VulnerableCode Package Details - pkg:maven/com.orientechnologies/orientdb-studio@2.1.1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/com.orientechnologies/orientdb-studio@2.1.1

purl	pkg:maven/com.orientechnologies/orientdb-studio@2.1.1

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (2)

Vulnerability	Summary	Aliases
VCID-m9dw-fhtn-dffn	Improper Input Validation The Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.	CVE-2015-2918 GHSA-g4gg-9f62-jfph
VCID-xs9z-avgh-t3by	Cross-Site Request Forgery (CSRF) The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted HTTP request.	CVE-2015-2912 GHSA-p8ww-vv84-c2rm

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:38:31.147699+00:00	GitLab Importer	Fixing	VCID-xs9z-avgh-t3by	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.orientechnologies/orientdb-studio/CVE-2015-2912.yml	38.6.0
2026-06-02T04:38:29.476829+00:00	GitLab Importer	Fixing	VCID-m9dw-fhtn-dffn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.orientechnologies/orientdb-studio/CVE-2015-2918.yml	38.6.0