Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/io.quarkus/quarkus-cache@3.5.2
Typemaven
Namespaceio.quarkus
Namequarkus-cache
Version3.5.2
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.2.9.Final
Latest_non_vulnerable_version3.5.2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-cj1s-n7y3-mqh2
vulnerability_id VCID-cj1s-n7y3-mqh2
summary 
Exposure of Sensitive Information to an Unauthorized Actor
A flaw was found in the Quarkus Cache Runtime. When request processing utilizes a Uni cached using @CacheResult and the cached Uni reuses the initial "completion" context, the processing switches to the cached Uni instead of the request context. This is a problem if the cached Uni context contains sensitive information, and could allow a malicious user to benefit from a POST request returning the response that is meant for another user, gaining access to sensitive data.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-6393
reference_id
reference_type
scores
0
value 0.00202
scoring_system epss
scoring_elements 0.42174
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-6393
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2253113
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2253113
2
reference_url https://github.com/quarkusio/quarkus/commit/d9ace85caec2d8497b1a2c48b8d52bb163f04adf
reference_id
reference_type
scores
url https://github.com/quarkusio/quarkus/commit/d9ace85caec2d8497b1a2c48b8d52bb163f04adf
3
reference_url https://github.com/quarkusio/quarkus/issues/37078
reference_id
reference_type
scores
url https://github.com/quarkusio/quarkus/issues/37078
4
reference_url https://github.com/quarkusio/quarkus/pull/37077
reference_id
reference_type
scores
url https://github.com/quarkusio/quarkus/pull/37077
5
reference_url https://access.redhat.com/security/cve/CVE-2023-6393
reference_id CVE-2023-6393
reference_type
scores
url https://access.redhat.com/security/cve/CVE-2023-6393
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-6393
reference_id CVE-2023-6393
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-6393
7
reference_url https://github.com/advisories/GHSA-xfv5-jqgp-vqhj
reference_id GHSA-xfv5-jqgp-vqhj
reference_type
scores
url https://github.com/advisories/GHSA-xfv5-jqgp-vqhj
fixed_packages
0
url pkg:maven/io.quarkus/quarkus-cache@3.2.9.Final
purl pkg:maven/io.quarkus/quarkus-cache@3.2.9.Final
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-cache@3.2.9.Final
1
url pkg:maven/io.quarkus/quarkus-cache@3.5.2
purl pkg:maven/io.quarkus/quarkus-cache@3.5.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-cache@3.5.2
aliases CVE-2023-6393, GHSA-xfv5-jqgp-vqhj
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cj1s-n7y3-mqh2
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-cache@3.5.2