Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-cdqt-rqpk-27cm

Summary

Information Exposure
The `org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory` method in PicketLink expands entity references, which allows remote attackers to read arbitrary code and possibly have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue.

Aliases

alias	CVE-2014-3530

alias	GHSA-2c9q-qwrc-f486

Fixed_packages

url	pkg:maven/org.picketlink/picketlink-common@2.7.0.Final
purl	pkg:maven/org.picketlink/picketlink-common@2.7.0.Final
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.picketlink/picketlink-common@2.7.0.Final

url	pkg:maven/org.picketlink/picketlink-fed-core@2.5.0.Final
purl	pkg:maven/org.picketlink/picketlink-fed-core@2.5.0.Final
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.picketlink/picketlink-fed-core@2.5.0.Final

Affected_packages

url pkg:maven/org.picketlink/picketlink-fed-core@1.0.0.CR1

purl pkg:maven/org.picketlink/picketlink-fed-core@1.0.0.CR1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cdqt-rqpk-27cm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.picketlink/picketlink-fed-core@1.0.0.CR1

url pkg:maven/org.picketlink/picketlink-fed-core@1.0.0.GA

purl pkg:maven/org.picketlink/picketlink-fed-core@1.0.0.GA

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cdqt-rqpk-27cm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.picketlink/picketlink-fed-core@1.0.0.GA

url pkg:maven/org.picketlink/picketlink-fed-core@1.0.1

purl pkg:maven/org.picketlink/picketlink-fed-core@1.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cdqt-rqpk-27cm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.picketlink/picketlink-fed-core@1.0.1

url pkg:maven/org.picketlink/picketlink-fed-core@1.0.2

purl pkg:maven/org.picketlink/picketlink-fed-core@1.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cdqt-rqpk-27cm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.picketlink/picketlink-fed-core@1.0.2

url pkg:maven/org.picketlink/picketlink-fed-core@1.0.3.CR1

purl pkg:maven/org.picketlink/picketlink-fed-core@1.0.3.CR1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cdqt-rqpk-27cm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.picketlink/picketlink-fed-core@1.0.3.CR1

url pkg:maven/org.picketlink/picketlink-fed-core@1.0.3.CR2

purl pkg:maven/org.picketlink/picketlink-fed-core@1.0.3.CR2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cdqt-rqpk-27cm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.picketlink/picketlink-fed-core@1.0.3.CR2

url pkg:maven/org.picketlink/picketlink-fed-core@1.0.3.CR3

purl pkg:maven/org.picketlink/picketlink-fed-core@1.0.3.CR3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cdqt-rqpk-27cm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.picketlink/picketlink-fed-core@1.0.3.CR3

url pkg:maven/org.picketlink/picketlink-fed-core@1.0.3.CR4

purl pkg:maven/org.picketlink/picketlink-fed-core@1.0.3.CR4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cdqt-rqpk-27cm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.picketlink/picketlink-fed-core@1.0.3.CR4

url pkg:maven/org.picketlink/picketlink-fed-core@1.0.3.final

purl pkg:maven/org.picketlink/picketlink-fed-core@1.0.3.final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cdqt-rqpk-27cm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.picketlink/picketlink-fed-core@1.0.3.final

url pkg:maven/org.picketlink/picketlink-fed-core@1.0.3.SP1

purl pkg:maven/org.picketlink/picketlink-fed-core@1.0.3.SP1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cdqt-rqpk-27cm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.picketlink/picketlink-fed-core@1.0.3.SP1

url pkg:maven/org.picketlink/picketlink-fed-core@1.0.4.final

purl pkg:maven/org.picketlink/picketlink-fed-core@1.0.4.final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cdqt-rqpk-27cm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.picketlink/picketlink-fed-core@1.0.4.final

url pkg:maven/org.picketlink/picketlink-fed-core@2.0.0.final

purl pkg:maven/org.picketlink/picketlink-fed-core@2.0.0.final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cdqt-rqpk-27cm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.picketlink/picketlink-fed-core@2.0.0.final

url pkg:maven/org.picketlink/picketlink-fed-core@2.0.1.1.final

purl pkg:maven/org.picketlink/picketlink-fed-core@2.0.1.1.final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cdqt-rqpk-27cm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.picketlink/picketlink-fed-core@2.0.1.1.final

url pkg:maven/org.picketlink/picketlink-fed-core@2.0.1.final

purl pkg:maven/org.picketlink/picketlink-fed-core@2.0.1.final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cdqt-rqpk-27cm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.picketlink/picketlink-fed-core@2.0.1.final

url pkg:maven/org.picketlink/picketlink-fed-core@2.0.2.Final

purl pkg:maven/org.picketlink/picketlink-fed-core@2.0.2.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cdqt-rqpk-27cm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.picketlink/picketlink-fed-core@2.0.2.Final

url pkg:maven/org.picketlink/picketlink-fed-core@2.0.3.Final

purl pkg:maven/org.picketlink/picketlink-fed-core@2.0.3.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cdqt-rqpk-27cm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.picketlink/picketlink-fed-core@2.0.3.Final

url pkg:rpm/redhat/picketlink-federation@2.1.5-3_patch_01?arch=el6_5

purl pkg:rpm/redhat/picketlink-federation@2.1.5-3_patch_01?arch=el6_5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cdqt-rqpk-27cm

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/picketlink-federation@2.1.5-3_patch_01%3Farch=el6_5

url pkg:rpm/redhat/picketlink-federation@2.1.5-3_patch_01.ep5?arch=el4

purl pkg:rpm/redhat/picketlink-federation@2.1.5-3_patch_01.ep5?arch=el4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cdqt-rqpk-27cm

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/picketlink-federation@2.1.5-3_patch_01.ep5%3Farch=el4

url pkg:rpm/redhat/picketlink-federation@2.1.5-3_patch_01.ep5?arch=el5

purl pkg:rpm/redhat/picketlink-federation@2.1.5-3_patch_01.ep5?arch=el5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cdqt-rqpk-27cm

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/picketlink-federation@2.1.5-3_patch_01.ep5%3Farch=el5

url pkg:rpm/redhat/picketlink-federation@2.1.9-5.SP3_redhat_2.1.ep6?arch=el5

purl pkg:rpm/redhat/picketlink-federation@2.1.9-5.SP3_redhat_2.1.ep6?arch=el5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cdqt-rqpk-27cm

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/picketlink-federation@2.1.9-5.SP3_redhat_2.1.ep6%3Farch=el5

url pkg:rpm/redhat/picketlink-federation@2.1.9-5.SP3_redhat_2.1.ep6?arch=el6

purl pkg:rpm/redhat/picketlink-federation@2.1.9-5.SP3_redhat_2.1.ep6?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cdqt-rqpk-27cm

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/picketlink-federation@2.1.9-5.SP3_redhat_2.1.ep6%3Farch=el6

References

reference_url

http://rhn.redhat.com/errata/RHSA-2014-0883.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-0883.html

reference_url

http://rhn.redhat.com/errata/RHSA-2014-0884.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-0884.html

reference_url

http://rhn.redhat.com/errata/RHSA-2014-0885.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-0885.html

reference_url

http://rhn.redhat.com/errata/RHSA-2014-0886.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-0886.html

reference_url

http://rhn.redhat.com/errata/RHSA-2015-0091.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2015-0091.html

reference_url

http://rhn.redhat.com/errata/RHSA-2015-0675.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2015-0675.html

reference_url

http://rhn.redhat.com/errata/RHSA-2015-0720.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2015-0720.html

reference_url

http://rhn.redhat.com/errata/RHSA-2015-0765.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2015-0765.html

reference_url

http://rhn.redhat.com/errata/RHSA-2015-1888.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2015-1888.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3530.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3530.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3530

reference_id

reference_type

scores

value	0.02131
scoring_system	epss
scoring_elements	0.8449
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3530

reference_url

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1112987

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1112987

reference_url

http://secunia.com/advisories/60047

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/60047

reference_url

http://secunia.com/advisories/60124

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/60124

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/94700

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/94700

reference_url

https://github.com/picketlink/picketlink

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/picketlink/picketlink

reference_url

https://github.com/picketlink/picketlink/commit/8c78668e4f08cf3c4ed14d8a36d402dcf02cb057

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/picketlink/picketlink/commit/8c78668e4f08cf3c4ed14d8a36d402dcf02cb057

reference_url

https://issues.jboss.org/browse/PLINK-509

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.jboss.org/browse/PLINK-509

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-3530

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-3530

reference_url

http://www.securitytracker.com/id/1030607

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securitytracker.com/id/1030607

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1112987
reference_id	1112987
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1112987

reference_url	https://bugzilla.redhat.com/CVE-2014-3530
reference_id	CVE-2014-3530
reference_type
scores
url	https://bugzilla.redhat.com/CVE-2014-3530

reference_url	https://access.redhat.com/errata/RHSA-2014:0883
reference_id	RHSA-2014:0883
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0883

reference_url	https://access.redhat.com/errata/RHSA-2014:0884
reference_id	RHSA-2014:0884
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0884

reference_url	https://access.redhat.com/errata/RHSA-2014:0885
reference_id	RHSA-2014:0885
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0885

reference_url	https://access.redhat.com/errata/RHSA-2014:0886
reference_id	RHSA-2014:0886
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0886

reference_url	https://access.redhat.com/errata/RHSA-2014:0897
reference_id	RHSA-2014:0897
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0897

reference_url	https://access.redhat.com/errata/RHSA-2014:0898
reference_id	RHSA-2014:0898
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0898

reference_url	https://access.redhat.com/errata/RHSA-2014:0910
reference_id	RHSA-2014:0910
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0910

reference_url	https://access.redhat.com/errata/RHSA-2015:0091
reference_id	RHSA-2015:0091
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0091

reference_url	https://access.redhat.com/errata/RHSA-2015:0234
reference_id	RHSA-2015:0234
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0234

reference_url	https://access.redhat.com/errata/RHSA-2015:0235
reference_id	RHSA-2015:0235
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0235

reference_url	https://access.redhat.com/errata/RHSA-2015:0675
reference_id	RHSA-2015:0675
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0675

reference_url	https://access.redhat.com/errata/RHSA-2015:0720
reference_id	RHSA-2015:0720
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0720

reference_url	https://access.redhat.com/errata/RHSA-2015:0765
reference_id	RHSA-2015:0765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0765

reference_url	https://access.redhat.com/errata/RHSA-2015:1009
reference_id	RHSA-2015:1009
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:1009

reference_url	https://access.redhat.com/errata/RHSA-2015:1888
reference_id	RHSA-2015:1888
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:1888

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	200
name	Exposure of Sensitive Information to an Unauthorized Actor
description	The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	611
name	Improper Restriction of XML External Entity Reference
description	The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cdqt-rqpk-27cm

Vulnerability Instance