Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.cxf/cxf-rt-transports-jms@3.1.6
Typemaven
Namespaceorg.apache.cxf
Namecxf-rt-transports-jms
Version3.1.6
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.6.8
Latest_non_vulnerable_version4.1.3
Affected_by_vulnerabilities
0
url VCID-wnc6-kzv8-3qen
vulnerability_id VCID-wnc6-kzv8-3qen
summary 
Apache CXF: Untrusted JMS configuration can lead to RCE
If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities.  This interface is now restricted to reject those protocols, removing this possibility.

Users are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3, which fix this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48913.json
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48913.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-48913
reference_id
reference_type
scores
0
value 0.00181
scoring_system epss
scoring_elements 0.39864
published_at 2026-04-12T12:55:00Z
1
value 0.00181
scoring_system epss
scoring_elements 0.39898
published_at 2026-04-11T12:55:00Z
2
value 0.00181
scoring_system epss
scoring_elements 0.39888
published_at 2026-04-09T12:55:00Z
3
value 0.00181
scoring_system epss
scoring_elements 0.39874
published_at 2026-04-08T12:55:00Z
4
value 0.00181
scoring_system epss
scoring_elements 0.39819
published_at 2026-04-07T12:55:00Z
5
value 0.00181
scoring_system epss
scoring_elements 0.39896
published_at 2026-04-04T12:55:00Z
6
value 0.00181
scoring_system epss
scoring_elements 0.39872
published_at 2026-04-02T12:55:00Z
7
value 0.00199
scoring_system epss
scoring_elements 0.42013
published_at 2026-04-18T12:55:00Z
8
value 0.00199
scoring_system epss
scoring_elements 0.4199
published_at 2026-04-13T12:55:00Z
9
value 0.00199
scoring_system epss
scoring_elements 0.42039
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-48913
2
reference_url https://github.com/apache/cxf
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf
3
reference_url https://github.com/apache/cxf/commit/24e50ffeca3132570c2f297c5c7dbd05a1bb1bfa
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf/commit/24e50ffeca3132570c2f297c5c7dbd05a1bb1bfa
4
reference_url https://github.com/mbhatt1/disclosures/security/advisories/GHSA-hv69-h8rg-7jg2
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mbhatt1/disclosures/security/advisories/GHSA-hv69-h8rg-7jg2
5
reference_url https://lists.apache.org/thread/f1nv488ztc0js4g5ml2v88mzkzslyh83
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-13T15:03:45Z/
url https://lists.apache.org/thread/f1nv488ztc0js4g5ml2v88mzkzslyh83
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-48913
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-48913
7
reference_url http://www.openwall.com/lists/oss-security/2025/08/07/2
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/08/07/2
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2387221
reference_id 2387221
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2387221
9
reference_url https://github.com/advisories/GHSA-g4px-6qhm-hqjm
reference_id GHSA-g4px-6qhm-hqjm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g4px-6qhm-hqjm
10
reference_url https://access.redhat.com/errata/RHSA-2025:17298
reference_id RHSA-2025:17298
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17298
11
reference_url https://access.redhat.com/errata/RHSA-2025:17299
reference_id RHSA-2025:17299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17299
12
reference_url https://access.redhat.com/errata/RHSA-2025:17317
reference_id RHSA-2025:17317
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17317
13
reference_url https://access.redhat.com/errata/RHSA-2025:17318
reference_id RHSA-2025:17318
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17318
fixed_packages
0
url pkg:maven/org.apache.cxf/cxf-rt-transports-jms@3.6.8
purl pkg:maven/org.apache.cxf/cxf-rt-transports-jms@3.6.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-transports-jms@3.6.8
1
url pkg:maven/org.apache.cxf/cxf-rt-transports-jms@4.0.9
purl pkg:maven/org.apache.cxf/cxf-rt-transports-jms@4.0.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-transports-jms@4.0.9
2
url pkg:maven/org.apache.cxf/cxf-rt-transports-jms@4.1.3
purl pkg:maven/org.apache.cxf/cxf-rt-transports-jms@4.1.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-transports-jms@4.1.3
aliases CVE-2025-48913, GHSA-g4px-6qhm-hqjm
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wnc6-kzv8-3qen
Fixing_vulnerabilities
Risk_score4.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-transports-jms@3.1.6