Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/commons-configuration2@2.2-1%2Bdeb10u1
Typedeb
Namespacedebian
Namecommons-configuration2
Version2.2-1+deb10u1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.11.0-2
Latest_non_vulnerable_version2.11.0-2
Affected_by_vulnerabilities
0
url VCID-cy9f-u66u-6ben
vulnerability_id VCID-cy9f-u66u-6ben
summary 
Remote code execution in Apache Commons Configuration
Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this library. So if a YAML file was loaded from an untrusted source, it could therefore load and execute code out of the control of the host application.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1953.json
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1953.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1953
reference_id
reference_type
scores
0
value 0.02732
scoring_system epss
scoring_elements 0.8602
published_at 2026-05-05T12:55:00Z
1
value 0.02732
scoring_system epss
scoring_elements 0.86
published_at 2026-04-29T12:55:00Z
2
value 0.02732
scoring_system epss
scoring_elements 0.85977
published_at 2026-04-16T12:55:00Z
3
value 0.02732
scoring_system epss
scoring_elements 0.85904
published_at 2026-04-02T12:55:00Z
4
value 0.02732
scoring_system epss
scoring_elements 0.8592
published_at 2026-04-04T12:55:00Z
5
value 0.02732
scoring_system epss
scoring_elements 0.85922
published_at 2026-04-07T12:55:00Z
6
value 0.02732
scoring_system epss
scoring_elements 0.85941
published_at 2026-04-08T12:55:00Z
7
value 0.02732
scoring_system epss
scoring_elements 0.85951
published_at 2026-04-09T12:55:00Z
8
value 0.02732
scoring_system epss
scoring_elements 0.85965
published_at 2026-04-11T12:55:00Z
9
value 0.02732
scoring_system epss
scoring_elements 0.85963
published_at 2026-04-12T12:55:00Z
10
value 0.02732
scoring_system epss
scoring_elements 0.85958
published_at 2026-04-13T12:55:00Z
11
value 0.02732
scoring_system epss
scoring_elements 0.85981
published_at 2026-04-18T12:55:00Z
12
value 0.02732
scoring_system epss
scoring_elements 0.85991
published_at 2026-04-24T12:55:00Z
13
value 0.02732
scoring_system epss
scoring_elements 0.85892
published_at 2026-04-01T12:55:00Z
14
value 0.02732
scoring_system epss
scoring_elements 0.85971
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1953
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1953
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1953
3
reference_url https://github.com/apache/commons-configuration/commit/add7375cf37fd316d4838c6c56b054fc293b4641
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/commons-configuration/commit/add7375cf37fd316d4838c6c56b054fc293b4641
4
reference_url https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600%40%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600%40%3Cannounce.tomcat.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r16a2e949e35780c8974cf66104e812410f3904f752df6b66bf292269@%3Ccommits.servicecomb.apache.org%3E
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r16a2e949e35780c8974cf66104e812410f3904f752df6b66bf292269@%3Ccommits.servicecomb.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r16a2e949e35780c8974cf66104e812410f3904f752df6b66bf292269%40%3Ccommits.servicecomb.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r16a2e949e35780c8974cf66104e812410f3904f752df6b66bf292269%40%3Ccommits.servicecomb.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/rde2186ad6ac0d6ed8d51af7509244adcf1ce0f9a3b7e1d1dd3b64676@%3Ccommits.camel.apache.org%3E
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rde2186ad6ac0d6ed8d51af7509244adcf1ce0f9a3b7e1d1dd3b64676@%3Ccommits.camel.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/rde2186ad6ac0d6ed8d51af7509244adcf1ce0f9a3b7e1d1dd3b64676%40%3Ccommits.camel.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rde2186ad6ac0d6ed8d51af7509244adcf1ce0f9a3b7e1d1dd3b64676%40%3Ccommits.camel.apache.org%3E
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1953
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1953
11
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1815212
reference_id 1815212
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1815212
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954713
reference_id 954713
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954713
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:commons_configuration:2.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:commons_configuration:2.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:commons_configuration:2.2:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:commons_configuration:2.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:commons_configuration:2.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:commons_configuration:2.3:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:commons_configuration:2.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:commons_configuration:2.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:commons_configuration:2.4:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:commons_configuration:2.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:commons_configuration:2.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:commons_configuration:2.5:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:commons_configuration:2.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:commons_configuration:2.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:commons_configuration:2.6:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:database_server:11.2.0.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:database_server:11.2.0.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:database_server:11.2.0.4:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:database_server:12.2.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:database_server:12.2.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:database_server:12.2.0.1:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:database_server:19c:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:database_server:19c:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:database_server:19c:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
28
reference_url https://github.com/advisories/GHSA-7qx4-pp76-vrqh
reference_id GHSA-7qx4-pp76-vrqh
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7qx4-pp76-vrqh
29
reference_url https://access.redhat.com/errata/RHSA-2020:2751
reference_id RHSA-2020:2751
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2751
30
reference_url https://access.redhat.com/errata/RHSA-2020:3133
reference_id RHSA-2020:3133
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3133
31
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
fixed_packages
0
url pkg:deb/debian/commons-configuration2@2.8.0-1~deb11u1
purl pkg:deb/debian/commons-configuration2@2.8.0-1~deb11u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7dw4-pssj-dqf8
1
vulnerability VCID-y9pv-wgb6-mfa7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/commons-configuration2@2.8.0-1~deb11u1
aliases CVE-2020-1953, GHSA-7qx4-pp76-vrqh
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cy9f-u66u-6ben
1
url VCID-mbst-3bec-ykcq
vulnerability_id VCID-mbst-3bec-ykcq
summary 
Code injection in Apache Commons Configuration
Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators by default.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-33980.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-33980.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-33980
reference_id
reference_type
scores
0
value 0.86659
scoring_system epss
scoring_elements 0.99426
published_at 2026-05-05T12:55:00Z
1
value 0.86659
scoring_system epss
scoring_elements 0.99422
published_at 2026-04-13T12:55:00Z
2
value 0.86659
scoring_system epss
scoring_elements 0.99425
published_at 2026-04-29T12:55:00Z
3
value 0.86659
scoring_system epss
scoring_elements 0.99423
published_at 2026-04-21T12:55:00Z
4
value 0.86659
scoring_system epss
scoring_elements 0.99424
published_at 2026-04-16T12:55:00Z
5
value 0.86659
scoring_system epss
scoring_elements 0.99414
published_at 2026-04-02T12:55:00Z
6
value 0.86659
scoring_system epss
scoring_elements 0.99417
published_at 2026-04-07T12:55:00Z
7
value 0.86659
scoring_system epss
scoring_elements 0.99418
published_at 2026-04-08T12:55:00Z
8
value 0.86659
scoring_system epss
scoring_elements 0.99419
published_at 2026-04-09T12:55:00Z
9
value 0.86659
scoring_system epss
scoring_elements 0.9942
published_at 2026-04-11T12:55:00Z
10
value 0.86659
scoring_system epss
scoring_elements 0.99421
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-33980
2
reference_url https://commons.apache.org/proper/commons-configuration/changes-report.html#a2.8.0
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://commons.apache.org/proper/commons-configuration/changes-report.html#a2.8.0
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33980
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33980
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/apache/commons-configuration
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/commons-configuration
6
reference_url https://issues.apache.org/jira/browse/CONFIGURATION-753
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/CONFIGURATION-753
7
reference_url https://issues.apache.org/jira/browse/CONFIGURATION-764
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/CONFIGURATION-764
8
reference_url https://lists.apache.org/thread/tdf5n7j80lfxdhs2764vn0xmpfodm87s
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/tdf5n7j80lfxdhs2764vn0xmpfodm87s
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-33980
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-33980
10
reference_url https://security.netapp.com/advisory/ntap-20221028-0015
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20221028-0015
11
reference_url https://security.netapp.com/advisory/ntap-20221028-0015/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20221028-0015/
12
reference_url https://www.debian.org/security/2022/dsa-5290
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5290
13
reference_url http://www.openwall.com/lists/oss-security/2022/07/06/5
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/07/06/5
14
reference_url http://www.openwall.com/lists/oss-security/2022/11/15/4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/11/15/4
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014960
reference_id 1014960
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014960
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2105067
reference_id 2105067
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2105067
17
reference_url https://github.com/advisories/GHSA-xj57-8qj4-c4m6
reference_id GHSA-xj57-8qj4-c4m6
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xj57-8qj4-c4m6
18
reference_url https://access.redhat.com/errata/RHSA-2022:6916
reference_id RHSA-2022:6916
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6916
19
reference_url https://access.redhat.com/errata/RHSA-2022:8652
reference_id RHSA-2022:8652
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8652
20
reference_url https://access.redhat.com/errata/RHSA-2023:2097
reference_id RHSA-2023:2097
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2097
fixed_packages
0
url pkg:deb/debian/commons-configuration2@2.8.0-1~deb11u1
purl pkg:deb/debian/commons-configuration2@2.8.0-1~deb11u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7dw4-pssj-dqf8
1
vulnerability VCID-y9pv-wgb6-mfa7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/commons-configuration2@2.8.0-1~deb11u1
aliases CVE-2022-33980, GHSA-xj57-8qj4-c4m6
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mbst-3bec-ykcq
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/commons-configuration2@2.2-1%252Bdeb10u1