Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-aqre-33na-w3d9
Summary
Loop with Unreachable Exit Condition ('Infinite Loop')
In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we discover that crafted APPEND and STATUS IMAP command could be used to trigger infinite loops resulting in expensive CPU computations and OutOfMemory exceptions.This vulnerability had been patched in Apache James and higher. We recommend the upgrade.
Aliases
0
alias CVE-2021-40111
1
alias GHSA-fqgw-6qj5-8hmp
Fixed_packages
0
url pkg:maven/org.apache.james/james-server@3.6.2
purl pkg:maven/org.apache.james/james-server@3.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6gfs-f46a-3qeb
1
vulnerability VCID-k6dw-17nc-xbd5
2
vulnerability VCID-vv9x-5ab5-yfgc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.james/james-server@3.6.2
Affected_packages
0
url pkg:maven/org.apache.james/james-server@3.0-beta2
purl pkg:maven/org.apache.james/james-server@3.0-beta2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vru-s5v2-dbcq
1
vulnerability VCID-4q61-ksfc-aqf2
2
vulnerability VCID-6gfs-f46a-3qeb
3
vulnerability VCID-aqre-33na-w3d9
4
vulnerability VCID-gcxw-t4m6-4bcs
5
vulnerability VCID-k6dw-17nc-xbd5
6
vulnerability VCID-repa-s2hq-qyfu
7
vulnerability VCID-vv9x-5ab5-yfgc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.james/james-server@3.0-beta2
1
url pkg:maven/org.apache.james/james-server@3.0-beta3
purl pkg:maven/org.apache.james/james-server@3.0-beta3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vru-s5v2-dbcq
1
vulnerability VCID-4q61-ksfc-aqf2
2
vulnerability VCID-6gfs-f46a-3qeb
3
vulnerability VCID-aqre-33na-w3d9
4
vulnerability VCID-gcxw-t4m6-4bcs
5
vulnerability VCID-k6dw-17nc-xbd5
6
vulnerability VCID-repa-s2hq-qyfu
7
vulnerability VCID-vv9x-5ab5-yfgc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.james/james-server@3.0-beta3
2
url pkg:maven/org.apache.james/james-server@3.0-beta4
purl pkg:maven/org.apache.james/james-server@3.0-beta4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vru-s5v2-dbcq
1
vulnerability VCID-4q61-ksfc-aqf2
2
vulnerability VCID-6gfs-f46a-3qeb
3
vulnerability VCID-aqre-33na-w3d9
4
vulnerability VCID-gcxw-t4m6-4bcs
5
vulnerability VCID-k6dw-17nc-xbd5
6
vulnerability VCID-repa-s2hq-qyfu
7
vulnerability VCID-vv9x-5ab5-yfgc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.james/james-server@3.0-beta4
3
url pkg:maven/org.apache.james/james-server@3.0.0-beta5
purl pkg:maven/org.apache.james/james-server@3.0.0-beta5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vru-s5v2-dbcq
1
vulnerability VCID-4q61-ksfc-aqf2
2
vulnerability VCID-6gfs-f46a-3qeb
3
vulnerability VCID-aqre-33na-w3d9
4
vulnerability VCID-gcxw-t4m6-4bcs
5
vulnerability VCID-k6dw-17nc-xbd5
6
vulnerability VCID-repa-s2hq-qyfu
7
vulnerability VCID-vv9x-5ab5-yfgc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.james/james-server@3.0.0-beta5
4
url pkg:maven/org.apache.james/james-server@3.0-M1
purl pkg:maven/org.apache.james/james-server@3.0-M1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vru-s5v2-dbcq
1
vulnerability VCID-4q61-ksfc-aqf2
2
vulnerability VCID-6gfs-f46a-3qeb
3
vulnerability VCID-aqre-33na-w3d9
4
vulnerability VCID-gcxw-t4m6-4bcs
5
vulnerability VCID-k6dw-17nc-xbd5
6
vulnerability VCID-repa-s2hq-qyfu
7
vulnerability VCID-vv9x-5ab5-yfgc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.james/james-server@3.0-M1
5
url pkg:maven/org.apache.james/james-server@3.0-M2
purl pkg:maven/org.apache.james/james-server@3.0-M2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vru-s5v2-dbcq
1
vulnerability VCID-4q61-ksfc-aqf2
2
vulnerability VCID-6gfs-f46a-3qeb
3
vulnerability VCID-aqre-33na-w3d9
4
vulnerability VCID-gcxw-t4m6-4bcs
5
vulnerability VCID-k6dw-17nc-xbd5
6
vulnerability VCID-repa-s2hq-qyfu
7
vulnerability VCID-vv9x-5ab5-yfgc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.james/james-server@3.0-M2
6
url pkg:maven/org.apache.james/james-server@3.0.0-RC1
purl pkg:maven/org.apache.james/james-server@3.0.0-RC1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vru-s5v2-dbcq
1
vulnerability VCID-4q61-ksfc-aqf2
2
vulnerability VCID-6gfs-f46a-3qeb
3
vulnerability VCID-aqre-33na-w3d9
4
vulnerability VCID-gcxw-t4m6-4bcs
5
vulnerability VCID-k6dw-17nc-xbd5
6
vulnerability VCID-repa-s2hq-qyfu
7
vulnerability VCID-vv9x-5ab5-yfgc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.james/james-server@3.0.0-RC1
7
url pkg:maven/org.apache.james/james-server@3.0.0
purl pkg:maven/org.apache.james/james-server@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vru-s5v2-dbcq
1
vulnerability VCID-4q61-ksfc-aqf2
2
vulnerability VCID-6gfs-f46a-3qeb
3
vulnerability VCID-aqre-33na-w3d9
4
vulnerability VCID-gcxw-t4m6-4bcs
5
vulnerability VCID-k6dw-17nc-xbd5
6
vulnerability VCID-repa-s2hq-qyfu
7
vulnerability VCID-vv9x-5ab5-yfgc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.james/james-server@3.0.0
8
url pkg:maven/org.apache.james/james-server@3.0.1
purl pkg:maven/org.apache.james/james-server@3.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vru-s5v2-dbcq
1
vulnerability VCID-4q61-ksfc-aqf2
2
vulnerability VCID-6gfs-f46a-3qeb
3
vulnerability VCID-aqre-33na-w3d9
4
vulnerability VCID-gcxw-t4m6-4bcs
5
vulnerability VCID-k6dw-17nc-xbd5
6
vulnerability VCID-repa-s2hq-qyfu
7
vulnerability VCID-vv9x-5ab5-yfgc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.james/james-server@3.0.1
9
url pkg:maven/org.apache.james/james-server@3.1.0
purl pkg:maven/org.apache.james/james-server@3.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vru-s5v2-dbcq
1
vulnerability VCID-4q61-ksfc-aqf2
2
vulnerability VCID-6gfs-f46a-3qeb
3
vulnerability VCID-aqre-33na-w3d9
4
vulnerability VCID-gcxw-t4m6-4bcs
5
vulnerability VCID-k6dw-17nc-xbd5
6
vulnerability VCID-repa-s2hq-qyfu
7
vulnerability VCID-vv9x-5ab5-yfgc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.james/james-server@3.1.0
10
url pkg:maven/org.apache.james/james-server@3.2.0
purl pkg:maven/org.apache.james/james-server@3.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vru-s5v2-dbcq
1
vulnerability VCID-4q61-ksfc-aqf2
2
vulnerability VCID-6gfs-f46a-3qeb
3
vulnerability VCID-aqre-33na-w3d9
4
vulnerability VCID-gcxw-t4m6-4bcs
5
vulnerability VCID-k6dw-17nc-xbd5
6
vulnerability VCID-repa-s2hq-qyfu
7
vulnerability VCID-vv9x-5ab5-yfgc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.james/james-server@3.2.0
11
url pkg:maven/org.apache.james/james-server@3.3.0
purl pkg:maven/org.apache.james/james-server@3.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vru-s5v2-dbcq
1
vulnerability VCID-4q61-ksfc-aqf2
2
vulnerability VCID-6gfs-f46a-3qeb
3
vulnerability VCID-aqre-33na-w3d9
4
vulnerability VCID-gcxw-t4m6-4bcs
5
vulnerability VCID-k6dw-17nc-xbd5
6
vulnerability VCID-repa-s2hq-qyfu
7
vulnerability VCID-vv9x-5ab5-yfgc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.james/james-server@3.3.0
12
url pkg:maven/org.apache.james/james-server@3.4.0
purl pkg:maven/org.apache.james/james-server@3.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vru-s5v2-dbcq
1
vulnerability VCID-4q61-ksfc-aqf2
2
vulnerability VCID-6gfs-f46a-3qeb
3
vulnerability VCID-aqre-33na-w3d9
4
vulnerability VCID-gcxw-t4m6-4bcs
5
vulnerability VCID-k6dw-17nc-xbd5
6
vulnerability VCID-repa-s2hq-qyfu
7
vulnerability VCID-vv9x-5ab5-yfgc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.james/james-server@3.4.0
13
url pkg:maven/org.apache.james/james-server@3.5.0
purl pkg:maven/org.apache.james/james-server@3.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vru-s5v2-dbcq
1
vulnerability VCID-4q61-ksfc-aqf2
2
vulnerability VCID-6gfs-f46a-3qeb
3
vulnerability VCID-aqre-33na-w3d9
4
vulnerability VCID-gcxw-t4m6-4bcs
5
vulnerability VCID-k6dw-17nc-xbd5
6
vulnerability VCID-repa-s2hq-qyfu
7
vulnerability VCID-vv9x-5ab5-yfgc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.james/james-server@3.5.0
14
url pkg:maven/org.apache.james/james-server@3.6.0
purl pkg:maven/org.apache.james/james-server@3.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vru-s5v2-dbcq
1
vulnerability VCID-4q61-ksfc-aqf2
2
vulnerability VCID-6gfs-f46a-3qeb
3
vulnerability VCID-aqre-33na-w3d9
4
vulnerability VCID-gcxw-t4m6-4bcs
5
vulnerability VCID-k6dw-17nc-xbd5
6
vulnerability VCID-repa-s2hq-qyfu
7
vulnerability VCID-vv9x-5ab5-yfgc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.james/james-server@3.6.0
15
url pkg:maven/org.jamesframework/james@0.1
purl pkg:maven/org.jamesframework/james@0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4q61-ksfc-aqf2
1
vulnerability VCID-4s4f-emvn-9bhh
2
vulnerability VCID-aqre-33na-w3d9
3
vulnerability VCID-gcxw-t4m6-4bcs
4
vulnerability VCID-k6dw-17nc-xbd5
5
vulnerability VCID-tbyy-yemg-g7bk
6
vulnerability VCID-vv9x-5ab5-yfgc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jamesframework/james@0.1
16
url pkg:maven/org.jamesframework/james@0.2
purl pkg:maven/org.jamesframework/james@0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4q61-ksfc-aqf2
1
vulnerability VCID-4s4f-emvn-9bhh
2
vulnerability VCID-aqre-33na-w3d9
3
vulnerability VCID-gcxw-t4m6-4bcs
4
vulnerability VCID-k6dw-17nc-xbd5
5
vulnerability VCID-tbyy-yemg-g7bk
6
vulnerability VCID-vv9x-5ab5-yfgc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jamesframework/james@0.2
17
url pkg:maven/org.jamesframework/james@1.1
purl pkg:maven/org.jamesframework/james@1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4q61-ksfc-aqf2
1
vulnerability VCID-aqre-33na-w3d9
2
vulnerability VCID-gcxw-t4m6-4bcs
3
vulnerability VCID-k6dw-17nc-xbd5
4
vulnerability VCID-tbyy-yemg-g7bk
5
vulnerability VCID-vv9x-5ab5-yfgc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jamesframework/james@1.1
18
url pkg:maven/org.jamesframework/james@1.2
purl pkg:maven/org.jamesframework/james@1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4q61-ksfc-aqf2
1
vulnerability VCID-aqre-33na-w3d9
2
vulnerability VCID-gcxw-t4m6-4bcs
3
vulnerability VCID-k6dw-17nc-xbd5
4
vulnerability VCID-tbyy-yemg-g7bk
5
vulnerability VCID-vv9x-5ab5-yfgc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jamesframework/james@1.2
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-40111
reference_id
reference_type
scores
0
value 0.00733
scoring_system epss
scoring_elements 0.72807
published_at 2026-04-24T12:55:00Z
1
value 0.00733
scoring_system epss
scoring_elements 0.72721
published_at 2026-04-13T12:55:00Z
2
value 0.00733
scoring_system epss
scoring_elements 0.72763
published_at 2026-04-16T12:55:00Z
3
value 0.00733
scoring_system epss
scoring_elements 0.72774
published_at 2026-04-18T12:55:00Z
4
value 0.00733
scoring_system epss
scoring_elements 0.72766
published_at 2026-04-21T12:55:00Z
5
value 0.00733
scoring_system epss
scoring_elements 0.72667
published_at 2026-04-01T12:55:00Z
6
value 0.00733
scoring_system epss
scoring_elements 0.72675
published_at 2026-04-02T12:55:00Z
7
value 0.00733
scoring_system epss
scoring_elements 0.72693
published_at 2026-04-04T12:55:00Z
8
value 0.00733
scoring_system epss
scoring_elements 0.72671
published_at 2026-04-07T12:55:00Z
9
value 0.00733
scoring_system epss
scoring_elements 0.7271
published_at 2026-04-08T12:55:00Z
10
value 0.00733
scoring_system epss
scoring_elements 0.72723
published_at 2026-04-09T12:55:00Z
11
value 0.00733
scoring_system epss
scoring_elements 0.72747
published_at 2026-04-11T12:55:00Z
12
value 0.00733
scoring_system epss
scoring_elements 0.7273
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-40111
1
reference_url https://www.openwall.com/lists/oss-security/2022/01/04/3
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2022/01/04/3
2
reference_url http://www.openwall.com/lists/oss-security/2022/01/04/3
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/01/04/3
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-40111
reference_id CVE-2021-40111
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-40111
4
reference_url https://github.com/advisories/GHSA-fqgw-6qj5-8hmp
reference_id GHSA-fqgw-6qj5-8hmp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fqgw-6qj5-8hmp
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 835
name Loop with Unreachable Exit Condition ('Infinite Loop')
description The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-aqre-33na-w3d9