Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.commons/commons-configuration2@2.4
Typemaven
Namespaceorg.apache.commons
Namecommons-configuration2
Version2.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.10.1
Latest_non_vulnerable_version2.10.1
Affected_by_vulnerabilities
0
url VCID-7dw4-pssj-dqf8
vulnerability_id VCID-7dw4-pssj-dqf8
summary 
Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree
This Out-of-bounds Write vulnerability in Apache Commons Configuration affects Apache Commons Configuration: from 2.0 before 2.10.1. User can see this as a 'StackOverflowError' calling 'ListDelimiterHandler.flatten(Object, int)' with a cyclical object tree.
Users are recommended to upgrade to version 2.10.1, which fixes the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29133.json
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29133.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-29133
reference_id
reference_type
scores
0
value 0.00737
scoring_system epss
scoring_elements 0.72775
published_at 2026-04-07T12:55:00Z
1
value 0.00737
scoring_system epss
scoring_elements 0.72799
published_at 2026-04-04T12:55:00Z
2
value 0.00737
scoring_system epss
scoring_elements 0.72778
published_at 2026-04-02T12:55:00Z
3
value 0.00737
scoring_system epss
scoring_elements 0.72814
published_at 2026-04-08T12:55:00Z
4
value 0.00997
scoring_system epss
scoring_elements 0.7704
published_at 2026-04-29T12:55:00Z
5
value 0.00997
scoring_system epss
scoring_elements 0.76947
published_at 2026-04-09T12:55:00Z
6
value 0.00997
scoring_system epss
scoring_elements 0.76974
published_at 2026-04-11T12:55:00Z
7
value 0.00997
scoring_system epss
scoring_elements 0.76953
published_at 2026-04-12T12:55:00Z
8
value 0.00997
scoring_system epss
scoring_elements 0.76949
published_at 2026-04-13T12:55:00Z
9
value 0.00997
scoring_system epss
scoring_elements 0.7699
published_at 2026-04-16T12:55:00Z
10
value 0.00997
scoring_system epss
scoring_elements 0.76992
published_at 2026-04-18T12:55:00Z
11
value 0.00997
scoring_system epss
scoring_elements 0.76985
published_at 2026-04-21T12:55:00Z
12
value 0.00997
scoring_system epss
scoring_elements 0.77019
published_at 2026-04-24T12:55:00Z
13
value 0.00997
scoring_system epss
scoring_elements 0.77026
published_at 2026-04-26T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-29133
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29133
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29133
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/commons-configuration/commit/43f4dab021e9acb8db390db2ae80aa0cee4f9ee4
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/commons-configuration/commit/43f4dab021e9acb8db390db2ae80aa0cee4f9ee4
5
reference_url https://issues.apache.org/jira/browse/CONFIGURATION-841
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/CONFIGURATION-841
6
reference_url https://lists.apache.org/thread/ccb9w15bscznh6tnp3wsvrrj9crbszh2
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-29T14:19:05Z/
url https://lists.apache.org/thread/ccb9w15bscznh6tnp3wsvrrj9crbszh2
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNKDKEEKZNL5FGCTZKJ6CFXFVWFL5FJ7
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNKDKEEKZNL5FGCTZKJ6CFXFVWFL5FJ7
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YD4AFTIIQW662LUAQRMWS6BBKYSZG3YS
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YD4AFTIIQW662LUAQRMWS6BBKYSZG3YS
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-29133
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-29133
10
reference_url http://www.openwall.com/lists/oss-security/2024/03/20/3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-29T14:19:05Z/
url http://www.openwall.com/lists/oss-security/2024/03/20/3
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067514
reference_id 1067514
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067514
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2270673
reference_id 2270673
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2270673
13
reference_url https://github.com/advisories/GHSA-9w38-p64v-xpmv
reference_id GHSA-9w38-p64v-xpmv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9w38-p64v-xpmv
14
reference_url https://access.redhat.com/errata/RHSA-2024:3920
reference_id RHSA-2024:3920
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3920
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNKDKEEKZNL5FGCTZKJ6CFXFVWFL5FJ7/
reference_id SNKDKEEKZNL5FGCTZKJ6CFXFVWFL5FJ7
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-29T14:19:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNKDKEEKZNL5FGCTZKJ6CFXFVWFL5FJ7/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YD4AFTIIQW662LUAQRMWS6BBKYSZG3YS/
reference_id YD4AFTIIQW662LUAQRMWS6BBKYSZG3YS
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-29T14:19:05Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YD4AFTIIQW662LUAQRMWS6BBKYSZG3YS/
fixed_packages
0
url pkg:maven/org.apache.commons/commons-configuration2@2.10.1
purl pkg:maven/org.apache.commons/commons-configuration2@2.10.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-configuration2@2.10.1
aliases CVE-2024-29133, GHSA-9w38-p64v-xpmv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7dw4-pssj-dqf8
1
url VCID-cy9f-u66u-6ben
vulnerability_id VCID-cy9f-u66u-6ben
summary 
Remote code execution in Apache Commons Configuration
Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this library. So if a YAML file was loaded from an untrusted source, it could therefore load and execute code out of the control of the host application.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1953.json
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1953.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1953
reference_id
reference_type
scores
0
value 0.02732
scoring_system epss
scoring_elements 0.86
published_at 2026-04-29T12:55:00Z
1
value 0.02732
scoring_system epss
scoring_elements 0.85892
published_at 2026-04-01T12:55:00Z
2
value 0.02732
scoring_system epss
scoring_elements 0.85904
published_at 2026-04-02T12:55:00Z
3
value 0.02732
scoring_system epss
scoring_elements 0.8592
published_at 2026-04-04T12:55:00Z
4
value 0.02732
scoring_system epss
scoring_elements 0.85922
published_at 2026-04-07T12:55:00Z
5
value 0.02732
scoring_system epss
scoring_elements 0.85941
published_at 2026-04-08T12:55:00Z
6
value 0.02732
scoring_system epss
scoring_elements 0.85951
published_at 2026-04-09T12:55:00Z
7
value 0.02732
scoring_system epss
scoring_elements 0.85965
published_at 2026-04-11T12:55:00Z
8
value 0.02732
scoring_system epss
scoring_elements 0.85963
published_at 2026-04-12T12:55:00Z
9
value 0.02732
scoring_system epss
scoring_elements 0.85958
published_at 2026-04-13T12:55:00Z
10
value 0.02732
scoring_system epss
scoring_elements 0.85977
published_at 2026-04-16T12:55:00Z
11
value 0.02732
scoring_system epss
scoring_elements 0.85981
published_at 2026-04-18T12:55:00Z
12
value 0.02732
scoring_system epss
scoring_elements 0.85971
published_at 2026-04-21T12:55:00Z
13
value 0.02732
scoring_system epss
scoring_elements 0.85991
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1953
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1953
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1953
3
reference_url https://github.com/apache/commons-configuration/commit/add7375cf37fd316d4838c6c56b054fc293b4641
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/commons-configuration/commit/add7375cf37fd316d4838c6c56b054fc293b4641
4
reference_url https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600%40%3Cannounce.tomcat.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600%40%3Cannounce.tomcat.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r16a2e949e35780c8974cf66104e812410f3904f752df6b66bf292269@%3Ccommits.servicecomb.apache.org%3E
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r16a2e949e35780c8974cf66104e812410f3904f752df6b66bf292269@%3Ccommits.servicecomb.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r16a2e949e35780c8974cf66104e812410f3904f752df6b66bf292269%40%3Ccommits.servicecomb.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r16a2e949e35780c8974cf66104e812410f3904f752df6b66bf292269%40%3Ccommits.servicecomb.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/rde2186ad6ac0d6ed8d51af7509244adcf1ce0f9a3b7e1d1dd3b64676@%3Ccommits.camel.apache.org%3E
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rde2186ad6ac0d6ed8d51af7509244adcf1ce0f9a3b7e1d1dd3b64676@%3Ccommits.camel.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/rde2186ad6ac0d6ed8d51af7509244adcf1ce0f9a3b7e1d1dd3b64676%40%3Ccommits.camel.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rde2186ad6ac0d6ed8d51af7509244adcf1ce0f9a3b7e1d1dd3b64676%40%3Ccommits.camel.apache.org%3E
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1953
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1953
11
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1815212
reference_id 1815212
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1815212
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954713
reference_id 954713
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954713
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:commons_configuration:2.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:commons_configuration:2.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:commons_configuration:2.2:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:commons_configuration:2.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:commons_configuration:2.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:commons_configuration:2.3:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:commons_configuration:2.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:commons_configuration:2.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:commons_configuration:2.4:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:commons_configuration:2.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:commons_configuration:2.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:commons_configuration:2.5:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:commons_configuration:2.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:commons_configuration:2.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:commons_configuration:2.6:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:database_server:11.2.0.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:database_server:11.2.0.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:database_server:11.2.0.4:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:database_server:12.2.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:database_server:12.2.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:database_server:12.2.0.1:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:database_server:19c:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:database_server:19c:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:database_server:19c:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
28
reference_url https://github.com/advisories/GHSA-7qx4-pp76-vrqh
reference_id GHSA-7qx4-pp76-vrqh
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7qx4-pp76-vrqh
29
reference_url https://access.redhat.com/errata/RHSA-2020:2751
reference_id RHSA-2020:2751
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2751
30
reference_url https://access.redhat.com/errata/RHSA-2020:3133
reference_id RHSA-2020:3133
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3133
31
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
fixed_packages
0
url pkg:maven/org.apache.commons/commons-configuration2@2.7
purl pkg:maven/org.apache.commons/commons-configuration2@2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7dw4-pssj-dqf8
1
vulnerability VCID-mbst-3bec-ykcq
2
vulnerability VCID-y9pv-wgb6-mfa7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-configuration2@2.7
aliases CVE-2020-1953, GHSA-7qx4-pp76-vrqh
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cy9f-u66u-6ben
2
url VCID-mbst-3bec-ykcq
vulnerability_id VCID-mbst-3bec-ykcq
summary 
Code injection in Apache Commons Configuration
Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators by default.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-33980.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-33980.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-33980
reference_id
reference_type
scores
0
value 0.86659
scoring_system epss
scoring_elements 0.99425
published_at 2026-04-29T12:55:00Z
1
value 0.86659
scoring_system epss
scoring_elements 0.9942
published_at 2026-04-11T12:55:00Z
2
value 0.86659
scoring_system epss
scoring_elements 0.99423
published_at 2026-04-21T12:55:00Z
3
value 0.86659
scoring_system epss
scoring_elements 0.99424
published_at 2026-04-16T12:55:00Z
4
value 0.86659
scoring_system epss
scoring_elements 0.99422
published_at 2026-04-13T12:55:00Z
5
value 0.86659
scoring_system epss
scoring_elements 0.99421
published_at 2026-04-12T12:55:00Z
6
value 0.86659
scoring_system epss
scoring_elements 0.99414
published_at 2026-04-02T12:55:00Z
7
value 0.86659
scoring_system epss
scoring_elements 0.99417
published_at 2026-04-07T12:55:00Z
8
value 0.86659
scoring_system epss
scoring_elements 0.99418
published_at 2026-04-08T12:55:00Z
9
value 0.86659
scoring_system epss
scoring_elements 0.99419
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-33980
2
reference_url https://commons.apache.org/proper/commons-configuration/changes-report.html#a2.8.0
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://commons.apache.org/proper/commons-configuration/changes-report.html#a2.8.0
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33980
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33980
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/apache/commons-configuration
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/commons-configuration
6
reference_url https://issues.apache.org/jira/browse/CONFIGURATION-753
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/CONFIGURATION-753
7
reference_url https://issues.apache.org/jira/browse/CONFIGURATION-764
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/CONFIGURATION-764
8
reference_url https://lists.apache.org/thread/tdf5n7j80lfxdhs2764vn0xmpfodm87s
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/tdf5n7j80lfxdhs2764vn0xmpfodm87s
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-33980
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-33980
10
reference_url https://security.netapp.com/advisory/ntap-20221028-0015
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20221028-0015
11
reference_url https://security.netapp.com/advisory/ntap-20221028-0015/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20221028-0015/
12
reference_url https://www.debian.org/security/2022/dsa-5290
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5290
13
reference_url http://www.openwall.com/lists/oss-security/2022/07/06/5
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/07/06/5
14
reference_url http://www.openwall.com/lists/oss-security/2022/11/15/4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/11/15/4
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014960
reference_id 1014960
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014960
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2105067
reference_id 2105067
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2105067
17
reference_url https://github.com/advisories/GHSA-xj57-8qj4-c4m6
reference_id GHSA-xj57-8qj4-c4m6
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xj57-8qj4-c4m6
18
reference_url https://access.redhat.com/errata/RHSA-2022:6916
reference_id RHSA-2022:6916
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6916
19
reference_url https://access.redhat.com/errata/RHSA-2022:8652
reference_id RHSA-2022:8652
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8652
20
reference_url https://access.redhat.com/errata/RHSA-2023:2097
reference_id RHSA-2023:2097
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2097
fixed_packages
0
url pkg:maven/org.apache.commons/commons-configuration2@2.8.0
purl pkg:maven/org.apache.commons/commons-configuration2@2.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7dw4-pssj-dqf8
1
vulnerability VCID-y9pv-wgb6-mfa7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-configuration2@2.8.0
1
url pkg:maven/org.apache.commons/commons-configuration2@2.8
purl pkg:maven/org.apache.commons/commons-configuration2@2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-configuration2@2.8
aliases CVE-2022-33980, GHSA-xj57-8qj4-c4m6
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mbst-3bec-ykcq
3
url VCID-y9pv-wgb6-mfa7
vulnerability_id VCID-y9pv-wgb6-mfa7
summary 
Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()
This Out-of-bounds Write vulnerability in Apache Commons Configuration affects Apache Commons Configuration: from 2.0 before 2.10.1. User can see this as a 'StackOverflowError' when adding a property in 'AbstractListDelimiterHandler.flattenIterator()'.
Users are recommended to upgrade to version 2.10.1, which fixes the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29131.json
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29131.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-29131
reference_id
reference_type
scores
0
value 0.00183
scoring_system epss
scoring_elements 0.40102
published_at 2026-04-04T12:55:00Z
1
value 0.00183
scoring_system epss
scoring_elements 0.40022
published_at 2026-04-07T12:55:00Z
2
value 0.00183
scoring_system epss
scoring_elements 0.40076
published_at 2026-04-08T12:55:00Z
3
value 0.00248
scoring_system epss
scoring_elements 0.48099
published_at 2026-04-21T12:55:00Z
4
value 0.00248
scoring_system epss
scoring_elements 0.48144
published_at 2026-04-18T12:55:00Z
5
value 0.00248
scoring_system epss
scoring_elements 0.48087
published_at 2026-04-09T12:55:00Z
6
value 0.00248
scoring_system epss
scoring_elements 0.4811
published_at 2026-04-11T12:55:00Z
7
value 0.00248
scoring_system epss
scoring_elements 0.48085
published_at 2026-04-12T12:55:00Z
8
value 0.00248
scoring_system epss
scoring_elements 0.48149
published_at 2026-04-16T12:55:00Z
9
value 0.00248
scoring_system epss
scoring_elements 0.48096
published_at 2026-04-13T12:55:00Z
10
value 0.00248
scoring_system epss
scoring_elements 0.48039
published_at 2026-04-29T12:55:00Z
11
value 0.00248
scoring_system epss
scoring_elements 0.48091
published_at 2026-04-26T12:55:00Z
12
value 0.00248
scoring_system epss
scoring_elements 0.4808
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-29131
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29131
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29131
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/commons-configuration
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/commons-configuration
5
reference_url https://github.com/apache/commons-configuration/commit/56b5c4dcdffbde27870df5a3105d6a5f9b22f554
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/commons-configuration/commit/56b5c4dcdffbde27870df5a3105d6a5f9b22f554
6
reference_url https://issues.apache.org/jira/browse/CONFIGURATION-840
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/CONFIGURATION-840
7
reference_url https://lists.apache.org/thread/03nzzzjn4oknyw5y0871tw7ltj0t3r37
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-29T15:57:00Z/
url https://lists.apache.org/thread/03nzzzjn4oknyw5y0871tw7ltj0t3r37
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNKDKEEKZNL5FGCTZKJ6CFXFVWFL5FJ7
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNKDKEEKZNL5FGCTZKJ6CFXFVWFL5FJ7
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YD4AFTIIQW662LUAQRMWS6BBKYSZG3YS
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YD4AFTIIQW662LUAQRMWS6BBKYSZG3YS
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-29131
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-29131
11
reference_url https://security.netapp.com/advisory/ntap-20241213-0001
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20241213-0001
12
reference_url http://www.openwall.com/lists/oss-security/2024/03/20/4
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-29T15:57:00Z/
url http://www.openwall.com/lists/oss-security/2024/03/20/4
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067513
reference_id 1067513
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067513
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2270674
reference_id 2270674
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2270674
15
reference_url https://github.com/advisories/GHSA-xjp4-hw94-mvp5
reference_id GHSA-xjp4-hw94-mvp5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xjp4-hw94-mvp5
16
reference_url https://access.redhat.com/errata/RHSA-2024:3920
reference_id RHSA-2024:3920
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3920
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNKDKEEKZNL5FGCTZKJ6CFXFVWFL5FJ7/
reference_id SNKDKEEKZNL5FGCTZKJ6CFXFVWFL5FJ7
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-29T15:57:00Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNKDKEEKZNL5FGCTZKJ6CFXFVWFL5FJ7/
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YD4AFTIIQW662LUAQRMWS6BBKYSZG3YS/
reference_id YD4AFTIIQW662LUAQRMWS6BBKYSZG3YS
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-29T15:57:00Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YD4AFTIIQW662LUAQRMWS6BBKYSZG3YS/
fixed_packages
0
url pkg:maven/org.apache.commons/commons-configuration2@2.10.1
purl pkg:maven/org.apache.commons/commons-configuration2@2.10.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-configuration2@2.10.1
aliases CVE-2024-29131, GHSA-xjp4-hw94-mvp5
risk_score 3.3
exploitability 0.5
weighted_severity 6.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y9pv-wgb6-mfa7
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-configuration2@2.4