Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-su3k-9x5e-rqg4

Summary JDK: XML External Entity Injection (XXE) error when processing XML data

Aliases

alias	CVE-2017-1289

Fixed_packages

Affected_packages

url pkg:rpm/redhat/java-1.6.0-ibm@1:1.6.0.16.45-1jpp.1?arch=el6_9

purl pkg:rpm/redhat/java-1.6.0-ibm@1:1.6.0.16.45-1jpp.1?arch=el6_9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-c9qw-1g2p-qqcr

vulnerability	VCID-eyjp-7kks-jbfr

vulnerability	VCID-fsu1-jy1q-qkh1

vulnerability	VCID-ft81-49v3-a7cr

vulnerability	VCID-m6xx-a91r-sbhu

vulnerability	VCID-mr6h-6jrp-gyf3

vulnerability	VCID-smft-ms93-6kf1

vulnerability	VCID-su3k-9x5e-rqg4

vulnerability	VCID-zzqd-253d-ykca

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/java-1.6.0-ibm@1:1.6.0.16.45-1jpp.1%3Farch=el6_9

url pkg:rpm/redhat/java-1.7.1-ibm@1:1.7.1.4.5-1jpp.1?arch=el7_3

purl pkg:rpm/redhat/java-1.7.1-ibm@1:1.7.1.4.5-1jpp.1?arch=el7_3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-69zc-r9uw-jke5

vulnerability	VCID-c9qw-1g2p-qqcr

vulnerability	VCID-eyjp-7kks-jbfr

vulnerability	VCID-fsu1-jy1q-qkh1

vulnerability	VCID-ft81-49v3-a7cr

vulnerability	VCID-m6xx-a91r-sbhu

vulnerability	VCID-mr6h-6jrp-gyf3

vulnerability	VCID-smft-ms93-6kf1

vulnerability	VCID-su3k-9x5e-rqg4

vulnerability	VCID-zzqd-253d-ykca

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/java-1.7.1-ibm@1:1.7.1.4.5-1jpp.1%3Farch=el7_3

url pkg:rpm/redhat/java-1.7.1-ibm@1:1.7.1.4.5-1jpp.2?arch=el6_9

purl pkg:rpm/redhat/java-1.7.1-ibm@1:1.7.1.4.5-1jpp.2?arch=el6_9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-69zc-r9uw-jke5

vulnerability	VCID-c9qw-1g2p-qqcr

vulnerability	VCID-eyjp-7kks-jbfr

vulnerability	VCID-fsu1-jy1q-qkh1

vulnerability	VCID-ft81-49v3-a7cr

vulnerability	VCID-m6xx-a91r-sbhu

vulnerability	VCID-mr6h-6jrp-gyf3

vulnerability	VCID-smft-ms93-6kf1

vulnerability	VCID-su3k-9x5e-rqg4

vulnerability	VCID-zzqd-253d-ykca

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/java-1.7.1-ibm@1:1.7.1.4.5-1jpp.2%3Farch=el6_9

url pkg:rpm/redhat/java-1.8.0-ibm@1:1.8.0.4.5-1jpp.1?arch=el6_9

purl pkg:rpm/redhat/java-1.8.0-ibm@1:1.8.0.4.5-1jpp.1?arch=el6_9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-69zc-r9uw-jke5

vulnerability	VCID-c9qw-1g2p-qqcr

vulnerability	VCID-eyjp-7kks-jbfr

vulnerability	VCID-fsu1-jy1q-qkh1

vulnerability	VCID-ft81-49v3-a7cr

vulnerability	VCID-m6xx-a91r-sbhu

vulnerability	VCID-mr6h-6jrp-gyf3

vulnerability	VCID-smft-ms93-6kf1

vulnerability	VCID-su3k-9x5e-rqg4

vulnerability	VCID-zzqd-253d-ykca

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/java-1.8.0-ibm@1:1.8.0.4.5-1jpp.1%3Farch=el6_9

url pkg:rpm/redhat/java-1.8.0-ibm@1:1.8.0.4.5-1jpp.1?arch=el7_3

purl pkg:rpm/redhat/java-1.8.0-ibm@1:1.8.0.4.5-1jpp.1?arch=el7_3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-69zc-r9uw-jke5

vulnerability	VCID-c9qw-1g2p-qqcr

vulnerability	VCID-eyjp-7kks-jbfr

vulnerability	VCID-fsu1-jy1q-qkh1

vulnerability	VCID-ft81-49v3-a7cr

vulnerability	VCID-m6xx-a91r-sbhu

vulnerability	VCID-mr6h-6jrp-gyf3

vulnerability	VCID-smft-ms93-6kf1

vulnerability	VCID-su3k-9x5e-rqg4

vulnerability	VCID-zzqd-253d-ykca

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/java-1.8.0-ibm@1:1.8.0.4.5-1jpp.1%3Farch=el7_3

url pkg:rpm/redhat/java-1.8.0-ibm@1:1.8.0.5.5-1jpp.1?arch=el6_9

purl pkg:rpm/redhat/java-1.8.0-ibm@1:1.8.0.5.5-1jpp.1?arch=el6_9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2r75-1ccm-d7aw

vulnerability	VCID-3xyb-xeyq-n3dm

vulnerability	VCID-43vy-2etx-9ucx

vulnerability	VCID-45wy-ban5-qqg8

vulnerability	VCID-49z5-4djw-xuav

vulnerability	VCID-4ucs-3zp9-rqey

vulnerability	VCID-5jvq-evzj-tfcc

vulnerability	VCID-5vrc-h4t3-uucb

vulnerability	VCID-69zc-r9uw-jke5

vulnerability	VCID-7d2e-14yp-pkhq

vulnerability	VCID-8vr7-v6d5-gfhw

vulnerability	VCID-8y3w-1sev-27d4

vulnerability	VCID-9bbp-mutu-bqbf

vulnerability	VCID-9yds-dpzg-4ba9

vulnerability	VCID-a6rq-d1rv-j7dn

vulnerability	VCID-awrz-da8u-7ud2

vulnerability	VCID-bg39-wvte-83c1

vulnerability	VCID-bthw-frhn-wqf6

vulnerability	VCID-c9qw-1g2p-qqcr

vulnerability	VCID-d4gw-vgm6-qbf3

vulnerability	VCID-dtcg-vqnh-kugk

vulnerability	VCID-edzj-4q7d-4bdj

vulnerability	VCID-eyjp-7kks-jbfr

vulnerability	VCID-fsu1-jy1q-qkh1

vulnerability	VCID-ft81-49v3-a7cr

vulnerability	VCID-hxb8-qu7h-8bdu

vulnerability	VCID-kejc-5261-t7c6

vulnerability	VCID-m6xx-a91r-sbhu

vulnerability	VCID-m84d-m2tw-tyet

vulnerability	VCID-mr6h-6jrp-gyf3

vulnerability	VCID-n46g-eb9y-9bds

vulnerability	VCID-ps35-n8f5-uqcr

vulnerability	VCID-qfam-11ye-tkd8

vulnerability	VCID-rvvx-ed8u-auc5

vulnerability	VCID-smft-ms93-6kf1

vulnerability	VCID-su3k-9x5e-rqg4

vulnerability	VCID-u1c5-pgk4-8bcj

vulnerability	VCID-wcc9-n2hm-87fx

vulnerability	VCID-wjun-m9my-5qbb

vulnerability	VCID-xayg-2xtc-r7ej

vulnerability	VCID-xx3g-udjr-7yep

vulnerability	VCID-zzqd-253d-ykca

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/java-1.8.0-ibm@1:1.8.0.5.5-1jpp.1%3Farch=el6_9

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1289.json

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1289.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-1289

reference_id

reference_type

scores

value	0.00923
scoring_system	epss
scoring_elements	0.75935
published_at	2026-04-01T12:55:00Z

value	0.00923
scoring_system	epss
scoring_elements	0.76034
published_at	2026-04-18T12:55:00Z

value	0.00923
scoring_system	epss
scoring_elements	0.75992
published_at	2026-04-13T12:55:00Z

value	0.00923
scoring_system	epss
scoring_elements	0.76031
published_at	2026-04-16T12:55:00Z

value	0.00923
scoring_system	epss
scoring_elements	0.75938
published_at	2026-04-02T12:55:00Z

value	0.00923
scoring_system	epss
scoring_elements	0.75971
published_at	2026-04-04T12:55:00Z

value	0.00923
scoring_system	epss
scoring_elements	0.75949
published_at	2026-04-07T12:55:00Z

value	0.00923
scoring_system	epss
scoring_elements	0.75982
published_at	2026-04-08T12:55:00Z

value	0.00923
scoring_system	epss
scoring_elements	0.75997
published_at	2026-04-09T12:55:00Z

value	0.00923
scoring_system	epss
scoring_elements	0.76022
published_at	2026-04-11T12:55:00Z

value	0.00923
scoring_system	epss
scoring_elements	0.75998
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-1289

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:P

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1449603
reference_id	1449603
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1449603

reference_url	https://access.redhat.com/errata/RHSA-2017:1220
reference_id	RHSA-2017:1220
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1220

reference_url	https://access.redhat.com/errata/RHSA-2017:1221
reference_id	RHSA-2017:1221
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1221

reference_url	https://access.redhat.com/errata/RHSA-2017:1222
reference_id	RHSA-2017:1222
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1222

reference_url	https://access.redhat.com/errata/RHSA-2017:3453
reference_id	RHSA-2017:3453
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3453

Weaknesses

cwe_id	611
name	Improper Restriction of XML External Entity Reference
description	The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

Exploits

Severity_range_score 6.4 - 8.2

Exploitability 0.5

Weighted_severity 7.4

Risk_score 3.7

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-su3k-9x5e-rqg4

Vulnerability Instance