Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.picketlink/picketlink-common@2.7.0.Final

Type maven

Namespace org.picketlink

Name picketlink-common

Version 2.7.0.Final

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-cdqt-rqpk-27cm

vulnerability_id VCID-cdqt-rqpk-27cm

summary

Information Exposure
The `org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory` method in PicketLink expands entity references, which allows remote attackers to read arbitrary code and possibly have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue.

references

reference_url

http://rhn.redhat.com/errata/RHSA-2014-0883.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-0883.html

reference_url

http://rhn.redhat.com/errata/RHSA-2014-0884.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-0884.html

reference_url

http://rhn.redhat.com/errata/RHSA-2014-0885.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-0885.html

reference_url

http://rhn.redhat.com/errata/RHSA-2014-0886.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-0886.html

reference_url

http://rhn.redhat.com/errata/RHSA-2015-0091.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2015-0091.html

reference_url

http://rhn.redhat.com/errata/RHSA-2015-0675.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2015-0675.html

reference_url

http://rhn.redhat.com/errata/RHSA-2015-0720.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2015-0720.html

reference_url

http://rhn.redhat.com/errata/RHSA-2015-0765.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2015-0765.html

reference_url

http://rhn.redhat.com/errata/RHSA-2015-1888.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2015-1888.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3530.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3530.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3530

reference_id

reference_type

scores

value	0.02131
scoring_system	epss
scoring_elements	0.8449
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3530

reference_url

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1112987

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1112987

reference_url

http://secunia.com/advisories/60047

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/60047

reference_url

http://secunia.com/advisories/60124

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/60124

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/94700

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/94700

reference_url

https://github.com/picketlink/picketlink

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/picketlink/picketlink

reference_url

https://github.com/picketlink/picketlink/commit/8c78668e4f08cf3c4ed14d8a36d402dcf02cb057

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/picketlink/picketlink/commit/8c78668e4f08cf3c4ed14d8a36d402dcf02cb057

reference_url

https://issues.jboss.org/browse/PLINK-509

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.jboss.org/browse/PLINK-509

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-3530

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-3530

reference_url

http://www.securitytracker.com/id/1030607

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securitytracker.com/id/1030607

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1112987
reference_id	1112987
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1112987

reference_url	https://bugzilla.redhat.com/CVE-2014-3530
reference_id	CVE-2014-3530
reference_type
scores
url	https://bugzilla.redhat.com/CVE-2014-3530

reference_url	https://access.redhat.com/errata/RHSA-2014:0883
reference_id	RHSA-2014:0883
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0883

reference_url	https://access.redhat.com/errata/RHSA-2014:0884
reference_id	RHSA-2014:0884
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0884

reference_url	https://access.redhat.com/errata/RHSA-2014:0885
reference_id	RHSA-2014:0885
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0885

reference_url	https://access.redhat.com/errata/RHSA-2014:0886
reference_id	RHSA-2014:0886
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0886

reference_url	https://access.redhat.com/errata/RHSA-2014:0897
reference_id	RHSA-2014:0897
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0897

reference_url	https://access.redhat.com/errata/RHSA-2014:0898
reference_id	RHSA-2014:0898
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0898

reference_url	https://access.redhat.com/errata/RHSA-2014:0910
reference_id	RHSA-2014:0910
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0910

reference_url	https://access.redhat.com/errata/RHSA-2015:0091
reference_id	RHSA-2015:0091
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0091

reference_url	https://access.redhat.com/errata/RHSA-2015:0234
reference_id	RHSA-2015:0234
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0234

reference_url	https://access.redhat.com/errata/RHSA-2015:0235
reference_id	RHSA-2015:0235
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0235

reference_url	https://access.redhat.com/errata/RHSA-2015:0675
reference_id	RHSA-2015:0675
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0675

reference_url	https://access.redhat.com/errata/RHSA-2015:0720
reference_id	RHSA-2015:0720
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0720

reference_url	https://access.redhat.com/errata/RHSA-2015:0765
reference_id	RHSA-2015:0765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0765

reference_url	https://access.redhat.com/errata/RHSA-2015:1009
reference_id	RHSA-2015:1009
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:1009

reference_url	https://access.redhat.com/errata/RHSA-2015:1888
reference_id	RHSA-2015:1888
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:1888

fixed_packages

url	pkg:maven/org.picketlink/picketlink-common@2.7.0.Final
purl	pkg:maven/org.picketlink/picketlink-common@2.7.0.Final
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.picketlink/picketlink-common@2.7.0.Final

aliases CVE-2014-3530, GHSA-2c9q-qwrc-f486

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cdqt-rqpk-27cm

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.picketlink/picketlink-common@2.7.0.Final

Package Instance