Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/644301?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/644301?format=api", "purl": "pkg:maven/org.apache.openmeetings/openmeetings-parent@6.3.0", "type": "maven", "namespace": "org.apache.openmeetings", "name": "openmeetings-parent", "version": "6.3.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "9.0.0", "latest_non_vulnerable_version": "9.0.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89226?format=api", "vulnerability_id": "VCID-3xum-p9mm-kbc3", "summary": "Apache OpenMeetings Uses GET Request Method With Sensitive Query Strings\nUse of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings.\n\nThe REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please check references regarding possible impact\n\n\nThis issue affects Apache OpenMeetings: from 3.1.3 before 9.0.0.\n\nUsers are recommended to upgrade to version 9.0.0, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34020", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22113", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22098", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34020" }, { "reference_url": "https://github.com/apache/openmeetings", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/openmeetings" }, { "reference_url": "https://lists.apache.org/thread/2h3h9do5tp17xldr0nps1yjmkx4vs3db", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:13:11Z/" } ], "url": "https://lists.apache.org/thread/2h3h9do5tp17xldr0nps1yjmkx4vs3db" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34020", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34020" }, { "reference_url": "https://owasp.org/www-community/vulnerabilities/Information_exposure_through_query_strings_in_url", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:13:11Z/" } ], "url": "https://owasp.org/www-community/vulnerabilities/Information_exposure_through_query_strings_in_url" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/04/09/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/04/09/12" }, { "reference_url": "https://github.com/advisories/GHSA-gcvm-c75m-h4p4", "reference_id": "GHSA-gcvm-c75m-h4p4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gcvm-c75m-h4p4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110268?format=api", "purl": "pkg:maven/org.apache.openmeetings/openmeetings-parent@9.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@9.0.0" } ], "aliases": [ "CVE-2026-34020", "GHSA-gcvm-c75m-h4p4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3xum-p9mm-kbc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45177?format=api", "vulnerability_id": "VCID-556q-4wch-sfde", "summary": "Improper Input Validation\nAn attacker who has gained access to an admin account can perform RCE via null-byte injection\n\nVendor: The Apache Software Foundation\n\nVersions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29246", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29175", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29208", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29246" }, { "reference_url": "https://github.com/apache/openmeetings", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/openmeetings" }, { "reference_url": "https://github.com/apache/openmeetings/commit/8e65a1344157b2898f2922d49a0bd2105687c4a5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/openmeetings/commit/8e65a1344157b2898f2922d49a0bd2105687c4a5" }, { "reference_url": "https://github.com/apache/openmeetings/commit/9f12a48994d0ad741ac140c52cbd2152f0d048d5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/openmeetings/commit/9f12a48994d0ad741ac140c52cbd2152f0d048d5" }, { "reference_url": "https://github.com/apache/openmeetings/commit/f91ff1917027625f066a9007694a31d06e69df3a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/openmeetings/commit/f91ff1917027625f066a9007694a31d06e69df3a" }, { "reference_url": "https://issues.apache.org/jira/browse/OPENMEETINGS-2765", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/OPENMEETINGS-2765" }, { "reference_url": "https://lists.apache.org/thread/230plvhbdx26m43b0sy942wlwt6kkmmr", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-10T19:34:24Z/" } ], "url": "https://lists.apache.org/thread/230plvhbdx26m43b0sy942wlwt6kkmmr" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29246", "reference_id": "CVE-2023-29246", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29246" }, { "reference_url": "https://github.com/advisories/GHSA-mg5h-f3q8-c96g", "reference_id": "GHSA-mg5h-f3q8-c96g", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mg5h-f3q8-c96g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65099?format=api", "purl": "pkg:maven/org.apache.openmeetings/openmeetings-parent@7.1.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@7.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/652891?format=api", "purl": "pkg:maven/org.apache.openmeetings/openmeetings-parent@7.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xum-p9mm-kbc3" }, { "vulnerability": "VCID-vbkk-qkme-uyh9" }, { "vulnerability": "VCID-vm9c-dvcd-3khf" }, { "vulnerability": "VCID-xsja-94mz-hqbh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@7.2.0" } ], "aliases": [ "CVE-2023-29246", "GHSA-mg5h-f3q8-c96g" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-556q-4wch-sfde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44776?format=api", "vulnerability_id": "VCID-6fca-mmbn-k7b7", "summary": "Missing Authentication for Critical Function\nVendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28326", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01053", "scoring_system": "epss", "scoring_elements": "0.77942", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01053", "scoring_system": "epss", "scoring_elements": "0.77948", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28326" }, { "reference_url": "https://github.com/apache/openmeetings", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/openmeetings" }, { "reference_url": "https://github.com/apache/openmeetings/commit/1fb71af36", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/openmeetings/commit/1fb71af36" }, { "reference_url": "https://lists.apache.org/thread/r9vn12dp5yofn1h3wd5x4h7c3vmmr5d9", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-23T15:13:01Z/" } ], "url": "https://lists.apache.org/thread/r9vn12dp5yofn1h3wd5x4h7c3vmmr5d9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28326", "reference_id": "CVE-2023-28326", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28326" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64437?format=api", "purl": "pkg:maven/org.apache.openmeetings/openmeetings-parent@7.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xum-p9mm-kbc3" }, { "vulnerability": "VCID-556q-4wch-sfde" }, { "vulnerability": "VCID-vbkk-qkme-uyh9" }, { "vulnerability": "VCID-vfk3-wtbw-kuf9" }, { "vulnerability": "VCID-vm9c-dvcd-3khf" }, { "vulnerability": "VCID-xsja-94mz-hqbh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@7.0.0" } ], "aliases": [ "CVE-2023-28326", "GHSA-3r48-3m8r-4r9w" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6fca-mmbn-k7b7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89795?format=api", "vulnerability_id": "VCID-vbkk-qkme-uyh9", "summary": "Apache OpenMeetings Uses Hard-coded Cryptographic Key\nUse of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings.\n\nThe remember-me cookie encryption key is set to default value in openmeetings.properties and not being auto-rotated. In case OM admin hasn't changed the default encryption key, an attacker who has stolen a cookie from a logged-in user can get full user credentials.\n\n\nThis issue affects Apache OpenMeetings: from 6.1.0 before 9.0.0.\n\nUsers are recommended to upgrade to version 9.0.0, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33266", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17515", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.1751", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33266" }, { "reference_url": "https://github.com/apache/openmeetings", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/openmeetings" }, { "reference_url": "https://lists.apache.org/thread/b05jnp9563v49zq494lox9kjbhhf2w66", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:47:33Z/" } ], "url": "https://lists.apache.org/thread/b05jnp9563v49zq494lox9kjbhhf2w66" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33266", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33266" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/04/09/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/04/09/11" }, { "reference_url": "https://github.com/advisories/GHSA-wqxq-w68r-wg85", "reference_id": "GHSA-wqxq-w68r-wg85", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wqxq-w68r-wg85" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110268?format=api", "purl": "pkg:maven/org.apache.openmeetings/openmeetings-parent@9.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@9.0.0" } ], "aliases": [ "CVE-2026-33266", "GHSA-wqxq-w68r-wg85" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vbkk-qkme-uyh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45164?format=api", "vulnerability_id": "VCID-vfk3-wtbw-kuf9", "summary": "Improper Authentication\nAn attacker that has gained access to certain private information can use this to act as other user.\n\nVendor: The Apache Software Foundation\n\nVersions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29032", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41056", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41052", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29032" }, { "reference_url": "https://github.com/apache/openmeetings", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/openmeetings" }, { "reference_url": "https://github.com/apache/openmeetings/commit/4e89e0ca076c83f26562f1146cf3e81ba0b16a7f", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/openmeetings/commit/4e89e0ca076c83f26562f1146cf3e81ba0b16a7f" }, { "reference_url": "https://issues.apache.org/jira/browse/OPENMEETINGS-2764", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/OPENMEETINGS-2764" }, { "reference_url": "https://lists.apache.org/thread/j2d6mg3rzcphfd8vvvk09d8p4o9lvnqp", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-10T19:44:48Z/" } ], "url": "https://lists.apache.org/thread/j2d6mg3rzcphfd8vvvk09d8p4o9lvnqp" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29032", "reference_id": "CVE-2023-29032", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29032" }, { "reference_url": "https://github.com/advisories/GHSA-v9rm-7rv9-r3fw", "reference_id": "GHSA-v9rm-7rv9-r3fw", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-v9rm-7rv9-r3fw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65099?format=api", "purl": "pkg:maven/org.apache.openmeetings/openmeetings-parent@7.1.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@7.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/652891?format=api", "purl": "pkg:maven/org.apache.openmeetings/openmeetings-parent@7.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xum-p9mm-kbc3" }, { "vulnerability": "VCID-vbkk-qkme-uyh9" }, { "vulnerability": "VCID-vm9c-dvcd-3khf" }, { "vulnerability": "VCID-xsja-94mz-hqbh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@7.2.0" } ], "aliases": [ "CVE-2023-29032", "GHSA-v9rm-7rv9-r3fw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vfk3-wtbw-kuf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89300?format=api", "vulnerability_id": "VCID-vm9c-dvcd-3khf", "summary": "Apache OpenMeetings has an Improper Handling of Insufficient Privileges vulnerability\nSny registered user can query web service with their credentials and get files/sub-folders of any folder by ID (metadata only NOT contents). Metadata includes id, type, name and some other field. Full list of fields get be checked at FileItemDTO object.\n\nThis issue affects Apache OpenMeetings: from 3.10 before 9.0.0.\n\nUsers are recommended to upgrade to version 9.0.0, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33005", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.332", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33214", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33005" }, { "reference_url": "https://github.com/apache/openmeetings", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/openmeetings" }, { "reference_url": "https://lists.apache.org/thread/pttoprd628g3xr6lpp3bm1z8m3z8t4p7", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:44:03Z/" } ], "url": "https://lists.apache.org/thread/pttoprd628g3xr6lpp3bm1z8m3z8t4p7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33005", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33005" }, { "reference_url": "https://openmeetings.apache.org/openmeetings-db/apidocs/org.apache.openmeetings.db/org/apache/openmeetings/db/dto/file/FileItemDTO.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:44:03Z/" } ], "url": "https://openmeetings.apache.org/openmeetings-db/apidocs/org.apache.openmeetings.db/org/apache/openmeetings/db/dto/file/FileItemDTO.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/04/09/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/04/09/10" }, { "reference_url": "https://github.com/advisories/GHSA-78cg-fc6c-w44w", "reference_id": "GHSA-78cg-fc6c-w44w", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-78cg-fc6c-w44w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110268?format=api", "purl": "pkg:maven/org.apache.openmeetings/openmeetings-parent@9.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@9.0.0" } ], "aliases": [ "CVE-2026-33005", "GHSA-78cg-fc6c-w44w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vm9c-dvcd-3khf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56442?format=api", "vulnerability_id": "VCID-xsja-94mz-hqbh", "summary": "Apache OpenMeetings vulnerable to Deserialization of Untrusted Data\nVendor: The Apache Software Foundation\n\nVersions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0\n\nDescription: Default clustering instructions at https://openmeetings.apache.org/Clustering.html doesn't specify allow/deny lists for OpenJPA this leads to possible deserialisation of untrusted data.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-54676", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06098", "scoring_system": "epss", "scoring_elements": "0.90944", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.06098", "scoring_system": "epss", "scoring_elements": "0.90943", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-54676" }, { "reference_url": "https://github.com/apache/openmeetings", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/openmeetings" }, { "reference_url": "https://github.com/apache/openmeetings/commit/1c3426c6d3abbd984a3c01a61decf1242ea38923", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/openmeetings/commit/1c3426c6d3abbd984a3c01a61decf1242ea38923" }, { "reference_url": "https://issues.apache.org/jira/browse/OPENMEETINGS-2787", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/OPENMEETINGS-2787" }, { "reference_url": "https://lists.apache.org/thread/o0k05jxrt5tp4nm45lj14yfjxmg67m95", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-08T14:00:24Z/" } ], "url": "https://lists.apache.org/thread/o0k05jxrt5tp4nm45lj14yfjxmg67m95" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/01/08/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/01/08/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54676", "reference_id": "CVE-2024-54676", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54676" }, { "reference_url": "https://github.com/advisories/GHSA-mjf9-4pcv-vfg7", "reference_id": "GHSA-mjf9-4pcv-vfg7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mjf9-4pcv-vfg7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83701?format=api", "purl": "pkg:maven/org.apache.openmeetings/openmeetings-parent@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xum-p9mm-kbc3" }, { "vulnerability": "VCID-vbkk-qkme-uyh9" }, { "vulnerability": "VCID-vm9c-dvcd-3khf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@8.0.0" } ], "aliases": [ "CVE-2024-54676", "GHSA-mjf9-4pcv-vfg7" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xsja-94mz-hqbh" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@6.3.0" }