Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.cocoon/cocoon-core@2.2.0

Type maven

Namespace org.apache.cocoon

Name cocoon-core

Version 2.2.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.3.0

Latest_non_vulnerable_version 2.3.0

Affected_by_vulnerabilities

url VCID-485r-cgnv-8ygt

vulnerability_id VCID-485r-cgnv-8ygt

summary

Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0.

Users are recommended to upgrade to version 2.3.0, which fixes the issue.

references

reference_url	https://github.com/apache/cocoon
reference_id
reference_type
scores
url	https://github.com/apache/cocoon

reference_url	https://lists.apache.org/thread/t87nntzt6dxw354zbqr9k7l7o1x8gq11
reference_id
reference_type
scores
url	https://lists.apache.org/thread/t87nntzt6dxw354zbqr9k7l7o1x8gq11

reference_url	http://www.openwall.com/lists/oss-security/2023/11/30/5
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2023/11/30/5

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-49733
reference_id	CVE-2023-49733
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-49733

reference_url	https://github.com/advisories/GHSA-77jg-cpw9-73vg
reference_id	GHSA-77jg-cpw9-73vg
reference_type
scores
url	https://github.com/advisories/GHSA-77jg-cpw9-73vg

fixed_packages

url	pkg:maven/org.apache.cocoon/cocoon-core@2.3.0
purl	pkg:maven/org.apache.cocoon/cocoon-core@2.3.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cocoon/cocoon-core@2.3.0

aliases CVE-2023-49733, GHSA-77jg-cpw9-73vg

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-485r-cgnv-8ygt

url VCID-e9gp-a2f2-kfdx

vulnerability_id VCID-e9gp-a2f2-kfdx

summary

Apache Cocoon SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Cocoon. This issue affects Apache Cocoon: from 2.2.0 before 2.3.0.

Users are recommended to upgrade to version 2.3.0, which fixes the issue.

references

reference_url	https://github.com/apache/cocoon
reference_id
reference_type
scores
url	https://github.com/apache/cocoon

reference_url	https://lists.apache.org/thread/lsvd1hmr2t2q823x21d5ygzgbj9jpvjp
reference_id
reference_type
scores
url	https://lists.apache.org/thread/lsvd1hmr2t2q823x21d5ygzgbj9jpvjp

reference_url	http://www.openwall.com/lists/oss-security/2023/11/30/3
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2023/11/30/3

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-45135
reference_id	CVE-2022-45135
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-45135

reference_url	https://github.com/advisories/GHSA-8v4w-jr33-4rh3
reference_id	GHSA-8v4w-jr33-4rh3
reference_type
scores
url	https://github.com/advisories/GHSA-8v4w-jr33-4rh3

fixed_packages

url	pkg:maven/org.apache.cocoon/cocoon-core@2.3.0
purl	pkg:maven/org.apache.cocoon/cocoon-core@2.3.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cocoon/cocoon-core@2.3.0

aliases CVE-2022-45135, GHSA-8v4w-jr33-4rh3

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e9gp-a2f2-kfdx

Fixing_vulnerabilities

url VCID-gven-bm92-qkam

vulnerability_id VCID-gven-bm92-qkam

summary

Improper Restriction of XML External Entity Reference
When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system.

references

reference_url	https://lists.apache.org/thread.html/r77add973ea521185e1a90aca00ba9dae7caa8d8b944d92421702bb54%40%3Cusers.cocoon.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r77add973ea521185e1a90aca00ba9dae7caa8d8b944d92421702bb54%40%3Cusers.cocoon.apache.org%3E

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2020-11991
reference_id	CVE-2020-11991
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2020-11991

fixed_packages

url pkg:maven/org.apache.cocoon/cocoon-core@2.2.0

purl pkg:maven/org.apache.cocoon/cocoon-core@2.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-485r-cgnv-8ygt

vulnerability	VCID-e9gp-a2f2-kfdx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cocoon/cocoon-core@2.2.0

aliases CVE-2020-11991

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gven-bm92-qkam

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cocoon/cocoon-core@2.2.0

Package Instance