Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.ritense.valtimo/inbox@13.1.3.RELEASE
Typemaven
Namespacecom.ritense.valtimo
Nameinbox
Version13.1.3.RELEASE
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version13.22.0.RELEASE
Latest_non_vulnerable_version13.22.0.RELEASE
Affected_by_vulnerabilities
0
url VCID-pb8u-v2h5-h3hf
vulnerability_id VCID-pb8u-v2h5-h3hf
summary Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0, the InboxHandlingService logs the full content of every incoming inbox message at INFO level. Inbox messages can contain highly sensitive information including personal data (PII), citizen identifiers (BSN), and case details. This data is exposed to anyone with access to application logs or any Valtimo user with the admin role through the Admin UI logging module. This issue has been fixed in version 13.22.0. If developers are unable to upgrade immediately, they can restrict access to application logs and adjust the log level for com.ritense.inbox to WARN or higher in their application configuration as a workaround.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34164
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03196
published_at 2026-06-13T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.03209
published_at 2026-06-14T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.03213
published_at 2026-06-12T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.032
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34164
1
reference_url https://github.com/valtimo-platform/valtimo
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/valtimo-platform/valtimo
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34164
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34164
3
reference_url https://github.com/valtimo-platform/valtimo/releases/tag/13.22.0
reference_id 13.22.0
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-18T02:44:28Z/
url https://github.com/valtimo-platform/valtimo/releases/tag/13.22.0
4
reference_url https://github.com/valtimo-platform/valtimo/pull/497
reference_id 497
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-18T02:44:28Z/
url https://github.com/valtimo-platform/valtimo/pull/497
5
reference_url https://github.com/generiekzaakafhandelcomponent/gzac-issues/issues/653
reference_id 653
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-18T02:44:28Z/
url https://github.com/generiekzaakafhandelcomponent/gzac-issues/issues/653
6
reference_url https://github.com/valtimo-platform/valtimo/commit/f16a1940ba7b34627c0b966f98ca78655ace9335
reference_id f16a1940ba7b34627c0b966f98ca78655ace9335
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-18T02:44:28Z/
url https://github.com/valtimo-platform/valtimo/commit/f16a1940ba7b34627c0b966f98ca78655ace9335
7
reference_url https://github.com/advisories/GHSA-hfrg-mcvw-8mch
reference_id GHSA-hfrg-mcvw-8mch
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hfrg-mcvw-8mch
8
reference_url https://github.com/valtimo-platform/valtimo/security/advisories/GHSA-hfrg-mcvw-8mch
reference_id GHSA-hfrg-mcvw-8mch
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-18T02:44:28Z/
url https://github.com/valtimo-platform/valtimo/security/advisories/GHSA-hfrg-mcvw-8mch
fixed_packages
0
url pkg:maven/com.ritense.valtimo/inbox@13.22.0
purl pkg:maven/com.ritense.valtimo/inbox@13.22.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.ritense.valtimo/inbox@13.22.0
1
url pkg:maven/com.ritense.valtimo/inbox@13.22.0.RELEASE
purl pkg:maven/com.ritense.valtimo/inbox@13.22.0.RELEASE
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.ritense.valtimo/inbox@13.22.0.RELEASE
aliases CVE-2026-34164, GHSA-hfrg-mcvw-8mch
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pb8u-v2h5-h3hf
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.ritense.valtimo/inbox@13.1.3.RELEASE