Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.tapestry/tapestry-core@5.6.2
Typemaven
Namespaceorg.apache.tapestry
Nametapestry-core
Version5.6.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.8.2
Latest_non_vulnerable_version5.8.2
Affected_by_vulnerabilities
0
url VCID-byrs-fwaw-z3aw
vulnerability_id VCID-byrs-fwaw-z3aw
summary Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. This was caused by an incomplete fix for CVE-2020-13953.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-30638
reference_id
reference_type
scores
0
value 0.05311
scoring_system epss
scoring_elements 0.90204
published_at 2026-06-04T12:55:00Z
1
value 0.05311
scoring_system epss
scoring_elements 0.90215
published_at 2026-06-08T12:55:00Z
2
value 0.05311
scoring_system epss
scoring_elements 0.90217
published_at 2026-06-07T12:55:00Z
3
value 0.05311
scoring_system epss
scoring_elements 0.90218
published_at 2026-06-06T12:55:00Z
4
value 0.05311
scoring_system epss
scoring_elements 0.9022
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-30638
1
reference_url https://lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb%40%3Cusers.tapestry.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb%40%3Cusers.tapestry.apache.org%3E
2
reference_url https://security.netapp.com/advisory/ntap-20210528-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210528-0004
3
reference_url https://security.netapp.com/advisory/ntap-20210528-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210528-0004/
4
reference_url https://www.zerodayinitiative.com/advisories/ZDI-21-491
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.zerodayinitiative.com/advisories/ZDI-21-491
5
reference_url https://www.zerodayinitiative.com/advisories/ZDI-21-491/
reference_id
reference_type
scores
url https://www.zerodayinitiative.com/advisories/ZDI-21-491/
6
reference_url http://www.openwall.com/lists/oss-security/2021/04/27/3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/04/27/3
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-30638
reference_id CVE-2021-30638
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-30638
8
reference_url https://github.com/advisories/GHSA-ghm8-mmx7-xvg2
reference_id GHSA-ghm8-mmx7-xvg2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ghm8-mmx7-xvg2
fixed_packages
0
url pkg:maven/org.apache.tapestry/tapestry-core@5.6.4
purl pkg:maven/org.apache.tapestry/tapestry-core@5.6.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-j96w-tkwz-1ka3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tapestry/tapestry-core@5.6.4
1
url pkg:maven/org.apache.tapestry/tapestry-core@5.7.2
purl pkg:maven/org.apache.tapestry/tapestry-core@5.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-j96w-tkwz-1ka3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tapestry/tapestry-core@5.7.2
aliases CVE-2021-30638, GHSA-ghm8-mmx7-xvg2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-byrs-fwaw-z3aw
1
url VCID-j96w-tkwz-1ka3
vulnerability_id VCID-j96w-tkwz-1ka3
summary 
Apache Tapestry 5.8.1 vulnerable to ReDoS via Content Types causing catastrophic backtracking
Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types. Specially crafted Content Types may cause catastrophic backtracking, taking exponential time to complete. Specifically, this is about the regular expression used on the parameter of the org.apache.tapestry5.http.ContentType class. Apache Tapestry 5.8.2 has a fix for this vulnerability. Notice the vulnerability cannot be triggered by web requests in Tapestry code alone. It would only happen if there's some non-Tapestry codepath passing some outside input to the ContentType class constructor.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31781
reference_id
reference_type
scores
0
value 0.00755
scoring_system epss
scoring_elements 0.73626
published_at 2026-06-08T12:55:00Z
1
value 0.00755
scoring_system epss
scoring_elements 0.73613
published_at 2026-06-04T12:55:00Z
2
value 0.00755
scoring_system epss
scoring_elements 0.73649
published_at 2026-06-05T12:55:00Z
3
value 0.00755
scoring_system epss
scoring_elements 0.73653
published_at 2026-06-06T12:55:00Z
4
value 0.00755
scoring_system epss
scoring_elements 0.7364
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31781
1
reference_url https://github.com/apache/tapestry-5/commit/3c8d6103832eec3bc06029dd2532f06df717431f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tapestry-5/commit/3c8d6103832eec3bc06029dd2532f06df717431f
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31781
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31781
3
reference_url https://www.openwall.com/lists/oss-security/2022/07/12/3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2022/07/12/3
4
reference_url https://github.com/advisories/GHSA-227g-7cvv-6ff3
reference_id GHSA-227g-7cvv-6ff3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-227g-7cvv-6ff3
fixed_packages
0
url pkg:maven/org.apache.tapestry/tapestry-core@5.8.2
purl pkg:maven/org.apache.tapestry/tapestry-core@5.8.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tapestry/tapestry-core@5.8.2
aliases CVE-2022-31781, GHSA-227g-7cvv-6ff3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j96w-tkwz-1ka3
2
url VCID-jzah-6eyd-cqce
vulnerability_id VCID-jzah-6eyd-cqce
summary 
Files or Directories Accessible to External Parties
In Apache Tapestry, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13953
reference_id
reference_type
scores
0
value 0.01797
scoring_system epss
scoring_elements 0.83136
published_at 2026-06-08T12:55:00Z
1
value 0.01797
scoring_system epss
scoring_elements 0.83121
published_at 2026-06-04T12:55:00Z
2
value 0.01797
scoring_system epss
scoring_elements 0.83146
published_at 2026-06-05T12:55:00Z
3
value 0.01797
scoring_system epss
scoring_elements 0.83147
published_at 2026-06-06T12:55:00Z
4
value 0.01797
scoring_system epss
scoring_elements 0.83143
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13953
1
reference_url https://lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb@%3Cusers.tapestry.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb@%3Cusers.tapestry.apache.org%3E
2
reference_url https://lists.apache.org/thread.html/r50eb12e8a12074a9b7ed63cbab91d180d19cc23dc1da3ed5b6e1280f%40%3Cusers.tapestry.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r50eb12e8a12074a9b7ed63cbab91d180d19cc23dc1da3ed5b6e1280f%40%3Cusers.tapestry.apache.org%3E
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13953
reference_id CVE-2020-13953
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13953
4
reference_url https://github.com/advisories/GHSA-w9mp-p2wp-2xf7
reference_id GHSA-w9mp-p2wp-2xf7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w9mp-p2wp-2xf7
fixed_packages
0
url pkg:maven/org.apache.tapestry/tapestry-core@5.6.4
purl pkg:maven/org.apache.tapestry/tapestry-core@5.6.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-j96w-tkwz-1ka3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tapestry/tapestry-core@5.6.4
1
url pkg:maven/org.apache.tapestry/tapestry-core@5.7.2
purl pkg:maven/org.apache.tapestry/tapestry-core@5.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-j96w-tkwz-1ka3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tapestry/tapestry-core@5.7.2
aliases CVE-2020-13953, GHSA-w9mp-p2wp-2xf7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jzah-6eyd-cqce
Fixing_vulnerabilities
0
url VCID-4dkw-1egc-uqfr
vulnerability_id VCID-4dkw-1egc-uqfr
summary 
Deserialization of Untrusted Data
A critical unauthenticated remote code execution vulnerability was found in Apache Tapestry.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27850
reference_id
reference_type
scores
0
value 0.93938
scoring_system epss
scoring_elements 0.9989
published_at 2026-06-08T12:55:00Z
1
value 0.94219
scoring_system epss
scoring_elements 0.99927
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27850
1
reference_url https://issues.apache.org/jira/browse/TAP5-2663
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/TAP5-2663
2
reference_url https://lists.apache.org/thread.html/r237ff7f286bda31682c254550c1ebf92b0ec61329b32fbeb2d1c8751%40%3Cusers.tapestry.apache.org%3E
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r237ff7f286bda31682c254550c1ebf92b0ec61329b32fbeb2d1c8751%40%3Cusers.tapestry.apache.org%3E
3
reference_url https://security.netapp.com/advisory/ntap-20210528-0002
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210528-0002
4
reference_url https://security.netapp.com/advisory/ntap-20210528-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210528-0002/
5
reference_url http://www.openwall.com/lists/oss-security/2021/04/15/1
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/04/15/1
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27850
reference_id CVE-2021-27850
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27850
7
reference_url https://github.com/advisories/GHSA-mj8x-cpr8-x39h
reference_id GHSA-mj8x-cpr8-x39h
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mj8x-cpr8-x39h
fixed_packages
0
url pkg:maven/org.apache.tapestry/tapestry-core@5.6.2
purl pkg:maven/org.apache.tapestry/tapestry-core@5.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-byrs-fwaw-z3aw
1
vulnerability VCID-j96w-tkwz-1ka3
2
vulnerability VCID-jzah-6eyd-cqce
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tapestry/tapestry-core@5.6.2
1
url pkg:maven/org.apache.tapestry/tapestry-core@5.6.3
purl pkg:maven/org.apache.tapestry/tapestry-core@5.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-byrs-fwaw-z3aw
1
vulnerability VCID-j96w-tkwz-1ka3
2
vulnerability VCID-jzah-6eyd-cqce
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tapestry/tapestry-core@5.6.3
2
url pkg:maven/org.apache.tapestry/tapestry-core@5.7.1
purl pkg:maven/org.apache.tapestry/tapestry-core@5.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-byrs-fwaw-z3aw
1
vulnerability VCID-j96w-tkwz-1ka3
2
vulnerability VCID-jzah-6eyd-cqce
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tapestry/tapestry-core@5.7.1
aliases CVE-2021-27850, GHSA-mj8x-cpr8-x39h
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4dkw-1egc-uqfr
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tapestry/tapestry-core@5.6.2