Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/eap7-xerces-j2@2.12.0-3.SP04_redhat_00001.1?arch=el7eap
Typerpm
Namespaceredhat
Nameeap7-xerces-j2
Version2.12.0-3.SP04_redhat_00001.1
Qualifiers
arch el7eap
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-c2s2-wsy6-sufn
vulnerability_id VCID-c2s2-wsy6-sufn
summary 
XML Injection (aka Blind XPath Injection)
There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23437.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23437.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23437
reference_id
reference_type
scores
0
value 0.00087
scoring_system epss
scoring_elements 0.24948
published_at 2026-04-16T12:55:00Z
1
value 0.00087
scoring_system epss
scoring_elements 0.24935
published_at 2026-04-13T12:55:00Z
2
value 0.00087
scoring_system epss
scoring_elements 0.24989
published_at 2026-04-12T12:55:00Z
3
value 0.00087
scoring_system epss
scoring_elements 0.25029
published_at 2026-04-11T12:55:00Z
4
value 0.00087
scoring_system epss
scoring_elements 0.25015
published_at 2026-04-09T12:55:00Z
5
value 0.00087
scoring_system epss
scoring_elements 0.2497
published_at 2026-04-08T12:55:00Z
6
value 0.00087
scoring_system epss
scoring_elements 0.24901
published_at 2026-04-07T12:55:00Z
7
value 0.00089
scoring_system epss
scoring_elements 0.25542
published_at 2026-04-04T12:55:00Z
8
value 0.00089
scoring_system epss
scoring_elements 0.25504
published_at 2026-04-02T12:55:00Z
9
value 0.00101
scoring_system epss
scoring_elements 0.27855
published_at 2026-04-21T12:55:00Z
10
value 0.00101
scoring_system epss
scoring_elements 0.27898
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23437
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23437
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23437
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/jboss/xerces
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jboss/xerces
5
reference_url https://lists.apache.org/thread/6pjwm10bb69kq955fzr1n0nflnjd27dl
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/6pjwm10bb69kq955fzr1n0nflnjd27dl
6
reference_url https://security.netapp.com/advisory/ntap-20221028-0005
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20221028-0005
7
reference_url https://security.netapp.com/advisory/ntap-20221028-0005/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20221028-0005/
8
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
9
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
10
reference_url http://www.openwall.com/lists/oss-security/2022/01/24/3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/01/24/3
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016975
reference_id 1016975
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016975
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2047200
reference_id 2047200
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2047200
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23437
reference_id CVE-2022-23437
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23437
14
reference_url https://github.com/advisories/GHSA-h65f-jvqw-m9fj
reference_id GHSA-h65f-jvqw-m9fj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h65f-jvqw-m9fj
15
reference_url https://access.redhat.com/errata/RHSA-2022:4918
reference_id RHSA-2022:4918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4918
16
reference_url https://access.redhat.com/errata/RHSA-2022:4919
reference_id RHSA-2022:4919
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4919
17
reference_url https://access.redhat.com/errata/RHSA-2022:4922
reference_id RHSA-2022:4922
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4922
fixed_packages
aliases CVE-2022-23437, GHSA-h65f-jvqw-m9fj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c2s2-wsy6-sufn
1
url VCID-ws4h-edpn-nudd
vulnerability_id VCID-ws4h-edpn-nudd
summary Multiple vulnerabilities have been found in OpenJDK, the worst of which could result in denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21299.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21299.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-21299
reference_id
reference_type
scores
0
value 0.00097
scoring_system epss
scoring_elements 0.26898
published_at 2026-04-02T12:55:00Z
1
value 0.00097
scoring_system epss
scoring_elements 0.26933
published_at 2026-04-04T12:55:00Z
2
value 0.00097
scoring_system epss
scoring_elements 0.2672
published_at 2026-04-07T12:55:00Z
3
value 0.00097
scoring_system epss
scoring_elements 0.26789
published_at 2026-04-08T12:55:00Z
4
value 0.00097
scoring_system epss
scoring_elements 0.26838
published_at 2026-04-09T12:55:00Z
5
value 0.00097
scoring_system epss
scoring_elements 0.26841
published_at 2026-04-11T12:55:00Z
6
value 0.00097
scoring_system epss
scoring_elements 0.26796
published_at 2026-04-12T12:55:00Z
7
value 0.00097
scoring_system epss
scoring_elements 0.26739
published_at 2026-04-13T12:55:00Z
8
value 0.00097
scoring_system epss
scoring_elements 0.26747
published_at 2026-04-16T12:55:00Z
9
value 0.00097
scoring_system epss
scoring_elements 0.26719
published_at 2026-04-18T12:55:00Z
10
value 0.00097
scoring_system epss
scoring_elements 0.26683
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-21299
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21248
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21248
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21277
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21277
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21282
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21282
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21283
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21283
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21291
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21291
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21293
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21293
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21294
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21294
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21296
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21296
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21299
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21299
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21305
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21305
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21340
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21340
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21341
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21341
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21360
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21360
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21365
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21365
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21366
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21366
17
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2041472
reference_id 2041472
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2041472
19
reference_url https://security.gentoo.org/glsa/202209-05
reference_id GLSA-202209-05
reference_type
scores
url https://security.gentoo.org/glsa/202209-05
20
reference_url https://access.redhat.com/errata/RHSA-2022:0161
reference_id RHSA-2022:0161
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0161
21
reference_url https://access.redhat.com/errata/RHSA-2022:0165
reference_id RHSA-2022:0165
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0165
22
reference_url https://access.redhat.com/errata/RHSA-2022:0166
reference_id RHSA-2022:0166
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0166
23
reference_url https://access.redhat.com/errata/RHSA-2022:0185
reference_id RHSA-2022:0185
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0185
24
reference_url https://access.redhat.com/errata/RHSA-2022:0204
reference_id RHSA-2022:0204
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0204
25
reference_url https://access.redhat.com/errata/RHSA-2022:0209
reference_id RHSA-2022:0209
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0209
26
reference_url https://access.redhat.com/errata/RHSA-2022:0211
reference_id RHSA-2022:0211
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0211
27
reference_url https://access.redhat.com/errata/RHSA-2022:0228
reference_id RHSA-2022:0228
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0228
28
reference_url https://access.redhat.com/errata/RHSA-2022:0229
reference_id RHSA-2022:0229
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0229
29
reference_url https://access.redhat.com/errata/RHSA-2022:0233
reference_id RHSA-2022:0233
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0233
30
reference_url https://access.redhat.com/errata/RHSA-2022:0304
reference_id RHSA-2022:0304
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0304
31
reference_url https://access.redhat.com/errata/RHSA-2022:0305
reference_id RHSA-2022:0305
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0305
32
reference_url https://access.redhat.com/errata/RHSA-2022:0306
reference_id RHSA-2022:0306
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0306
33
reference_url https://access.redhat.com/errata/RHSA-2022:0307
reference_id RHSA-2022:0307
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0307
34
reference_url https://access.redhat.com/errata/RHSA-2022:0312
reference_id RHSA-2022:0312
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0312
35
reference_url https://access.redhat.com/errata/RHSA-2022:0317
reference_id RHSA-2022:0317
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0317
36
reference_url https://access.redhat.com/errata/RHSA-2022:0321
reference_id RHSA-2022:0321
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0321
37
reference_url https://access.redhat.com/errata/RHSA-2022:4918
reference_id RHSA-2022:4918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4918
38
reference_url https://access.redhat.com/errata/RHSA-2022:4919
reference_id RHSA-2022:4919
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4919
39
reference_url https://access.redhat.com/errata/RHSA-2022:4922
reference_id RHSA-2022:4922
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4922
40
reference_url https://access.redhat.com/errata/RHSA-2022:4957
reference_id RHSA-2022:4957
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4957
41
reference_url https://usn.ubuntu.com/5313-1/
reference_id USN-5313-1
reference_type
scores
url https://usn.ubuntu.com/5313-1/
fixed_packages
aliases CVE-2022-21299
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ws4h-edpn-nudd
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-xerces-j2@2.12.0-3.SP04_redhat_00001.1%3Farch=el7eap