Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/libspring-java@4.3.2-1?distro=trixie
Typedeb
Namespacedebian
Namelibspring-java
Version4.3.2-1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version4.3.5-1
Latest_non_vulnerable_version4.3.30-4
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-dfs4-emmn-f3eb
vulnerability_id VCID-dfs4-emmn-f3eb
summary Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5007.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5007.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-5007
reference_id
reference_type
scores
0
value 0.00155
scoring_system epss
scoring_elements 0.36232
published_at 2026-04-12T12:55:00Z
1
value 0.00155
scoring_system epss
scoring_elements 0.36183
published_at 2026-04-21T12:55:00Z
2
value 0.00155
scoring_system epss
scoring_elements 0.36235
published_at 2026-04-18T12:55:00Z
3
value 0.00155
scoring_system epss
scoring_elements 0.3625
published_at 2026-04-16T12:55:00Z
4
value 0.00155
scoring_system epss
scoring_elements 0.36207
published_at 2026-04-13T12:55:00Z
5
value 0.00155
scoring_system epss
scoring_elements 0.36133
published_at 2026-04-01T12:55:00Z
6
value 0.00155
scoring_system epss
scoring_elements 0.36328
published_at 2026-04-02T12:55:00Z
7
value 0.00155
scoring_system epss
scoring_elements 0.3636
published_at 2026-04-04T12:55:00Z
8
value 0.00155
scoring_system epss
scoring_elements 0.36196
published_at 2026-04-07T12:55:00Z
9
value 0.00155
scoring_system epss
scoring_elements 0.36245
published_at 2026-04-08T12:55:00Z
10
value 0.00155
scoring_system epss
scoring_elements 0.36264
published_at 2026-04-09T12:55:00Z
11
value 0.00155
scoring_system epss
scoring_elements 0.36269
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-5007
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5007
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5007
3
reference_url https://github.com/advisories/GHSA-8crv-49fr-2h6j
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-8crv-49fr-2h6j
4
reference_url https://github.com/spring-projects/spring-framework/commit/a30ab30e4e9ae021fdda04e9abfc228476b846b5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/a30ab30e4e9ae021fdda04e9abfc228476b846b5
5
reference_url https://github.com/spring-projects/spring-security/commit/e4c13e3c0ee7f06f59d3b43ca6734215ad7d8974
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security/commit/e4c13e3c0ee7f06f59d3b43ca6734215ad7d8974
6
reference_url https://github.com/spring-projects/spring-security/issues/3964
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security/issues/3964
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-5007
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-5007
8
reference_url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
9
reference_url http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
10
reference_url http://www.securityfocus.com/bid/91687
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/91687
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1353902
reference_id 1353902
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1353902
12
reference_url https://pivotal.io/security/cve-2016-5007
reference_id CVE-2016-5007
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pivotal.io/security/cve-2016-5007
fixed_packages
0
url pkg:deb/debian/libspring-java@4.3.2-1?distro=trixie
purl pkg:deb/debian/libspring-java@4.3.2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.2-1%3Fdistro=trixie
1
url pkg:deb/debian/libspring-java@4.3.30-1?distro=trixie
purl pkg:deb/debian/libspring-java@4.3.30-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.30-1%3Fdistro=trixie
2
url pkg:deb/debian/libspring-java@4.3.30-2?distro=trixie
purl pkg:deb/debian/libspring-java@4.3.30-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.30-2%3Fdistro=trixie
3
url pkg:deb/debian/libspring-java@4.3.30-3?distro=trixie
purl pkg:deb/debian/libspring-java@4.3.30-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.30-3%3Fdistro=trixie
4
url pkg:deb/debian/libspring-java@4.3.30-4?distro=trixie
purl pkg:deb/debian/libspring-java@4.3.30-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.30-4%3Fdistro=trixie
aliases CVE-2016-5007, GHSA-8crv-49fr-2h6j
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dfs4-emmn-f3eb
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.2-1%3Fdistro=trixie