cs6r-dpvb-r7bw
4
url VCID-dwym-rb1b-8fd5
vulnerability_id VCID-dwym-rb1b-8fd5
summary 
Cross-site Scripting
An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager, API Manager Analytics, API Microgateway, Data Analytics Server, Enterprise Integrat, IS as Key Manager, Identity Server, Identity Server Analytics, and IoT Server
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-24704
reference_id
reference_type
scores
0
value 0.00268
scoring_system epss
scoring_elements 0.50448
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-24704
1
reference_url https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0685
reference_id
reference_type
scores
url https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0685
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-24704
reference_id CVE-2020-24704
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-24704
fixed_packages
aliases CVE-2020-24704
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dwym-rb1b-8fd5
5
url VCID-mpxj-zk4u-mkdq
vulnerability_id VCID-mpxj-zk4u-mkdq
summary 
Improper Restriction of XML External Entity Reference
The Management Console allows XXE during addition or update of a Lifecycle.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13883
reference_id
reference_type
scores
0
value 0.00279
scoring_system epss
scoring_elements 0.5152
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13883
1
reference_url https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0727
reference_id
reference_type
scores
url https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0727
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13883
reference_id CVE-2020-13883
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-13883
fixed_packages
aliases CVE-2020-13883
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mpxj-zk4u-mkdq
6
url VCID-snaq-p5fe-qfeu
vulnerability_id VCID-snaq-p5fe-qfeu
summary 
Cross-site Scripting
WSO2 Management Console allows XSS via the `carbon/admin/login.jsp` msgId parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-17453
reference_id
reference_type
scores
0
value 0.57847
scoring_system epss
scoring_elements 0.98209
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-17453
1
reference_url https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-1132
reference_id
reference_type
scores
url https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-1132
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-17453
reference_id CVE-2020-17453
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-17453
fixed_packages
aliases CVE-2020-17453
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-snaq-p5fe-qfeu
7
url VCID-sp1k-1yzm-d7au
vulnerability_id VCID-sp1k-1yzm-d7au
summary 
Improper Restriction of Recursive Entity References in DTDs (XML Entity Expansion)
The Management Console in WSO2 API Manager allows XML Entity Expansion attacks.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-24590
reference_id
reference_type
scores
0
value 0.00562
scoring_system epss
scoring_elements 0.68704
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-24590
1
reference_url https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0742
reference_id
reference_type
scores
url https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0742
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-24590
reference_id CVE-2020-24590
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-24590
fixed_packages
aliases CVE-2020-24590
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sp1k-1yzm-d7au
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.wso2.am.microgw/org.wso2.micro.gateway.core@2.2.0