Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.sap.cloud.security/java-security@3.3.0
Typemaven
Namespacecom.sap.cloud.security
Namejava-security
Version3.3.0
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-7zhg-cv8f-2qht
vulnerability_id VCID-7zhg-cv8f-2qht
summary 
Duplicate
This advisory duplicates another.
references
0
reference_url https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067
reference_id
reference_type
scores
url https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067
1
reference_url https://en.wikipedia.org/wiki/JSON_Web_Token
reference_id
reference_type
scores
url https://en.wikipedia.org/wiki/JSON_Web_Token
2
reference_url https://github.com/SAP/cloud-security-services-integration-library
reference_id
reference_type
scores
url https://github.com/SAP/cloud-security-services-integration-library
3
reference_url https://github.com/SAP/cloud-security-services-integration-library/commit/4b3e42ab23df6418243b29908b1a2582818d9360
reference_id
reference_type
scores
url https://github.com/SAP/cloud-security-services-integration-library/commit/4b3e42ab23df6418243b29908b1a2582818d9360
4
reference_url https://github.com/SAP/cloud-security-services-integration-library/commit/7ce9601979c30ae269a1cbaf7cf33486d10736f1
reference_id
reference_type
scores
url https://github.com/SAP/cloud-security-services-integration-library/commit/7ce9601979c30ae269a1cbaf7cf33486d10736f1
5
reference_url https://me.sap.com/notes/3411067
reference_id
reference_type
scores
url https://me.sap.com/notes/3411067
6
reference_url https://me.sap.com/notes/3413475
reference_id
reference_type
scores
url https://me.sap.com/notes/3413475
7
reference_url https://mvnrepository.com/artifact/com.sap.cloud.security/java-security
reference_id
reference_type
scores
url https://mvnrepository.com/artifact/com.sap.cloud.security/java-security
8
reference_url https://mvnrepository.com/artifact/com.sap.cloud.security/spring-security
reference_id
reference_type
scores
url https://mvnrepository.com/artifact/com.sap.cloud.security/spring-security
9
reference_url https://mvnrepository.com/artifact/com.sap.cloud.security.xsuaa/spring-xsuaa
reference_id
reference_type
scores
url https://mvnrepository.com/artifact/com.sap.cloud.security.xsuaa/spring-xsuaa
10
reference_url https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
reference_id
reference_type
scores
url https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-50422
reference_id CVE-2023-50422
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-50422
12
reference_url https://github.com/advisories/GHSA-59c9-pxq8-9c73
reference_id GHSA-59c9-pxq8-9c73
reference_type
scores
url https://github.com/advisories/GHSA-59c9-pxq8-9c73
13
reference_url https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73
reference_id GHSA-59c9-pxq8-9c73
reference_type
scores
url https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73
fixed_packages
0
url pkg:maven/com.sap.cloud.security/java-security@2.17.0
purl pkg:maven/com.sap.cloud.security/java-security@2.17.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.sap.cloud.security/java-security@2.17.0
1
url pkg:maven/com.sap.cloud.security/java-security@3.3.0
purl pkg:maven/com.sap.cloud.security/java-security@3.3.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.sap.cloud.security/java-security@3.3.0
aliases CVE-2023-50422, GHSA-59c9-pxq8-9c73, GMS-2023-6079, GMS-2023-6080, GMS-2023-6081
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7zhg-cv8f-2qht
1
url VCID-wnps-h7xk-suh5
vulnerability_id VCID-wnps-h7xk-suh5
summary 
Duplicate Advisory: Improper JWT Signature Validation in SAP Security Services Library
## Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-59c9-pxq8-9c73. This link is maintained to preserve external references.

## Original Description
SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
references
0
reference_url https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067
reference_id
reference_type
scores
url https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067
1
reference_url https://github.com/SAP/cloud-security-services-integration-library
reference_id
reference_type
scores
url https://github.com/SAP/cloud-security-services-integration-library
2
reference_url https://me.sap.com/notes/3411067
reference_id
reference_type
scores
url https://me.sap.com/notes/3411067
3
reference_url https://me.sap.com/notes/3413475
reference_id
reference_type
scores
url https://me.sap.com/notes/3413475
4
reference_url https://mvnrepository.com/artifact/com.sap.cloud.security/java-security
reference_id
reference_type
scores
url https://mvnrepository.com/artifact/com.sap.cloud.security/java-security
5
reference_url https://mvnrepository.com/artifact/com.sap.cloud.security/spring-security
reference_id
reference_type
scores
url https://mvnrepository.com/artifact/com.sap.cloud.security/spring-security
6
reference_url https://mvnrepository.com/artifact/com.sap.cloud.security.xsuaa/spring-xsuaa
reference_id
reference_type
scores
url https://mvnrepository.com/artifact/com.sap.cloud.security.xsuaa/spring-xsuaa
7
reference_url https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
reference_id
reference_type
scores
url https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-50422
reference_id CVE-2023-50422
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-50422
9
reference_url https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73
reference_id GHSA-59c9-pxq8-9c73
reference_type
scores
url https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73
10
reference_url https://github.com/advisories/GHSA-gcgw-q47m-prvj
reference_id GHSA-gcgw-q47m-prvj
reference_type
scores
url https://github.com/advisories/GHSA-gcgw-q47m-prvj
fixed_packages
0
url pkg:maven/com.sap.cloud.security/java-security@2.17.0
purl pkg:maven/com.sap.cloud.security/java-security@2.17.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.sap.cloud.security/java-security@2.17.0
1
url pkg:maven/com.sap.cloud.security/java-security@3.3.0
purl pkg:maven/com.sap.cloud.security/java-security@3.3.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.sap.cloud.security/java-security@3.3.0
aliases GHSA-gcgw-q47m-prvj
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wnps-h7xk-suh5
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.sap.cloud.security/java-security@3.3.0