Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.sshd/sshd-common@2.11.0
Typemaven
Namespaceorg.apache.sshd
Namesshd-common
Version2.11.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.12.0
Latest_non_vulnerable_version2.12.0
Affected_by_vulnerabilities
0
url VCID-zxcy-vvmk-xbag
vulnerability_id VCID-zxcy-vvmk-xbag
summary 
Apache MINA SSHD: integrity check bypass
Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with a connection for which 
some security features have been downgraded or disabled, aka a Terrapin 
attack

The mitigations to prevent this type of attack were implemented in Apache MINA SSHD 2.12.0, both client and server side. Users are recommended to upgrade to at least this version. Note that both the client and the server implementation must have mitigations applied against this issue, otherwise the connection may still be affected.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41909.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41909.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-41909
reference_id
reference_type
scores
0
value 0.00478
scoring_system epss
scoring_elements 0.65044
published_at 2026-04-18T12:55:00Z
1
value 0.00478
scoring_system epss
scoring_elements 0.65035
published_at 2026-04-16T12:55:00Z
2
value 0.00478
scoring_system epss
scoring_elements 0.64964
published_at 2026-04-02T12:55:00Z
3
value 0.00478
scoring_system epss
scoring_elements 0.64997
published_at 2026-04-13T12:55:00Z
4
value 0.00478
scoring_system epss
scoring_elements 0.65025
published_at 2026-04-12T12:55:00Z
5
value 0.00478
scoring_system epss
scoring_elements 0.65036
published_at 2026-04-11T12:55:00Z
6
value 0.00478
scoring_system epss
scoring_elements 0.65018
published_at 2026-04-09T12:55:00Z
7
value 0.00478
scoring_system epss
scoring_elements 0.64991
published_at 2026-04-04T12:55:00Z
8
value 0.00478
scoring_system epss
scoring_elements 0.65003
published_at 2026-04-08T12:55:00Z
9
value 0.00478
scoring_system epss
scoring_elements 0.64954
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-41909
2
reference_url https://github.com/apache/mina-sshd
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/mina-sshd
3
reference_url https://github.com/apache/mina-sshd/commit/315739e4e9d1dc7a4ff32ea64936982ed0b73e76
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/mina-sshd/commit/315739e4e9d1dc7a4ff32ea64936982ed0b73e76
4
reference_url https://github.com/apache/mina-sshd/commit/6b0fd46f64bcb75eeeee31d65f10242660aad7c1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/mina-sshd/commit/6b0fd46f64bcb75eeeee31d65f10242660aad7c1
5
reference_url https://github.com/apache/mina-sshd/commit/7b2c781640a7a78a9455b86593a1f63c9e8cab92
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/mina-sshd/commit/7b2c781640a7a78a9455b86593a1f63c9e8cab92
6
reference_url https://github.com/apache/mina-sshd/issues/445
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T14:03:16Z/
url https://github.com/apache/mina-sshd/issues/445
7
reference_url https://github.com/apache/mina-sshd/pull/449
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/mina-sshd/pull/449
8
reference_url https://github.com/apache/mina-sshd/releases/tag/sshd-2.12.0
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/mina-sshd/releases/tag/sshd-2.12.0
9
reference_url https://lists.apache.org/thread/vwf1ot8wx1njyy8n19j5j2tcnjnozt3b
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T14:03:16Z/
url https://lists.apache.org/thread/vwf1ot8wx1njyy8n19j5j2tcnjnozt3b
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-41909
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-41909
11
reference_url https://security.netapp.com/advisory/ntap-20241011-0006
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20241011-0006
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2304442
reference_id 2304442
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2304442
13
reference_url https://github.com/advisories/GHSA-2326-hx7g-3m9r
reference_id GHSA-2326-hx7g-3m9r
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2326-hx7g-3m9r
fixed_packages
0
url pkg:maven/org.apache.sshd/sshd-common@2.12.0
purl pkg:maven/org.apache.sshd/sshd-common@2.12.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.sshd/sshd-common@2.12.0
aliases CVE-2024-41909, GHSA-2326-hx7g-3m9r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zxcy-vvmk-xbag
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.sshd/sshd-common@2.11.0