Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.avro/avro@1.5.0
Typemaven
Namespaceorg.apache.avro
Nameavro
Version1.5.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.11.4
Latest_non_vulnerable_version1.12.1
Affected_by_vulnerabilities
0
url VCID-6yqn-2w2d-3yd3
vulnerability_id VCID-6yqn-2w2d-3yd3
summary 
When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.

This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2.  Users should update to apache-avro version 1.11.3 which addresses this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39410.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39410.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39410
reference_id
reference_type
scores
0
value 0.00061
scoring_system epss
scoring_elements 0.18938
published_at 2026-04-16T12:55:00Z
1
value 0.00061
scoring_system epss
scoring_elements 0.18984
published_at 2026-04-13T12:55:00Z
2
value 0.00061
scoring_system epss
scoring_elements 0.19036
published_at 2026-04-12T12:55:00Z
3
value 0.00061
scoring_system epss
scoring_elements 0.19082
published_at 2026-04-11T12:55:00Z
4
value 0.00061
scoring_system epss
scoring_elements 0.19077
published_at 2026-04-09T12:55:00Z
5
value 0.00061
scoring_system epss
scoring_elements 0.19175
published_at 2026-04-02T12:55:00Z
6
value 0.00061
scoring_system epss
scoring_elements 0.19227
published_at 2026-04-04T12:55:00Z
7
value 0.00061
scoring_system epss
scoring_elements 0.19023
published_at 2026-04-08T12:55:00Z
8
value 0.00061
scoring_system epss
scoring_elements 0.18943
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39410
2
reference_url https://github.com/apache/avro
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/avro
3
reference_url https://github.com/apache/avro/commit/a12a7e44ddbe060c3dc731863cad5c15f9267828
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/avro/commit/a12a7e44ddbe060c3dc731863cad5c15f9267828
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/avro/PYSEC-2023-188.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/avro/PYSEC-2023-188.yaml
5
reference_url https://issues.apache.org/jira/browse/AVRO-3819
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/AVRO-3819
6
reference_url https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:07:20Z/
url https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds
7
reference_url https://security.netapp.com/advisory/ntap-20240621-0006
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240621-0006
8
reference_url https://www.openwall.com/lists/oss-security/2023/09/29/6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:07:20Z/
url https://www.openwall.com/lists/oss-security/2023/09/29/6
9
reference_url http://www.openwall.com/lists/oss-security/2023/09/29/6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/09/29/6
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2242521
reference_id 2242521
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2242521
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-39410
reference_id CVE-2023-39410
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-39410
12
reference_url https://github.com/advisories/GHSA-rhrv-645h-fjfh
reference_id GHSA-rhrv-645h-fjfh
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rhrv-645h-fjfh
13
reference_url https://access.redhat.com/errata/RHSA-2023:7617
reference_id RHSA-2023:7617
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7617
fixed_packages
0
url pkg:maven/org.apache.avro/avro@1.11.3
purl pkg:maven/org.apache.avro/avro@1.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-agjx-5whj-dyac
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.avro/avro@1.11.3
aliases CVE-2023-39410, GHSA-rhrv-645h-fjfh, PYSEC-2023-188
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6yqn-2w2d-3yd3
1
url VCID-agjx-5whj-dyac
vulnerability_id VCID-agjx-5whj-dyac
summary 
Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK)
Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.
Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47561.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47561.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-47561
reference_id
reference_type
scores
0
value 0.00747
scoring_system epss
scoring_elements 0.73118
published_at 2026-04-16T12:55:00Z
1
value 0.00747
scoring_system epss
scoring_elements 0.73075
published_at 2026-04-13T12:55:00Z
2
value 0.00747
scoring_system epss
scoring_elements 0.73032
published_at 2026-04-02T12:55:00Z
3
value 0.00747
scoring_system epss
scoring_elements 0.73052
published_at 2026-04-04T12:55:00Z
4
value 0.00747
scoring_system epss
scoring_elements 0.73081
published_at 2026-04-12T12:55:00Z
5
value 0.00747
scoring_system epss
scoring_elements 0.73102
published_at 2026-04-11T12:55:00Z
6
value 0.00747
scoring_system epss
scoring_elements 0.73077
published_at 2026-04-09T12:55:00Z
7
value 0.00747
scoring_system epss
scoring_elements 0.73064
published_at 2026-04-08T12:55:00Z
8
value 0.00747
scoring_system epss
scoring_elements 0.73027
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-47561
2
reference_url https://github.com/apache/avro
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/avro
3
reference_url https://github.com/apache/avro/commit/8f89868d29272e3afea2ff8de8c85cb81a57d900
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/avro/commit/8f89868d29272e3afea2ff8de8c85cb81a57d900
4
reference_url https://github.com/apache/avro/commit/f6b3bd7e50e6e09fedddb98c61558c022ba31285
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/avro/commit/f6b3bd7e50e6e09fedddb98c61558c022ba31285
5
reference_url https://github.com/apache/avro/pull/2934
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/avro/pull/2934
6
reference_url https://github.com/apache/avro/pull/2980
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/avro/pull/2980
7
reference_url https://issues.apache.org/jira/browse/AVRO-3985
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/AVRO-3985
8
reference_url https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
4
value CRITICAL
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-03T18:53:44Z/
url https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-47561
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-47561
10
reference_url https://security.netapp.com/advisory/ntap-20241011-0003
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20241011-0003
11
reference_url https://thehackernews.com/2024/10/critical-apache-avro-sdk-flaw-allows.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://thehackernews.com/2024/10/critical-apache-avro-sdk-flaw-allows.html
12
reference_url https://www.openwall.com/lists/oss-security/2024/10/03/1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2024/10/03/1
13
reference_url http://www.openwall.com/lists/oss-security/2024/10/03/1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2024/10/03/1
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2316116
reference_id 2316116
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2316116
15
reference_url https://github.com/advisories/GHSA-r7pg-v2c8-mfg3
reference_id GHSA-r7pg-v2c8-mfg3
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r7pg-v2c8-mfg3
16
reference_url https://access.redhat.com/errata/RHSA-2024:7670
reference_id RHSA-2024:7670
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7670
17
reference_url https://access.redhat.com/errata/RHSA-2024:7676
reference_id RHSA-2024:7676
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7676
18
reference_url https://access.redhat.com/errata/RHSA-2024:7811
reference_id RHSA-2024:7811
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7811
19
reference_url https://access.redhat.com/errata/RHSA-2024:7812
reference_id RHSA-2024:7812
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7812
20
reference_url https://access.redhat.com/errata/RHSA-2024:7861
reference_id RHSA-2024:7861
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7861
21
reference_url https://access.redhat.com/errata/RHSA-2024:7972
reference_id RHSA-2024:7972
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7972
22
reference_url https://access.redhat.com/errata/RHSA-2024:8064
reference_id RHSA-2024:8064
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8064
23
reference_url https://access.redhat.com/errata/RHSA-2024:8093
reference_id RHSA-2024:8093
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8093
24
reference_url https://access.redhat.com/errata/RHSA-2024:8339
reference_id RHSA-2024:8339
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8339
fixed_packages
0
url pkg:maven/org.apache.avro/avro@1.11.4
purl pkg:maven/org.apache.avro/avro@1.11.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.avro/avro@1.11.4
aliases CVE-2024-47561, GHSA-r7pg-v2c8-mfg3
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-agjx-5whj-dyac
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.avro/avro@1.5.0