Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.vaadin/vaadin-bom@14.4.7
Typemaven
Namespacecom.vaadin
Namevaadin-bom
Version14.4.7
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version14.4.10
Latest_non_vulnerable_version20.0.6
Affected_by_vulnerabilities
0
url VCID-cuep-9tpy-zfbp
vulnerability_id VCID-cuep-9tpy-zfbp
summary 
Server classes and resources exposure in OSGi applications using Vaadin 12-14 and 19
Vulnerability in OSGi integration in `com.vaadin:flow-server` versions 1.2.0 through 2.4.7 (Vaadin 12.0.0 through 14.4.9), and 6.0.0 through 6.0.1 (Vaadin 19.0.0) allows attacker to access application classes and resources on the server via crafted HTTP request.

- https://vaadin.com/security/cve-2021-31407
references
0
reference_url https://github.com/vaadin/platform
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform
1
reference_url https://vaadin.com/security/cve-2021-31407
reference_id CVE-2021-31407
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://vaadin.com/security/cve-2021-31407
2
reference_url https://github.com/advisories/GHSA-j9wr-49vq-rm5g
reference_id GHSA-j9wr-49vq-rm5g
reference_type
scores
url https://github.com/advisories/GHSA-j9wr-49vq-rm5g
3
reference_url https://github.com/vaadin/platform/security/advisories/GHSA-j9wr-49vq-rm5g
reference_id GHSA-j9wr-49vq-rm5g
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform/security/advisories/GHSA-j9wr-49vq-rm5g
fixed_packages
0
url pkg:maven/com.vaadin/vaadin-bom@14.4.10
purl pkg:maven/com.vaadin/vaadin-bom@14.4.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@14.4.10
1
url pkg:maven/com.vaadin/vaadin-bom@19.0.1
purl pkg:maven/com.vaadin/vaadin-bom@19.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-93dy-76qc-8fb7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@19.0.1
aliases GHSA-j9wr-49vq-rm5g, GMS-2021-69
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cuep-9tpy-zfbp
Fixing_vulnerabilities
0
url VCID-tywj-48df-uqcb
vulnerability_id VCID-tywj-48df-uqcb
summary Cross-Site Request Forgery (CSRF) in com.vaadin:vaadin-bom.
references
0
reference_url https://github.com/vaadin/platform
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform
1
reference_url https://vaadin.com/security/cve-2021-31404
reference_id CVE-2021-31404
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://vaadin.com/security/cve-2021-31404
2
reference_url https://github.com/advisories/GHSA-c6c4-7x48-4cqp
reference_id GHSA-c6c4-7x48-4cqp
reference_type
scores
url https://github.com/advisories/GHSA-c6c4-7x48-4cqp
3
reference_url https://github.com/vaadin/platform/security/advisories/GHSA-c6c4-7x48-4cqp
reference_id GHSA-c6c4-7x48-4cqp
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform/security/advisories/GHSA-c6c4-7x48-4cqp
fixed_packages
0
url pkg:maven/com.vaadin/vaadin-bom@10.0.17
purl pkg:maven/com.vaadin/vaadin-bom@10.0.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@10.0.17
1
url pkg:maven/com.vaadin/vaadin-bom@14.4.7
purl pkg:maven/com.vaadin/vaadin-bom@14.4.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cuep-9tpy-zfbp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@14.4.7
2
url pkg:maven/com.vaadin/vaadin-bom@18.0.6
purl pkg:maven/com.vaadin/vaadin-bom@18.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-93dy-76qc-8fb7
1
vulnerability VCID-tmht-98ed-a3fq
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@18.0.6
aliases GHSA-c6c4-7x48-4cqp, GMS-2021-67
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tywj-48df-uqcb
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@14.4.7