Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.cxf/cxf-core@3.1.8
Typemaven
Namespaceorg.apache.cxf
Namecxf-core
Version3.1.8
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.1.9
Latest_non_vulnerable_version4.0.4
Affected_by_vulnerabilities
0
url VCID-3w9n-4sux-vyh5
vulnerability_id VCID-3w9n-4sux-vyh5
summary 
Cross-site Scripting
The HTTP transport module in Apache CXF uses `FormattedServiceListWriter` to provide an HTML page which lists the names and absolute URL addresses of the available service endpoints. The module calculates the base URL using the current `HttpServletRequest` which is used by `FormattedServiceListWriter` to build the service endpoint absolute URLs. If the unexpected matrix parameters have been injected into the request URL then these matrix parameters will find their way back to the client in the services list page which represents an XSS risk to the client.
references
0
reference_url https://access.redhat.com/errata/RHSA-2017:0868
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0868
1
reference_url https://issues.apache.org/jira/browse/CXF-6216
reference_id
reference_type
scores
url https://issues.apache.org/jira/browse/CXF-6216
2
reference_url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
3
reference_url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
8
reference_url http://www.securityfocus.com/bid/97582
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/97582
9
reference_url http://www.securitytracker.com/id/1037543
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1037543
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-6812
reference_id CVE-2016-6812
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-6812
11
reference_url http://cxf.apache.org/security-advisories.data/CVE-2016-6812.txt.asc
reference_id CVE-2016-6812.TXT.ASC
reference_type
scores
url http://cxf.apache.org/security-advisories.data/CVE-2016-6812.txt.asc
12
reference_url https://github.com/advisories/GHSA-vw2c-5wph-v92r
reference_id GHSA-vw2c-5wph-v92r
reference_type
scores
url https://github.com/advisories/GHSA-vw2c-5wph-v92r
fixed_packages
0
url pkg:maven/org.apache.cxf/cxf-core@3.1.9
purl pkg:maven/org.apache.cxf/cxf-core@3.1.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-core@3.1.9
aliases CVE-2016-6812, GHSA-vw2c-5wph-v92r
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3w9n-4sux-vyh5
1
url VCID-wk5d-6usk-yyh2
vulnerability_id VCID-wk5d-6usk-yyh2
summary 
Improper Restriction of XML External Entity Reference
The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. These readers use Apache Abdera Parser which expands XML entities by default which represents a major XXE risk.
references
0
reference_url https://access.redhat.com/errata/RHSA-2017:0868
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0868
1
reference_url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
2
reference_url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
3
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-8739
reference_id CVE-2016-8739
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-8739
8
reference_url http://cxf.apache.org/security-advisories.data/CVE-2016-8739.txt.asc
reference_id CVE-2016-8739.TXT.ASC
reference_type
scores
url http://cxf.apache.org/security-advisories.data/CVE-2016-8739.txt.asc
9
reference_url https://github.com/advisories/GHSA-x7xf-253v-x3w8
reference_id GHSA-x7xf-253v-x3w8
reference_type
scores
url https://github.com/advisories/GHSA-x7xf-253v-x3w8
fixed_packages
0
url pkg:maven/org.apache.cxf/cxf-core@3.1.9
purl pkg:maven/org.apache.cxf/cxf-core@3.1.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-core@3.1.9
aliases CVE-2016-8739, GHSA-x7xf-253v-x3w8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wk5d-6usk-yyh2
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-core@3.1.8