Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.bouncycastle/bcprov-lts8on@2.73.5
Typemaven
Namespaceorg.bouncycastle
Namebcprov-lts8on
Version2.73.5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.73.6
Latest_non_vulnerable_version2.73.6
Affected_by_vulnerabilities
0
url VCID-e4j2-7rmt-17bf
vulnerability_id VCID-e4j2-7rmt-17bf
summary 
Bouncy Castle Java Cryptography API vulnerable to DNS poisoning
An issue was discovered in the Bouncy Castle Crypto Package For Java before BC TLS Java 1.0.19 (ships with BC Java 1.78, BC Java (LTS) 2.73.6) and before BC FIPS TLS Java 1.0.19. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname (as happens with HttpsURLConnection), hostname verification could be performed against a DNS-resolved IP address in some situations, opening up a possibility of DNS poisoning.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34447.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34447.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-34447
reference_id
reference_type
scores
0
value 0.00107
scoring_system epss
scoring_elements 0.28819
published_at 2026-04-07T12:55:00Z
1
value 0.00107
scoring_system epss
scoring_elements 0.28928
published_at 2026-04-09T12:55:00Z
2
value 0.00107
scoring_system epss
scoring_elements 0.28887
published_at 2026-04-08T12:55:00Z
3
value 0.00107
scoring_system epss
scoring_elements 0.28963
published_at 2026-04-02T12:55:00Z
4
value 0.00107
scoring_system epss
scoring_elements 0.29012
published_at 2026-04-04T12:55:00Z
5
value 0.00141
scoring_system epss
scoring_elements 0.3436
published_at 2026-04-16T12:55:00Z
6
value 0.00141
scoring_system epss
scoring_elements 0.34388
published_at 2026-04-11T12:55:00Z
7
value 0.00141
scoring_system epss
scoring_elements 0.34348
published_at 2026-04-12T12:55:00Z
8
value 0.00141
scoring_system epss
scoring_elements 0.34325
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-34447
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34447
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34447
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/bcgit/bc-java
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java
5
reference_url https://github.com/bcgit/bc-java/issues/1656
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/issues/1656
6
reference_url https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9034447
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-16T18:10:40Z/
url https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9034447
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-34447
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-34447
8
reference_url https://security.netapp.com/advisory/ntap-20240614-0007
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240614-0007
9
reference_url https://www.bouncycastle.org/latest_releases.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-16T18:10:40Z/
url https://www.bouncycastle.org/latest_releases.html
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070655
reference_id 1070655
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070655
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2279227
reference_id 2279227
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2279227
12
reference_url https://github.com/advisories/GHSA-4h8f-2wvx-gg5w
reference_id GHSA-4h8f-2wvx-gg5w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4h8f-2wvx-gg5w
13
reference_url https://security.netapp.com/advisory/ntap-20240614-0007/
reference_id ntap-20240614-0007
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-16T18:10:40Z/
url https://security.netapp.com/advisory/ntap-20240614-0007/
14
reference_url https://access.redhat.com/errata/RHSA-2024:4271
reference_id RHSA-2024:4271
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4271
15
reference_url https://access.redhat.com/errata/RHSA-2024:4326
reference_id RHSA-2024:4326
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4326
16
reference_url https://usn.ubuntu.com/8108-1/
reference_id USN-8108-1
reference_type
scores
url https://usn.ubuntu.com/8108-1/
fixed_packages
0
url pkg:maven/org.bouncycastle/bcprov-lts8on@2.73.6
purl pkg:maven/org.bouncycastle/bcprov-lts8on@2.73.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bouncycastle/bcprov-lts8on@2.73.6
aliases CVE-2024-34447, GHSA-4h8f-2wvx-gg5w
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e4j2-7rmt-17bf
Fixing_vulnerabilities
Risk_score3.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.bouncycastle/bcprov-lts8on@2.73.5