Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.springframework.data/spring-data-rest-core@2.5.0.RELEASE
Typemaven
Namespaceorg.springframework.data
Namespring-data-rest-core
Version2.5.0.RELEASE
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.6.9.RELEASE
Latest_non_vulnerable_version3.7.3
Affected_by_vulnerabilities
0
url VCID-g7ce-fs6u-abdp
vulnerability_id VCID-g7ce-fs6u-abdp
summary Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2405
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2405
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8046.json
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8046.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-8046
reference_id
reference_type
scores
0
value 0.93978
scoring_system epss
scoring_elements 0.99892
published_at 2026-04-26T12:55:00Z
1
value 0.93978
scoring_system epss
scoring_elements 0.99887
published_at 2026-04-01T12:55:00Z
2
value 0.93978
scoring_system epss
scoring_elements 0.99888
published_at 2026-04-04T12:55:00Z
3
value 0.93978
scoring_system epss
scoring_elements 0.99889
published_at 2026-04-12T12:55:00Z
4
value 0.93978
scoring_system epss
scoring_elements 0.9989
published_at 2026-04-21T12:55:00Z
5
value 0.93978
scoring_system epss
scoring_elements 0.99891
published_at 2026-04-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-8046
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1553024
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1553024
4
reference_url https://github.com/spring-projects/spring-data-rest
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-data-rest
5
reference_url https://github.com/spring-projects/spring-data-rest/commit/824e51a1304bbc8334ac0b96ffaef588177e6cc
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-data-rest/commit/824e51a1304bbc8334ac0b96ffaef588177e6cc
6
reference_url https://github.com/spring-projects/spring-data-rest/commit/8f269e28fe8038a6c60f31a1c36cfda04795ab45
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-data-rest/commit/8f269e28fe8038a6c60f31a1c36cfda04795ab45
7
reference_url https://github.com/spring-projects/spring-data-rest/issues/1487
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-data-rest/issues/1487
8
reference_url https://github.com/spring-projects/spring-data-rest/issues/1520
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-data-rest/issues/1520
9
reference_url https://jira.spring.io/browse/DATAREST-1127
reference_id
reference_type
scores
url https://jira.spring.io/browse/DATAREST-1127
10
reference_url https://jira.spring.io/browse/DATAREST-1127?redirect=false
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://jira.spring.io/browse/DATAREST-1127?redirect=false
11
reference_url https://jira.spring.io/browse/DATAREST-1152
reference_id
reference_type
scores
url https://jira.spring.io/browse/DATAREST-1152
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-8046
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-8046
13
reference_url https://www.exploit-db.com/exploits/44289/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/44289/
14
reference_url http://www.securityfocus.com/bid/100948
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/100948
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:pivotal_software:spring_data_rest:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest:*:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:m1:*:*:*:*:*:*
reference_id cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:m1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:m1:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:m2:*:*:*:*:*:*
reference_id cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:m2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:m2:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:m3:*:*:*:*:*:*
reference_id cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:m3:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:m3:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:m4:*:*:*:*:*:*
reference_id cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:m4:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:m4:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:rc1:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:rc2:*:*:*:*:*:*
reference_id cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:rc2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:rc2:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:rc3:*:*:*:*:*:*
reference_id cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:rc3:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest:3.0.0:rc3:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_boot:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:spring_boot:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_boot:*:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_boot:2.0.0:milestone1:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:spring_boot:2.0.0:milestone1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_boot:2.0.0:milestone1:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_boot:2.0.0:milestone2:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:spring_boot:2.0.0:milestone2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_boot:2.0.0:milestone2:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_boot:2.0.0:milestone3:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:spring_boot:2.0.0:milestone3:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_boot:2.0.0:milestone3:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_boot:2.0.0:milestone4:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:spring_boot:2.0.0:milestone4:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_boot:2.0.0:milestone4:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_boot:2.0.0:milestone5:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:spring_boot:2.0.0:milestone5:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_boot:2.0.0:milestone5:*:*:*:*:*:*
30
reference_url https://github.com/m3ssap0/spring-break_cve-2017-8046
reference_id CVE-2017-8046
reference_type exploit
scores
url https://github.com/m3ssap0/spring-break_cve-2017-8046
31
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/44289.java
reference_id CVE-2017-8046
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/44289.java
32
reference_url https://pivotal.io/security/cve-2017-8046
reference_id CVE-2017-8046
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://pivotal.io/security/cve-2017-8046
33
reference_url https://github.com/advisories/GHSA-9qf9-28h9-hqcj
reference_id GHSA-9qf9-28h9-hqcj
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9qf9-28h9-hqcj
fixed_packages
0
url pkg:maven/org.springframework.data/spring-data-rest-core@2.6.9.RELEASE
purl pkg:maven/org.springframework.data/spring-data-rest-core@2.6.9.RELEASE
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-rest-core@2.6.9.RELEASE
1
url pkg:maven/org.springframework.data/spring-data-rest-core@3.0.1.RELEASE
purl pkg:maven/org.springframework.data/spring-data-rest-core@3.0.1.RELEASE
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-rest-core@3.0.1.RELEASE
aliases CVE-2017-8046, GHSA-9qf9-28h9-hqcj
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g7ce-fs6u-abdp
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-rest-core@2.5.0.RELEASE