Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.wso2.am/wso2am@4.0.0-beta

Type maven

Namespace org.wso2.am

Name wso2am

Version 4.0.0-beta

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-1ubv-cmf7-3ffv

vulnerability_id VCID-1ubv-cmf7-3ffv

summary

Improper Restriction of XML External Entity Reference
Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-6836

reference_id

reference_type

scores

value	0.0017
scoring_system	epss
scoring_elements	0.38058
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-6836

reference_url

https://github.com/wso2/carbon-analytics-common/commit/9478336859306d3ea13b25cb386f29c183707fde

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/wso2/carbon-analytics-common/commit/9478336859306d3ea13b25cb386f29c183707fde

reference_url

https://github.com/wso2/carbon-commons/commit/a08a587e3dd5146121a7b47a0fdd06ddbcd903f4

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/wso2/carbon-commons/commit/a08a587e3dd5146121a7b47a0fdd06ddbcd903f4

reference_url

https://github.com/wso2/carbon-event-processing/commit/e9953afd46a45f704de341a081f710cbdfa3f975

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/wso2/carbon-event-processing/commit/e9953afd46a45f704de341a081f710cbdfa3f975

reference_url

https://github.com/wso2/carbon-governance/commit/ad36968d5a11d4fc35fa5cc4e8b5ae9a04e5bb4c

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/wso2/carbon-governance/commit/ad36968d5a11d4fc35fa5cc4e8b5ae9a04e5bb4c

reference_url

https://github.com/wso2/carbon-registry/commit/738b2a0b3e5f118527da236467ed72d9fd9ce40e

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/wso2/carbon-registry/commit/738b2a0b3e5f118527da236467ed72d9fd9ce40e

reference_url

https://github.com/wso2/product-apim/commit/96e8f5d6566d57bbbb8d4257f6f55057a79d00b5

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/wso2/product-apim/commit/96e8f5d6566d57bbbb8d4257f6f55057a79d00b5

reference_url

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-0716

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-0716

reference_url	https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-0716/
reference_id
reference_type
scores
url	https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-0716/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-6836

reference_id

CVE-2023-6836

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-6836

reference_url	https://github.com/advisories/GHSA-cr8h-fr86-8vfv
reference_id	GHSA-cr8h-fr86-8vfv
reference_type
scores
url	https://github.com/advisories/GHSA-cr8h-fr86-8vfv

fixed_packages

url	pkg:maven/org.wso2.am/wso2am@4.0.0-beta
purl	pkg:maven/org.wso2.am/wso2am@4.0.0-beta
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.wso2.am/wso2am@4.0.0-beta

aliases CVE-2023-6836, GHSA-cr8h-fr86-8vfv

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1ubv-cmf7-3ffv

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.wso2.am/wso2am@4.0.0-beta

Package Instance