Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.qpid/proton-j@0.9.1

Type maven

Namespace org.apache.qpid

Name proton-j

Version 0.9.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 0.30.0

Latest_non_vulnerable_version 0.30.0

Affected_by_vulnerabilities

url VCID-6xkf-evrx-pyau

vulnerability_id VCID-6xkf-evrx-pyau

summary

Exposure of Sensitive Information to an Unauthorized Actor
The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182414.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182414.html

reference_url

http://packetstormsecurity.com/files/136403/Apache-Qpid-Proton-0.12.0-SSL-Failure.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/136403/Apache-Qpid-Proton-0.12.0-SSL-Failure.html

reference_url

http://qpid.apache.org/releases/qpid-proton-0.12.1/release-notes.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://qpid.apache.org/releases/qpid-proton-0.12.1/release-notes.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2166.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2166.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-2166

reference_id

reference_type

scores

value	0.00271
scoring_system	epss
scoring_elements	0.50599
published_at	2026-04-13T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50504
published_at	2026-04-01T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.5056
published_at	2026-04-02T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50588
published_at	2026-04-04T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50541
published_at	2026-04-07T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50596
published_at	2026-04-08T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50593
published_at	2026-04-09T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50635
published_at	2026-04-11T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50613
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-2166

reference_url	https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git%3Bh=a058585
reference_id
reference_type
scores
url	https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git%3Bh=a058585

reference_url

https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git;h=a058585

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git;h=a058585

reference_url

https://issues.apache.org/jira/browse/PROTON-1157

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/PROTON-1157

reference_url

https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d@%3Ccommits.qpid.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d@%3Ccommits.qpid.apache.org%3E

reference_url	https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d%40%3Ccommits.qpid.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d%40%3Ccommits.qpid.apache.org%3E

reference_url

http://www.securityfocus.com/archive/1/537864/100/0/threaded

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/archive/1/537864/100/0/threaded

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1320842
reference_id	1320842
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1320842

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:qpid_proton::::::::
reference_id	cpe:2.3:a:apache:qpid_proton::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:qpid_proton::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:23:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-2166

reference_id

CVE-2016-2166

reference_type

scores

value	5.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:N

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-2166

reference_url

https://github.com/advisories/GHSA-f5cf-f7px-xpmh

reference_id

GHSA-f5cf-f7px-xpmh

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-f5cf-f7px-xpmh

fixed_packages

url pkg:maven/org.apache.qpid/proton-j@0.12.1

purl pkg:maven/org.apache.qpid/proton-j@0.12.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9nj7-fupw-vqaw

vulnerability	VCID-sbrt-43uu-6qgt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.qpid/proton-j@0.12.1

aliases CVE-2016-2166, GHSA-f5cf-f7px-xpmh

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6xkf-evrx-pyau

url VCID-9nj7-fupw-vqaw

vulnerability_id VCID-9nj7-fupw-vqaw

summary

Withdrawn Advisory: Improper Certificate Validation in Apache Qpid Proton
## Withdrawn Advisory
This advisory has been withdrawn because the vulnerability only affects the **Qpid Proton C library** and not `org.apache.qpid:proton-j`. This link has been maintained to preserve external references.

## Original Description

While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0223.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0223.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-0223

reference_id

reference_type

scores

value	0.00399
scoring_system	epss
scoring_elements	0.6067
published_at	2026-04-13T12:55:00Z

value	0.00399
scoring_system	epss
scoring_elements	0.60616
published_at	2026-04-07T12:55:00Z

value	0.00399
scoring_system	epss
scoring_elements	0.60691
published_at	2026-04-12T12:55:00Z

value	0.00399
scoring_system	epss
scoring_elements	0.60705
published_at	2026-04-11T12:55:00Z

value	0.00399
scoring_system	epss
scoring_elements	0.6068
published_at	2026-04-09T12:55:00Z

value	0.00399
scoring_system	epss
scoring_elements	0.60664
published_at	2026-04-08T12:55:00Z

value	0.00399
scoring_system	epss
scoring_elements	0.60541
published_at	2026-04-01T12:55:00Z

value	0.00399
scoring_system	epss
scoring_elements	0.60615
published_at	2026-04-02T12:55:00Z

value	0.00399
scoring_system	epss
scoring_elements	0.60645
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-0223

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0223
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0223

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://issues.apache.org/jira/browse/PROTON-2014?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/PROTON-2014?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel

reference_url

https://lists.apache.org/thread.html/008ee5e78e5a090e1fcc5f6617f425e4e51d59f03d3eda2dd006df9f@%3Cusers.qpid.apache.org%3E

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/008ee5e78e5a090e1fcc5f6617f425e4e51d59f03d3eda2dd006df9f@%3Cusers.qpid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/3adb2f020f705b4fd453982992a68cd10f9d5ac728b699efdb73c1f5@%3Cdev.qpid.apache.org%3E

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/3adb2f020f705b4fd453982992a68cd10f9d5ac728b699efdb73c1f5@%3Cdev.qpid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/49c83f0acce5ceaeffca51714ec2ba0f0199bcb8f99167181bba441b@%3Cdev.qpid.apache.org%3E

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/49c83f0acce5ceaeffca51714ec2ba0f0199bcb8f99167181bba441b@%3Cdev.qpid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d@%3Ccommits.qpid.apache.org%3E

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d@%3Ccommits.qpid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/d9c9a882a292e2defaed1f954528c916fb64497ce57db652727e39b0@%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/d9c9a882a292e2defaed1f954528c916fb64497ce57db652727e39b0@%3Cannounce.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-0223

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-0223

reference_url

http://www.openwall.com/lists/oss-security/2019/04/23/4

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2019/04/23/4

reference_url

http://www.securityfocus.com/bid/108044

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/108044

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1702439
reference_id	1702439
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1702439

reference_url

https://github.com/advisories/GHSA-5h6x-m52p-23ph

reference_id

GHSA-5h6x-m52p-23ph

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5h6x-m52p-23ph

reference_url	https://access.redhat.com/errata/RHSA-2019:0886
reference_id	RHSA-2019:0886
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0886

reference_url	https://access.redhat.com/errata/RHSA-2019:1398
reference_id	RHSA-2019:1398
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:1398

reference_url	https://access.redhat.com/errata/RHSA-2019:1399
reference_id	RHSA-2019:1399
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:1399

reference_url	https://access.redhat.com/errata/RHSA-2019:1400
reference_id	RHSA-2019:1400
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:1400

reference_url	https://access.redhat.com/errata/RHSA-2019:2777
reference_id	RHSA-2019:2777
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2777

reference_url	https://access.redhat.com/errata/RHSA-2019:2778
reference_id	RHSA-2019:2778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2778

reference_url	https://access.redhat.com/errata/RHSA-2019:2779
reference_id	RHSA-2019:2779
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2779

reference_url	https://access.redhat.com/errata/RHSA-2019:2780
reference_id	RHSA-2019:2780
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2780

reference_url	https://access.redhat.com/errata/RHSA-2019:2781
reference_id	RHSA-2019:2781
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2781

reference_url	https://access.redhat.com/errata/RHSA-2019:2782
reference_id	RHSA-2019:2782
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2782

fixed_packages

url pkg:maven/org.apache.qpid/proton-j@0.27.1

purl pkg:maven/org.apache.qpid/proton-j@0.27.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-sbrt-43uu-6qgt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.qpid/proton-j@0.27.1

aliases CVE-2019-0223, GHSA-5h6x-m52p-23ph

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9nj7-fupw-vqaw

url VCID-sbrt-43uu-6qgt

vulnerability_id VCID-sbrt-43uu-6qgt

summary The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl(...)' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with options to configure this explicitly or select a certificate verification mode with or without hostname verification being performed. The latter hostname verifying mode was not implemented in Apache Qpid Proton-J versions 0.3 to 0.29.0, with attempts to use it resulting in an exception. This left only the option to verify the certificate is trusted, leaving such a client vulnerable to Man In The Middle (MITM) attack. Uses of the Proton-J protocol engine which do not utilise the optional transport TLS wrapper are not impacted, e.g. usage within Qpid JMS. Uses of Proton-J utilising the optional transport TLS wrapper layer that wish to enable hostname verification must be upgraded to version 0.30.0 or later and utilise the VerifyMode#VERIFY_PEER_NAME configuration, which is now the default for client mode usage unless configured otherwise.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17187.json

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17187.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-17187

reference_id

reference_type

scores

value	0.00259
scoring_system	epss
scoring_elements	0.49244
published_at	2026-04-13T12:55:00Z

value	0.00259
scoring_system	epss
scoring_elements	0.49197
published_at	2026-04-07T12:55:00Z

value	0.00259
scoring_system	epss
scoring_elements	0.49239
published_at	2026-04-12T12:55:00Z

value	0.00259
scoring_system	epss
scoring_elements	0.49266
published_at	2026-04-11T12:55:00Z

value	0.00259
scoring_system	epss
scoring_elements	0.49248
published_at	2026-04-09T12:55:00Z

value	0.00259
scoring_system	epss
scoring_elements	0.49252
published_at	2026-04-08T12:55:00Z

value	0.00259
scoring_system	epss
scoring_elements	0.49186
published_at	2026-04-01T12:55:00Z

value	0.00259
scoring_system	epss
scoring_elements	0.49217
published_at	2026-04-02T12:55:00Z

value	0.00259
scoring_system	epss
scoring_elements	0.49245
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-17187

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17187
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17187

reference_url

https://github.com/advisories/GHSA-xvch-r4wf-h8w9

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-xvch-r4wf-h8w9

reference_url

https://github.com/apache/qpid-proton-j/commit/0cb8ca03cec42120dcfc434561592d89a89a805e

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/qpid-proton-j/commit/0cb8ca03cec42120dcfc434561592d89a89a805e

reference_url

https://issues.apache.org/jira/browse/PROTON-1962

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/PROTON-1962

reference_url

https://mail-archives.apache.org/mod_mbox/qpid-users/201811.mbox/%3CCAFitrpQSV73Vz7rJYfLJK7gvEymZSCR5ooWUeU8j4jzRydk-eg%40mail.gmail.com%3E

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://mail-archives.apache.org/mod_mbox/qpid-users/201811.mbox/%3CCAFitrpQSV73Vz7rJYfLJK7gvEymZSCR5ooWUeU8j4jzRydk-eg%40mail.gmail.com%3E

reference_url

http://www.securityfocus.com/bid/105935

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/105935

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1651837
reference_id	1651837
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1651837

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-17187

reference_id

CVE-2018-17187

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-17187

reference_url

https://qpid.apache.org/cves/CVE-2018-17187.html

reference_id

CVE-2018-17187.HTML

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://qpid.apache.org/cves/CVE-2018-17187.html

fixed_packages

url	pkg:maven/org.apache.qpid/proton-j@0.30.0
purl	pkg:maven/org.apache.qpid/proton-j@0.30.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.qpid/proton-j@0.30.0

aliases CVE-2018-17187, GHSA-xvch-r4wf-h8w9

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sbrt-43uu-6qgt

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.qpid/proton-j@0.9.1

Package Instance