Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/jenkins-2-plugins@4.15.1756735456-1?arch=el8
Typerpm
Namespaceredhat
Namejenkins-2-plugins
Version4.15.1756735456-1
Qualifiers
arch el8
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-1j1w-c84m-b3h3
vulnerability_id VCID-1j1w-c84m-b3h3
summary 
Apache Commons Improper Access Control vulnerability
Improper Access Control vulnerability in Apache Commons.



A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default. PropertyUtilsBean (and consequently BeanUtilsBean) now disallows declared class level property access by default.





Releases 1.11.0 and 2.0.0-M2 address a potential security issue when accessing enum properties in an uncontrolled way. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum’s class loader via the “declaredClass” property available on all Java “enum” objects. Accessing the enum’s “declaredClass” allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty().
Starting in versions 1.11.0 and 2.0.0-M2 a special BeanIntrospector suppresses the “declaredClass” property. Note that this new BeanIntrospector is enabled by default, but you can disable it to regain the old behavior; see section 2.5 of the user's guide and the unit tests.

This issue affects Apache Commons BeanUtils 1.x before 1.11.0, and 2.x before 2.0.0-M2.Users of the artifact commons-beanutils:commons-beanutils

 1.x are recommended to upgrade to version 1.11.0, which fixes the issue.


Users of the artifact org.apache.commons:commons-beanutils2

 2.x are recommended to upgrade to version 2.0.0-M2, which fixes the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48734.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48734.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-48734
reference_id
reference_type
scores
0
value 0.00186
scoring_system epss
scoring_elements 0.40371
published_at 2026-04-18T12:55:00Z
1
value 0.00186
scoring_system epss
scoring_elements 0.40401
published_at 2026-04-16T12:55:00Z
2
value 0.00186
scoring_system epss
scoring_elements 0.40354
published_at 2026-04-13T12:55:00Z
3
value 0.00186
scoring_system epss
scoring_elements 0.40373
published_at 2026-04-12T12:55:00Z
4
value 0.00186
scoring_system epss
scoring_elements 0.40411
published_at 2026-04-11T12:55:00Z
5
value 0.00186
scoring_system epss
scoring_elements 0.404
published_at 2026-04-09T12:55:00Z
6
value 0.00186
scoring_system epss
scoring_elements 0.40389
published_at 2026-04-08T12:55:00Z
7
value 0.00186
scoring_system epss
scoring_elements 0.40338
published_at 2026-04-07T12:55:00Z
8
value 0.00186
scoring_system epss
scoring_elements 0.40414
published_at 2026-04-04T12:55:00Z
9
value 0.00186
scoring_system epss
scoring_elements 0.40388
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-48734
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48734
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48734
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/commons-beanutils
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/commons-beanutils
5
reference_url https://github.com/apache/commons-beanutils/commit/bd20740da25b69552ddef8523beec0837297eaf9
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/commons-beanutils/commit/bd20740da25b69552ddef8523beec0837297eaf9
6
reference_url https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:16Z/
url https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9
7
reference_url https://lists.debian.org/debian-lts-announce/2025/06/msg00027.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/06/msg00027.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-48734
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-48734
9
reference_url http://www.openwall.com/lists/oss-security/2025/05/28/6
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/05/28/6
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106746
reference_id 1106746
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106746
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2368956
reference_id 2368956
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2368956
12
reference_url https://github.com/advisories/GHSA-wxr5-93ph-8wr9
reference_id GHSA-wxr5-93ph-8wr9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wxr5-93ph-8wr9
13
reference_url https://security.gentoo.org/glsa/202601-05
reference_id GLSA-202601-05
reference_type
scores
url https://security.gentoo.org/glsa/202601-05
14
reference_url https://access.redhat.com/errata/RHSA-2025:10452
reference_id RHSA-2025:10452
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10452
15
reference_url https://access.redhat.com/errata/RHSA-2025:10453
reference_id RHSA-2025:10453
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10453
16
reference_url https://access.redhat.com/errata/RHSA-2025:10459
reference_id RHSA-2025:10459
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10459
17
reference_url https://access.redhat.com/errata/RHSA-2025:10814
reference_id RHSA-2025:10814
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10814
18
reference_url https://access.redhat.com/errata/RHSA-2025:10931
reference_id RHSA-2025:10931
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10931
19
reference_url https://access.redhat.com/errata/RHSA-2025:13274
reference_id RHSA-2025:13274
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:13274
20
reference_url https://access.redhat.com/errata/RHSA-2025:15810
reference_id RHSA-2025:15810
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15810
21
reference_url https://access.redhat.com/errata/RHSA-2025:15811
reference_id RHSA-2025:15811
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15811
22
reference_url https://access.redhat.com/errata/RHSA-2025:15812
reference_id RHSA-2025:15812
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15812
23
reference_url https://access.redhat.com/errata/RHSA-2025:15813
reference_id RHSA-2025:15813
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15813
24
reference_url https://access.redhat.com/errata/RHSA-2025:15814
reference_id RHSA-2025:15814
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15814
25
reference_url https://access.redhat.com/errata/RHSA-2025:15815
reference_id RHSA-2025:15815
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15815
26
reference_url https://access.redhat.com/errata/RHSA-2025:15816
reference_id RHSA-2025:15816
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15816
27
reference_url https://access.redhat.com/errata/RHSA-2025:15817
reference_id RHSA-2025:15817
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15817
28
reference_url https://access.redhat.com/errata/RHSA-2025:16409
reference_id RHSA-2025:16409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16409
29
reference_url https://access.redhat.com/errata/RHSA-2025:16668
reference_id RHSA-2025:16668
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16668
30
reference_url https://access.redhat.com/errata/RHSA-2025:8265
reference_id RHSA-2025:8265
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8265
31
reference_url https://access.redhat.com/errata/RHSA-2025:8919
reference_id RHSA-2025:8919
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8919
32
reference_url https://access.redhat.com/errata/RHSA-2025:9114
reference_id RHSA-2025:9114
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9114
33
reference_url https://access.redhat.com/errata/RHSA-2025:9115
reference_id RHSA-2025:9115
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9115
34
reference_url https://access.redhat.com/errata/RHSA-2025:9117
reference_id RHSA-2025:9117
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9117
35
reference_url https://access.redhat.com/errata/RHSA-2025:9166
reference_id RHSA-2025:9166
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9166
36
reference_url https://access.redhat.com/errata/RHSA-2025:9318
reference_id RHSA-2025:9318
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9318
37
reference_url https://access.redhat.com/errata/RHSA-2025:9696
reference_id RHSA-2025:9696
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9696
38
reference_url https://access.redhat.com/errata/RHSA-2025:9697
reference_id RHSA-2025:9697
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9697
fixed_packages
aliases CVE-2025-48734, GHSA-wxr5-93ph-8wr9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1j1w-c84m-b3h3
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.15.1756735456-1%3Farch=el8