Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-vv9x-5ab5-yfgc

Summary Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions.

Aliases

alias	CVE-2022-45935

alias	GHSA-v6vp-62vc-84qw

Fixed_packages

url pkg:maven/org.apache.james/james-server@3.7.3

purl pkg:maven/org.apache.james/james-server@3.7.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6gfs-f46a-3qeb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.james/james-server@3.7.3

Affected_packages

url pkg:maven/org.apache.james/james-server@3.0-beta2

purl pkg:maven/org.apache.james/james-server@3.0-beta2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vru-s5v2-dbcq

vulnerability	VCID-4q61-ksfc-aqf2

vulnerability	VCID-6gfs-f46a-3qeb

vulnerability	VCID-aqre-33na-w3d9

vulnerability	VCID-gcxw-t4m6-4bcs

vulnerability	VCID-k6dw-17nc-xbd5

vulnerability	VCID-repa-s2hq-qyfu

vulnerability	VCID-vv9x-5ab5-yfgc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.james/james-server@3.0-beta2

url pkg:maven/org.apache.james/james-server@3.0-beta3

purl pkg:maven/org.apache.james/james-server@3.0-beta3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vru-s5v2-dbcq

vulnerability	VCID-4q61-ksfc-aqf2

vulnerability	VCID-6gfs-f46a-3qeb

vulnerability	VCID-aqre-33na-w3d9

vulnerability	VCID-gcxw-t4m6-4bcs

vulnerability	VCID-k6dw-17nc-xbd5

vulnerability	VCID-repa-s2hq-qyfu

vulnerability	VCID-vv9x-5ab5-yfgc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.james/james-server@3.0-beta3

url pkg:maven/org.apache.james/james-server@3.0-beta4

purl pkg:maven/org.apache.james/james-server@3.0-beta4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vru-s5v2-dbcq

vulnerability	VCID-4q61-ksfc-aqf2

vulnerability	VCID-6gfs-f46a-3qeb

vulnerability	VCID-aqre-33na-w3d9

vulnerability	VCID-gcxw-t4m6-4bcs

vulnerability	VCID-k6dw-17nc-xbd5

vulnerability	VCID-repa-s2hq-qyfu

vulnerability	VCID-vv9x-5ab5-yfgc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.james/james-server@3.0-beta4

url pkg:maven/org.apache.james/james-server@3.0.0-beta5

purl pkg:maven/org.apache.james/james-server@3.0.0-beta5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vru-s5v2-dbcq

vulnerability	VCID-4q61-ksfc-aqf2

vulnerability	VCID-6gfs-f46a-3qeb

vulnerability	VCID-aqre-33na-w3d9

vulnerability	VCID-gcxw-t4m6-4bcs

vulnerability	VCID-k6dw-17nc-xbd5

vulnerability	VCID-repa-s2hq-qyfu

vulnerability	VCID-vv9x-5ab5-yfgc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.james/james-server@3.0.0-beta5

url pkg:maven/org.apache.james/james-server@3.0-M1

purl pkg:maven/org.apache.james/james-server@3.0-M1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vru-s5v2-dbcq

vulnerability	VCID-4q61-ksfc-aqf2

vulnerability	VCID-6gfs-f46a-3qeb

vulnerability	VCID-aqre-33na-w3d9

vulnerability	VCID-gcxw-t4m6-4bcs

vulnerability	VCID-k6dw-17nc-xbd5

vulnerability	VCID-repa-s2hq-qyfu

vulnerability	VCID-vv9x-5ab5-yfgc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.james/james-server@3.0-M1

url pkg:maven/org.apache.james/james-server@3.0-M2

purl pkg:maven/org.apache.james/james-server@3.0-M2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vru-s5v2-dbcq

vulnerability	VCID-4q61-ksfc-aqf2

vulnerability	VCID-6gfs-f46a-3qeb

vulnerability	VCID-aqre-33na-w3d9

vulnerability	VCID-gcxw-t4m6-4bcs

vulnerability	VCID-k6dw-17nc-xbd5

vulnerability	VCID-repa-s2hq-qyfu

vulnerability	VCID-vv9x-5ab5-yfgc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.james/james-server@3.0-M2

url pkg:maven/org.apache.james/james-server@3.0.0-RC1

purl pkg:maven/org.apache.james/james-server@3.0.0-RC1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vru-s5v2-dbcq

vulnerability	VCID-4q61-ksfc-aqf2

vulnerability	VCID-6gfs-f46a-3qeb

vulnerability	VCID-aqre-33na-w3d9

vulnerability	VCID-gcxw-t4m6-4bcs

vulnerability	VCID-k6dw-17nc-xbd5

vulnerability	VCID-repa-s2hq-qyfu

vulnerability	VCID-vv9x-5ab5-yfgc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.james/james-server@3.0.0-RC1

url pkg:maven/org.apache.james/james-server@3.0.0

purl pkg:maven/org.apache.james/james-server@3.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vru-s5v2-dbcq

vulnerability	VCID-4q61-ksfc-aqf2

vulnerability	VCID-6gfs-f46a-3qeb

vulnerability	VCID-aqre-33na-w3d9

vulnerability	VCID-gcxw-t4m6-4bcs

vulnerability	VCID-k6dw-17nc-xbd5

vulnerability	VCID-repa-s2hq-qyfu

vulnerability	VCID-vv9x-5ab5-yfgc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.james/james-server@3.0.0

url pkg:maven/org.apache.james/james-server@3.0.1

purl pkg:maven/org.apache.james/james-server@3.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vru-s5v2-dbcq

vulnerability	VCID-4q61-ksfc-aqf2

vulnerability	VCID-6gfs-f46a-3qeb

vulnerability	VCID-aqre-33na-w3d9

vulnerability	VCID-gcxw-t4m6-4bcs

vulnerability	VCID-k6dw-17nc-xbd5

vulnerability	VCID-repa-s2hq-qyfu

vulnerability	VCID-vv9x-5ab5-yfgc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.james/james-server@3.0.1

url pkg:maven/org.apache.james/james-server@3.1.0

purl pkg:maven/org.apache.james/james-server@3.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vru-s5v2-dbcq

vulnerability	VCID-4q61-ksfc-aqf2

vulnerability	VCID-6gfs-f46a-3qeb

vulnerability	VCID-aqre-33na-w3d9

vulnerability	VCID-gcxw-t4m6-4bcs

vulnerability	VCID-k6dw-17nc-xbd5

vulnerability	VCID-repa-s2hq-qyfu

vulnerability	VCID-vv9x-5ab5-yfgc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.james/james-server@3.1.0

url pkg:maven/org.apache.james/james-server@3.2.0

purl pkg:maven/org.apache.james/james-server@3.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vru-s5v2-dbcq

vulnerability	VCID-4q61-ksfc-aqf2

vulnerability	VCID-6gfs-f46a-3qeb

vulnerability	VCID-aqre-33na-w3d9

vulnerability	VCID-gcxw-t4m6-4bcs

vulnerability	VCID-k6dw-17nc-xbd5

vulnerability	VCID-repa-s2hq-qyfu

vulnerability	VCID-vv9x-5ab5-yfgc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.james/james-server@3.2.0

url pkg:maven/org.apache.james/james-server@3.3.0

purl pkg:maven/org.apache.james/james-server@3.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vru-s5v2-dbcq

vulnerability	VCID-4q61-ksfc-aqf2

vulnerability	VCID-6gfs-f46a-3qeb

vulnerability	VCID-aqre-33na-w3d9

vulnerability	VCID-gcxw-t4m6-4bcs

vulnerability	VCID-k6dw-17nc-xbd5

vulnerability	VCID-repa-s2hq-qyfu

vulnerability	VCID-vv9x-5ab5-yfgc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.james/james-server@3.3.0

url pkg:maven/org.apache.james/james-server@3.4.0

purl pkg:maven/org.apache.james/james-server@3.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vru-s5v2-dbcq

vulnerability	VCID-4q61-ksfc-aqf2

vulnerability	VCID-6gfs-f46a-3qeb

vulnerability	VCID-aqre-33na-w3d9

vulnerability	VCID-gcxw-t4m6-4bcs

vulnerability	VCID-k6dw-17nc-xbd5

vulnerability	VCID-repa-s2hq-qyfu

vulnerability	VCID-vv9x-5ab5-yfgc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.james/james-server@3.4.0

url pkg:maven/org.apache.james/james-server@3.5.0

purl pkg:maven/org.apache.james/james-server@3.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vru-s5v2-dbcq

vulnerability	VCID-4q61-ksfc-aqf2

vulnerability	VCID-6gfs-f46a-3qeb

vulnerability	VCID-aqre-33na-w3d9

vulnerability	VCID-gcxw-t4m6-4bcs

vulnerability	VCID-k6dw-17nc-xbd5

vulnerability	VCID-repa-s2hq-qyfu

vulnerability	VCID-vv9x-5ab5-yfgc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.james/james-server@3.5.0

url pkg:maven/org.apache.james/james-server@3.6.0

purl pkg:maven/org.apache.james/james-server@3.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vru-s5v2-dbcq

vulnerability	VCID-4q61-ksfc-aqf2

vulnerability	VCID-6gfs-f46a-3qeb

vulnerability	VCID-aqre-33na-w3d9

vulnerability	VCID-gcxw-t4m6-4bcs

vulnerability	VCID-k6dw-17nc-xbd5

vulnerability	VCID-repa-s2hq-qyfu

vulnerability	VCID-vv9x-5ab5-yfgc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.james/james-server@3.6.0

url pkg:maven/org.apache.james/james-server@3.6.2

purl pkg:maven/org.apache.james/james-server@3.6.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6gfs-f46a-3qeb

vulnerability	VCID-k6dw-17nc-xbd5

vulnerability	VCID-vv9x-5ab5-yfgc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.james/james-server@3.6.2

url pkg:maven/org.apache.james/james-server@3.7.0

purl pkg:maven/org.apache.james/james-server@3.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6gfs-f46a-3qeb

vulnerability	VCID-k6dw-17nc-xbd5

vulnerability	VCID-vv9x-5ab5-yfgc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.james/james-server@3.7.0

url pkg:maven/org.apache.james/james-server@3.7.1

purl pkg:maven/org.apache.james/james-server@3.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6gfs-f46a-3qeb

vulnerability	VCID-vv9x-5ab5-yfgc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.james/james-server@3.7.1

url pkg:maven/org.apache.james/james-server@3.7.2

purl pkg:maven/org.apache.james/james-server@3.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6gfs-f46a-3qeb

vulnerability	VCID-vv9x-5ab5-yfgc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.james/james-server@3.7.2

url pkg:maven/org.jamesframework/james@0.1

purl pkg:maven/org.jamesframework/james@0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4q61-ksfc-aqf2

vulnerability	VCID-4s4f-emvn-9bhh

vulnerability	VCID-aqre-33na-w3d9

vulnerability	VCID-gcxw-t4m6-4bcs

vulnerability	VCID-k6dw-17nc-xbd5

vulnerability	VCID-tbyy-yemg-g7bk

vulnerability	VCID-vv9x-5ab5-yfgc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jamesframework/james@0.1

url pkg:maven/org.jamesframework/james@0.2

purl pkg:maven/org.jamesframework/james@0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4q61-ksfc-aqf2

vulnerability	VCID-4s4f-emvn-9bhh

vulnerability	VCID-aqre-33na-w3d9

vulnerability	VCID-gcxw-t4m6-4bcs

vulnerability	VCID-k6dw-17nc-xbd5

vulnerability	VCID-tbyy-yemg-g7bk

vulnerability	VCID-vv9x-5ab5-yfgc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jamesframework/james@0.2

url pkg:maven/org.jamesframework/james@1.1

purl pkg:maven/org.jamesframework/james@1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4q61-ksfc-aqf2

vulnerability	VCID-aqre-33na-w3d9

vulnerability	VCID-gcxw-t4m6-4bcs

vulnerability	VCID-k6dw-17nc-xbd5

vulnerability	VCID-tbyy-yemg-g7bk

vulnerability	VCID-vv9x-5ab5-yfgc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jamesframework/james@1.1

url pkg:maven/org.jamesframework/james@1.2

purl pkg:maven/org.jamesframework/james@1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4q61-ksfc-aqf2

vulnerability	VCID-aqre-33na-w3d9

vulnerability	VCID-gcxw-t4m6-4bcs

vulnerability	VCID-k6dw-17nc-xbd5

vulnerability	VCID-tbyy-yemg-g7bk

vulnerability	VCID-vv9x-5ab5-yfgc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jamesframework/james@1.2

url pkg:maven/org.jamesframework/james@3.7.2

purl pkg:maven/org.jamesframework/james@3.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vv9x-5ab5-yfgc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jamesframework/james@3.7.2

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45935.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45935.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-45935

reference_id

reference_type

scores

value	0.00125
scoring_system	epss
scoring_elements	0.31532
published_at	2026-04-24T12:55:00Z

value	0.00125
scoring_system	epss
scoring_elements	0.31756
published_at	2026-04-16T12:55:00Z

value	0.00125
scoring_system	epss
scoring_elements	0.31714
published_at	2026-04-07T12:55:00Z

value	0.00125
scoring_system	epss
scoring_elements	0.31766
published_at	2026-04-08T12:55:00Z

value	0.00125
scoring_system	epss
scoring_elements	0.31796
published_at	2026-04-09T12:55:00Z

value	0.00125
scoring_system	epss
scoring_elements	0.318
published_at	2026-04-11T12:55:00Z

value	0.00125
scoring_system	epss
scoring_elements	0.31759
published_at	2026-04-12T12:55:00Z

value	0.00125
scoring_system	epss
scoring_elements	0.31724
published_at	2026-04-13T12:55:00Z

value	0.00125
scoring_system	epss
scoring_elements	0.31735
published_at	2026-04-18T12:55:00Z

value	0.00125
scoring_system	epss
scoring_elements	0.31852
published_at	2026-04-02T12:55:00Z

value	0.00125
scoring_system	epss
scoring_elements	0.31703
published_at	2026-04-21T12:55:00Z

value	0.00125
scoring_system	epss
scoring_elements	0.31896
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-45935

reference_url

https://github.com/apache/james-project

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/james-project

reference_url

https://github.com/apache/james-project/commit/b5580d13d6c74ecbf647127eff1a3ac1086f5493

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/james-project/commit/b5580d13d6c74ecbf647127eff1a3ac1086f5493

reference_url

https://lists.apache.org/thread/j61fo8xc1rxtofrn8vc33whx35s9cj1d

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:35:27Z/

url

https://lists.apache.org/thread/j61fo8xc1rxtofrn8vc33whx35s9cj1d

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-45935

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-45935

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2158908
reference_id	2158908
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2158908

reference_url

https://github.com/advisories/GHSA-v6vp-62vc-84qw

reference_id

GHSA-v6vp-62vc-84qw

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v6vp-62vc-84qw

Weaknesses

cwe_id	200
name	Exposure of Sensitive Information to an Unauthorized Actor
description	The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

cwe_id	319
name	Cleartext Transmission of Sensitive Information
description	The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

cwe_id	668
name	Exposure of Resource to Wrong Sphere
description	The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vv9x-5ab5-yfgc

Vulnerability Instance