Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.openmeetings/openmeetings-parent@3.3.1
Typemaven
Namespaceorg.apache.openmeetings
Nameopenmeetings-parent
Version3.3.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version9.0.0
Latest_non_vulnerable_version9.0.0
Affected_by_vulnerabilities
0
url VCID-3xum-p9mm-kbc3
vulnerability_id VCID-3xum-p9mm-kbc3
summary 
Apache OpenMeetings Uses GET Request Method With Sensitive Query Strings
Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings.

The REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please check references regarding possible impact


This issue affects Apache OpenMeetings: from 3.1.3 before 9.0.0.

Users are recommended to upgrade to version 9.0.0, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34020
reference_id
reference_type
scores
0
value 0.00072
scoring_system epss
scoring_elements 0.22113
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34020
1
reference_url https://github.com/apache/openmeetings
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/openmeetings
2
reference_url https://lists.apache.org/thread/2h3h9do5tp17xldr0nps1yjmkx4vs3db
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:13:11Z/
url https://lists.apache.org/thread/2h3h9do5tp17xldr0nps1yjmkx4vs3db
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34020
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34020
4
reference_url https://owasp.org/www-community/vulnerabilities/Information_exposure_through_query_strings_in_url
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:13:11Z/
url https://owasp.org/www-community/vulnerabilities/Information_exposure_through_query_strings_in_url
5
reference_url http://www.openwall.com/lists/oss-security/2026/04/09/12
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/04/09/12
6
reference_url https://github.com/advisories/GHSA-gcvm-c75m-h4p4
reference_id GHSA-gcvm-c75m-h4p4
reference_type
scores
url https://github.com/advisories/GHSA-gcvm-c75m-h4p4
fixed_packages
0
url pkg:maven/org.apache.openmeetings/openmeetings-parent@9.0.0
purl pkg:maven/org.apache.openmeetings/openmeetings-parent@9.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@9.0.0
aliases CVE-2026-34020, GHSA-gcvm-c75m-h4p4
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3xum-p9mm-kbc3
1
url VCID-556q-4wch-sfde
vulnerability_id VCID-556q-4wch-sfde
summary 
Improper Input Validation
An attacker who has gained access to an admin account can perform RCE via null-byte injection

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29246
reference_id
reference_type
scores
0
value 0.00111
scoring_system epss
scoring_elements 0.29208
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29246
1
reference_url https://github.com/apache/openmeetings
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/openmeetings
2
reference_url https://github.com/apache/openmeetings/commit/8e65a1344157b2898f2922d49a0bd2105687c4a5
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/openmeetings/commit/8e65a1344157b2898f2922d49a0bd2105687c4a5
3
reference_url https://github.com/apache/openmeetings/commit/9f12a48994d0ad741ac140c52cbd2152f0d048d5
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/openmeetings/commit/9f12a48994d0ad741ac140c52cbd2152f0d048d5
4
reference_url https://github.com/apache/openmeetings/commit/f91ff1917027625f066a9007694a31d06e69df3a
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/openmeetings/commit/f91ff1917027625f066a9007694a31d06e69df3a
5
reference_url https://issues.apache.org/jira/browse/OPENMEETINGS-2765
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/OPENMEETINGS-2765
6
reference_url https://lists.apache.org/thread/230plvhbdx26m43b0sy942wlwt6kkmmr
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-10T19:34:24Z/
url https://lists.apache.org/thread/230plvhbdx26m43b0sy942wlwt6kkmmr
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29246
reference_id CVE-2023-29246
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29246
8
reference_url https://github.com/advisories/GHSA-mg5h-f3q8-c96g
reference_id GHSA-mg5h-f3q8-c96g
reference_type
scores
url https://github.com/advisories/GHSA-mg5h-f3q8-c96g
fixed_packages
0
url pkg:maven/org.apache.openmeetings/openmeetings-parent@7.1.0
purl pkg:maven/org.apache.openmeetings/openmeetings-parent@7.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@7.1.0
1
url pkg:maven/org.apache.openmeetings/openmeetings-parent@7.2.0
purl pkg:maven/org.apache.openmeetings/openmeetings-parent@7.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xum-p9mm-kbc3
1
vulnerability VCID-vbkk-qkme-uyh9
2
vulnerability VCID-vm9c-dvcd-3khf
3
vulnerability VCID-xsja-94mz-hqbh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@7.2.0
aliases CVE-2023-29246, GHSA-mg5h-f3q8-c96g
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-556q-4wch-sfde
2
url VCID-6fca-mmbn-k7b7
vulnerability_id VCID-6fca-mmbn-k7b7
summary 
Missing Authentication for Critical Function
Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28326
reference_id
reference_type
scores
0
value 0.01053
scoring_system epss
scoring_elements 0.77942
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28326
1
reference_url https://github.com/apache/openmeetings
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/openmeetings
2
reference_url https://github.com/apache/openmeetings/commit/1fb71af36
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/openmeetings/commit/1fb71af36
3
reference_url https://lists.apache.org/thread/r9vn12dp5yofn1h3wd5x4h7c3vmmr5d9
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-23T15:13:01Z/
url https://lists.apache.org/thread/r9vn12dp5yofn1h3wd5x4h7c3vmmr5d9
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28326
reference_id CVE-2023-28326
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28326
fixed_packages
0
url pkg:maven/org.apache.openmeetings/openmeetings-parent@7.0.0
purl pkg:maven/org.apache.openmeetings/openmeetings-parent@7.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xum-p9mm-kbc3
1
vulnerability VCID-556q-4wch-sfde
2
vulnerability VCID-vbkk-qkme-uyh9
3
vulnerability VCID-vfk3-wtbw-kuf9
4
vulnerability VCID-vm9c-dvcd-3khf
5
vulnerability VCID-xsja-94mz-hqbh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@7.0.0
aliases CVE-2023-28326, GHSA-3r48-3m8r-4r9w
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6fca-mmbn-k7b7
3
url VCID-7cjy-cp47-gfdj
vulnerability_id VCID-7cjy-cp47-gfdj
summary 
Improper Authentication
In Apache OpenMeetings, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1286
reference_id
reference_type
scores
0
value 0.00176
scoring_system epss
scoring_elements 0.38941
published_at 2026-06-05T12:55:00Z
1
value 0.00176
scoring_system epss
scoring_elements 0.38853
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1286
1
reference_url https://github.com/apache/openmeetings
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/openmeetings
2
reference_url https://lists.apache.org/thread.html/dc2151baa5301bae773603cede0d62c21ee28588dd06e5e9253c13a8@%3Cuser.openmeetings.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/dc2151baa5301bae773603cede0d62c21ee28588dd06e5e9253c13a8@%3Cuser.openmeetings.apache.org%3E
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1286
reference_id CVE-2018-1286
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1286
fixed_packages
0
url pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.2
purl pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.2
1
url pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.3
purl pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xum-p9mm-kbc3
1
vulnerability VCID-556q-4wch-sfde
2
vulnerability VCID-6fca-mmbn-k7b7
3
vulnerability VCID-bpy2-2bjy-tyhp
4
vulnerability VCID-d3yv-dzar-s3f6
5
vulnerability VCID-vfk3-wtbw-kuf9
6
vulnerability VCID-vm9c-dvcd-3khf
7
vulnerability VCID-xsja-94mz-hqbh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.3
aliases CVE-2018-1286, GHSA-cv9j-7q4x-v2g2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7cjy-cp47-gfdj
4
url VCID-vfk3-wtbw-kuf9
vulnerability_id VCID-vfk3-wtbw-kuf9
summary 
Improper Authentication
An attacker that has gained access to certain private information can use this to act as other user.

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29032
reference_id
reference_type
scores
0
value 0.00193
scoring_system epss
scoring_elements 0.41052
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29032
1
reference_url https://github.com/apache/openmeetings
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/openmeetings
2
reference_url https://github.com/apache/openmeetings/commit/4e89e0ca076c83f26562f1146cf3e81ba0b16a7f
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/openmeetings/commit/4e89e0ca076c83f26562f1146cf3e81ba0b16a7f
3
reference_url https://issues.apache.org/jira/browse/OPENMEETINGS-2764
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/OPENMEETINGS-2764
4
reference_url https://lists.apache.org/thread/j2d6mg3rzcphfd8vvvk09d8p4o9lvnqp
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-10T19:44:48Z/
url https://lists.apache.org/thread/j2d6mg3rzcphfd8vvvk09d8p4o9lvnqp
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29032
reference_id CVE-2023-29032
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29032
6
reference_url https://github.com/advisories/GHSA-v9rm-7rv9-r3fw
reference_id GHSA-v9rm-7rv9-r3fw
reference_type
scores
url https://github.com/advisories/GHSA-v9rm-7rv9-r3fw
fixed_packages
0
url pkg:maven/org.apache.openmeetings/openmeetings-parent@7.1.0
purl pkg:maven/org.apache.openmeetings/openmeetings-parent@7.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@7.1.0
1
url pkg:maven/org.apache.openmeetings/openmeetings-parent@7.2.0
purl pkg:maven/org.apache.openmeetings/openmeetings-parent@7.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xum-p9mm-kbc3
1
vulnerability VCID-vbkk-qkme-uyh9
2
vulnerability VCID-vm9c-dvcd-3khf
3
vulnerability VCID-xsja-94mz-hqbh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@7.2.0
aliases CVE-2023-29032, GHSA-v9rm-7rv9-r3fw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vfk3-wtbw-kuf9
5
url VCID-xsja-94mz-hqbh
vulnerability_id VCID-xsja-94mz-hqbh
summary 
Apache OpenMeetings vulnerable to Deserialization of Untrusted Data
Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0

Description: Default clustering instructions at  https://openmeetings.apache.org/Clustering.html doesn't specify allow/deny lists for OpenJPA this leads to possible deserialisation of untrusted data.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-54676
reference_id
reference_type
scores
0
value 0.06098
scoring_system epss
scoring_elements 0.90944
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-54676
1
reference_url https://github.com/apache/openmeetings
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/openmeetings
2
reference_url https://github.com/apache/openmeetings/commit/1c3426c6d3abbd984a3c01a61decf1242ea38923
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/openmeetings/commit/1c3426c6d3abbd984a3c01a61decf1242ea38923
3
reference_url https://issues.apache.org/jira/browse/OPENMEETINGS-2787
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/OPENMEETINGS-2787
4
reference_url https://lists.apache.org/thread/o0k05jxrt5tp4nm45lj14yfjxmg67m95
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-08T14:00:24Z/
url https://lists.apache.org/thread/o0k05jxrt5tp4nm45lj14yfjxmg67m95
5
reference_url http://www.openwall.com/lists/oss-security/2025/01/08/1
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/01/08/1
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-54676
reference_id CVE-2024-54676
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-54676
7
reference_url https://github.com/advisories/GHSA-mjf9-4pcv-vfg7
reference_id GHSA-mjf9-4pcv-vfg7
reference_type
scores
url https://github.com/advisories/GHSA-mjf9-4pcv-vfg7
fixed_packages
0
url pkg:maven/org.apache.openmeetings/openmeetings-parent@8.0.0
purl pkg:maven/org.apache.openmeetings/openmeetings-parent@8.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xum-p9mm-kbc3
1
vulnerability VCID-vbkk-qkme-uyh9
2
vulnerability VCID-vm9c-dvcd-3khf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@8.0.0
aliases CVE-2024-54676, GHSA-mjf9-4pcv-vfg7
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xsja-94mz-hqbh
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.3.1