Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.springframework.data/spring-data-rest-core@2.5.6.RELEASE

Type maven

Namespace org.springframework.data

Name spring-data-rest-core

Version 2.5.6.RELEASE

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.6.9.RELEASE

Latest_non_vulnerable_version 3.7.3

Affected_by_vulnerabilities

url VCID-kzsg-qwvd-2ffh

vulnerability_id VCID-kzsg-qwvd-2ffh

summary

RCE in PATCH requests
Malicious PATCH requests submitted to servers using Spring Data REST backed HTTP resources can use specially crafted JSON data to run arbitrary Java code.

references

reference_url

https://access.redhat.com/errata/RHSA-2018:2405

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:2405

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8046.json

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8046.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-8046

reference_id

reference_type

scores

value	0.93978
scoring_system	epss
scoring_elements	0.99894
published_at	2026-06-07T12:55:00Z

value	0.93978
scoring_system	epss
scoring_elements	0.99895
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-8046

reference_url

https://github.com/spring-projects/spring-data-rest

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-data-rest

reference_url	https://github.com/spring-projects/spring-data-rest/commit/824e51a1304bbc8334ac0b96ffaef588177e6cc
reference_id
reference_type
scores
url	https://github.com/spring-projects/spring-data-rest/commit/824e51a1304bbc8334ac0b96ffaef588177e6cc

reference_url	https://github.com/spring-projects/spring-data-rest/commit/8f269e28fe8038a6c60f31a1c36cfda04795ab45
reference_id
reference_type
scores
url	https://github.com/spring-projects/spring-data-rest/commit/8f269e28fe8038a6c60f31a1c36cfda04795ab45

reference_url

https://github.com/spring-projects/spring-data-rest/issues/1487

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-data-rest/issues/1487

reference_url

https://github.com/spring-projects/spring-data-rest/issues/1520

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-data-rest/issues/1520

reference_url	https://jira.spring.io/browse/DATAREST-1127
reference_id
reference_type
scores
url	https://jira.spring.io/browse/DATAREST-1127

reference_url

https://jira.spring.io/browse/DATAREST-1127?redirect=false

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://jira.spring.io/browse/DATAREST-1127?redirect=false

reference_url	https://jira.spring.io/browse/DATAREST-1152
reference_id
reference_type
scores
url	https://jira.spring.io/browse/DATAREST-1152

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-8046

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-8046

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1553024

reference_id

1553024

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1553024

reference_url	https://github.com/m3ssap0/spring-break_cve-2017-8046
reference_id	CVE-2017-8046
reference_type	exploit
scores
url	https://github.com/m3ssap0/spring-break_cve-2017-8046

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/44289.java
reference_id	CVE-2017-8046
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/44289.java

reference_url

https://pivotal.io/security/cve-2017-8046

reference_id

CVE-2017-8046

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://pivotal.io/security/cve-2017-8046

reference_url

https://github.com/advisories/GHSA-9qf9-28h9-hqcj

reference_id

GHSA-9qf9-28h9-hqcj

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9qf9-28h9-hqcj

fixed_packages

url	pkg:maven/org.springframework.data/spring-data-rest-core@2.6.9.RELEASE
purl	pkg:maven/org.springframework.data/spring-data-rest-core@2.6.9.RELEASE
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-rest-core@2.6.9.RELEASE

url	pkg:maven/org.springframework.data/spring-data-rest-core@3.0.1.RELEASE
purl	pkg:maven/org.springframework.data/spring-data-rest-core@3.0.1.RELEASE
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-rest-core@3.0.1.RELEASE

aliases CVE-2017-8046, GHSA-9qf9-28h9-hqcj

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kzsg-qwvd-2ffh

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.data/spring-data-rest-core@2.5.6.RELEASE

Package Instance