Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/eap7-guava-libraries@32.1.1-2.jre_redhat_00001.1?arch=el9eap

Type rpm

Namespace redhat

Name eap7-guava-libraries

Version 32.1.1-2.jre_redhat_00001.1

Qualifiers

arch	el9eap

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-fnpa-1sqy-u7hw

vulnerability_id

VCID-fnpa-1sqy-u7hw

summary

Guava vulnerable to insecure use of temporary directory
Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.

Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2976.json

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2976.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-2976

reference_id

reference_type

scores

value	0.00065
scoring_system	epss
scoring_elements	0.20227
published_at	2026-04-12T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20163
published_at	2026-04-18T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20159
published_at	2026-04-16T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20326
published_at	2026-04-02T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20166
published_at	2026-04-13T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20385
published_at	2026-04-04T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20109
published_at	2026-04-07T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20189
published_at	2026-04-08T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20247
published_at	2026-04-09T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20271
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-2976

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2976
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2976

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/google/guava

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/google/guava

reference_url

https://github.com/google/guava/commit/feb83a1c8fd2e7670b244d5afd23cba5aca43284

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/google/guava/commit/feb83a1c8fd2e7670b244d5afd23cba5aca43284

reference_url

https://github.com/google/guava/issues/2575

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-18T04:00:21Z/

url

https://github.com/google/guava/issues/2575

reference_url

https://github.com/google/guava/issues/6532

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/google/guava/issues/6532

reference_url

https://github.com/google/guava/releases/tag/v32.0.0

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/google/guava/releases/tag/v32.0.0

reference_url

https://security.netapp.com/advisory/ntap-20230818-0008

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20230818-0008

reference_url

https://security.netapp.com/advisory/ntap-20241108-0002

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20241108-0002

reference_url

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-18T04:00:21Z/

url

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038979
reference_id	1038979
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038979

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2215229
reference_id	2215229
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2215229

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-2976

reference_id

CVE-2023-2976

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-2976

reference_url

https://github.com/advisories/GHSA-7g45-4rm6-3mm3

reference_id

GHSA-7g45-4rm6-3mm3

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7g45-4rm6-3mm3

reference_url

https://security.netapp.com/advisory/ntap-20230818-0008/

reference_id

ntap-20230818-0008

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-18T04:00:21Z/

url

https://security.netapp.com/advisory/ntap-20230818-0008/

reference_url	https://access.redhat.com/errata/RHSA-2023:5165
reference_id	RHSA-2023:5165
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5165

reference_url	https://access.redhat.com/errata/RHSA-2023:5491
reference_id	RHSA-2023:5491
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5491

reference_url	https://access.redhat.com/errata/RHSA-2023:7678
reference_id	RHSA-2023:7678
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7678

reference_url	https://access.redhat.com/errata/RHSA-2024:0777
reference_id	RHSA-2024:0777
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0777

reference_url	https://access.redhat.com/errata/RHSA-2024:0778
reference_id	RHSA-2024:0778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0778

reference_url	https://access.redhat.com/errata/RHSA-2024:1027
reference_id	RHSA-2024:1027
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1027

fixed_packages

aliases

CVE-2023-2976, GHSA-7g45-4rm6-3mm3

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-fnpa-1sqy-u7hw

url

VCID-y3mv-vmwd-tydt

vulnerability_id

VCID-y3mv-vmwd-tydt

summary

False positive
This vulnerability has been marked as a false positive.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26048.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26048.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-26048

reference_id

reference_type

scores

value	0.40785
scoring_system	epss
scoring_elements	0.97381
published_at	2026-04-18T12:55:00Z

value	0.40785
scoring_system	epss
scoring_elements	0.97378
published_at	2026-04-16T12:55:00Z

value	0.40785
scoring_system	epss
scoring_elements	0.9737
published_at	2026-04-13T12:55:00Z

value	0.40785
scoring_system	epss
scoring_elements	0.97369
published_at	2026-04-11T12:55:00Z

value	0.40785
scoring_system	epss
scoring_elements	0.97367
published_at	2026-04-09T12:55:00Z

value	0.40785
scoring_system	epss
scoring_elements	0.97366
published_at	2026-04-08T12:55:00Z

value	0.40785
scoring_system	epss
scoring_elements	0.97359
published_at	2026-04-07T12:55:00Z

value	0.40785
scoring_system	epss
scoring_elements	0.97358
published_at	2026-04-04T12:55:00Z

value	0.40785
scoring_system	epss
scoring_elements	0.97354
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-26048

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26048
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26048

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26049
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26049

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36479
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36479

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40167
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40167

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41900

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/eclipse/jetty.project

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/eclipse/jetty.project

reference_url

https://github.com/eclipse/jetty.project/issues/9076

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:43:53Z/

url

https://github.com/eclipse/jetty.project/issues/9076

reference_url

https://github.com/eclipse/jetty.project/pull/9344

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:43:53Z/

url

https://github.com/eclipse/jetty.project/pull/9344

reference_url

https://github.com/eclipse/jetty.project/pull/9345

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:43:53Z/

url

https://github.com/eclipse/jetty.project/pull/9345

reference_url

https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.51.v20230217

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.51.v20230217

reference_url

https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:43:53Z/

url

https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload

reference_url

https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:43:53Z/

url

https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html

reference_url

https://security.netapp.com/advisory/ntap-20230526-0001

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20230526-0001

reference_url

https://security.netapp.com/advisory/ntap-20230526-0001/

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:43:53Z/

url

https://security.netapp.com/advisory/ntap-20230526-0001/

reference_url

https://www.debian.org/security/2023/dsa-5507

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:43:53Z/

url

https://www.debian.org/security/2023/dsa-5507

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2236340
reference_id	2236340
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2236340

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-26048

reference_id

CVE-2023-26048

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-26048

reference_url

https://github.com/advisories/GHSA-qw69-rqj8-6qw8

reference_id

GHSA-qw69-rqj8-6qw8

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qw69-rqj8-6qw8

reference_url

https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8

reference_id

GHSA-qw69-rqj8-6qw8

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:43:53Z/

url

https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8

reference_url	https://access.redhat.com/errata/RHSA-2023:5165
reference_id	RHSA-2023:5165
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5165

reference_url	https://access.redhat.com/errata/RHSA-2023:5441
reference_id	RHSA-2023:5441
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5441

reference_url	https://access.redhat.com/errata/RHSA-2024:0778
reference_id	RHSA-2024:0778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0778

reference_url	https://access.redhat.com/errata/RHSA-2024:3385
reference_id	RHSA-2024:3385
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3385

fixed_packages

aliases

CVE-2023-26048, GHSA-qw69-rqj8-6qw8

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-y3mv-vmwd-tydt

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-guava-libraries@32.1.1-2.jre_redhat_00001.1%3Farch=el9eap

Package Instance