Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/io.quarkus/quarkus-smallrye-graphql-client-parent@2.14.0

Type maven

Namespace io.quarkus

Name quarkus-smallrye-graphql-client-parent

Version 2.14.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.5.3

Latest_non_vulnerable_version 3.5.3

Affected_by_vulnerabilities

url VCID-3gb9-c125-mbe1

vulnerability_id VCID-3gb9-c125-mbe1

summary

Missing Authorization
A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and functionality outside of normal granted API permissions.

references

reference_url

https://access.redhat.com/errata/RHSA-2023:7612

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-28T14:24:22Z/

url

https://access.redhat.com/errata/RHSA-2023:7612

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6394.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6394.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-6394

reference_id

reference_type

scores

value	0.00537
scoring_system	epss
scoring_elements	0.67795
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-6394

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2252197

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-28T14:24:22Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2252197

reference_url

https://github.com/quarkusio/quarkus

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/quarkusio/quarkus

reference_url

https://github.com/quarkusio/quarkus/pull/36961

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/quarkusio/quarkus/pull/36961

reference_url

https://github.com/quarkusio/quarkus/releases/tag/2.13.9.Final

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/quarkusio/quarkus/releases/tag/2.13.9.Final

reference_url

https://github.com/quarkusio/quarkus/releases/tag/3.5.3

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/quarkusio/quarkus/releases/tag/3.5.3

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2.13
reference_id	cpe:/a:redhat:quarkus:2.13
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2.13

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3.2::el8
reference_id	cpe:/a:redhat:quarkus:3.2::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3.2::el8

reference_url

https://access.redhat.com/security/cve/CVE-2023-6394

reference_id

CVE-2023-6394

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-28T14:24:22Z/

url

https://access.redhat.com/security/cve/CVE-2023-6394

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-6394

reference_id

CVE-2023-6394

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-6394

reference_url

https://github.com/advisories/GHSA-mvc8-6ffp-jrx5

reference_id

GHSA-mvc8-6ffp-jrx5

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mvc8-6ffp-jrx5

reference_url

https://access.redhat.com/errata/RHSA-2023:7700

reference_id

RHSA-2023:7700

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-28T14:24:22Z/

url

https://access.redhat.com/errata/RHSA-2023:7700

fixed_packages

url	pkg:maven/io.quarkus/quarkus-smallrye-graphql-client-parent@3.5.3
purl	pkg:maven/io.quarkus/quarkus-smallrye-graphql-client-parent@3.5.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-smallrye-graphql-client-parent@3.5.3

aliases CVE-2023-6394, GHSA-mvc8-6ffp-jrx5

risk_score 3.4

exploitability 0.5

weighted_severity 6.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3gb9-c125-mbe1

Fixing_vulnerabilities

Risk_score 3.4

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-smallrye-graphql-client-parent@2.14.0

Package Instance