Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-cjdq-8bzy-8uft
Summary
Improper Restriction of Recursive Entity References in DTDs (XML Entity Expansion)
The Management Console in WSO2 API Manager allows XML External Entity injection (XXE) attacks.
Aliases
0
alias CVE-2020-24589
Fixed_packages
Affected_packages
0
url pkg:maven/org.wso2.am.microgw/org.wso2.micro.gateway.core@2.2.0
purl pkg:maven/org.wso2.am.microgw/org.wso2.micro.gateway.core@2.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ubv-cmf7-3ffv
1
vulnerability VCID-afh6-1arv-wkbk
2
vulnerability VCID-cjdq-8bzy-8uft
3
vulnerability VCID-cs6r-dpvb-r7bw
4
vulnerability VCID-dwym-rb1b-8fd5
5
vulnerability VCID-mpxj-zk4u-mkdq
6
vulnerability VCID-snaq-p5fe-qfeu
7
vulnerability VCID-sp1k-1yzm-d7au
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.wso2.am.microgw/org.wso2.micro.gateway.core@2.2.0
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-24589
reference_id
reference_type
scores
0
value 0.90156
scoring_system epss
scoring_elements 0.99605
published_at 2026-06-04T12:55:00Z
1
value 0.90156
scoring_system epss
scoring_elements 0.99606
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-24589
1
reference_url https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0742
reference_id
reference_type
scores
url https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0742
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-24589
reference_id CVE-2020-24589
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-24589
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 776
name Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
description The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitability2.0
Weighted_severity0.8
Risk_score1.6
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-cjdq-8bzy-8uft