{"url":"http://public2.vulnerablecode.io/api/packages/216378?format=json","purl":"pkg:maven/org.apache.openmeetings/openmeetings-parent@3.3.1","type":"maven","namespace":"org.apache.openmeetings","name":"openmeetings-parent","version":"3.3.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"9.0.0","latest_non_vulnerable_version":"9.0.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89226?format=json","vulnerability_id":"VCID-3xum-p9mm-kbc3","summary":"Apache OpenMeetings Uses GET Request Method With Sensitive Query Strings\nUse of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings.\n\nThe REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please check references regarding possible impact\n\n\nThis issue affects Apache OpenMeetings: from 3.1.3 before 9.0.0.\n\nUsers are recommended to upgrade to version 9.0.0, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34020","reference_id":"","reference_type":"","scores":[{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22113","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34020"},{"reference_url":"https://github.com/apache/openmeetings","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/openmeetings"},{"reference_url":"https://lists.apache.org/thread/2h3h9do5tp17xldr0nps1yjmkx4vs3db","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:13:11Z/"}],"url":"https://lists.apache.org/thread/2h3h9do5tp17xldr0nps1yjmkx4vs3db"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34020","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34020"},{"reference_url":"https://owasp.org/www-community/vulnerabilities/Information_exposure_through_query_strings_in_url","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:13:11Z/"}],"url":"https://owasp.org/www-community/vulnerabilities/Information_exposure_through_query_strings_in_url"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/12","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/12"},{"reference_url":"https://github.com/advisories/GHSA-gcvm-c75m-h4p4","reference_id":"GHSA-gcvm-c75m-h4p4","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-gcvm-c75m-h4p4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110268?format=json","purl":"pkg:maven/org.apache.openmeetings/openmeetings-parent@9.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@9.0.0"}],"aliases":["CVE-2026-34020","GHSA-gcvm-c75m-h4p4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3xum-p9mm-kbc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45177?format=json","vulnerability_id":"VCID-556q-4wch-sfde","summary":"Improper Input Validation\nAn attacker who has gained access to an admin account can perform RCE via null-byte injection\n\nVendor: The Apache Software Foundation\n\nVersions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29246","reference_id":"","reference_type":"","scores":[{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29208","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29246"},{"reference_url":"https://github.com/apache/openmeetings","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/openmeetings"},{"reference_url":"https://github.com/apache/openmeetings/commit/8e65a1344157b2898f2922d49a0bd2105687c4a5","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/openmeetings/commit/8e65a1344157b2898f2922d49a0bd2105687c4a5"},{"reference_url":"https://github.com/apache/openmeetings/commit/9f12a48994d0ad741ac140c52cbd2152f0d048d5","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/openmeetings/commit/9f12a48994d0ad741ac140c52cbd2152f0d048d5"},{"reference_url":"https://github.com/apache/openmeetings/commit/f91ff1917027625f066a9007694a31d06e69df3a","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/openmeetings/commit/f91ff1917027625f066a9007694a31d06e69df3a"},{"reference_url":"https://issues.apache.org/jira/browse/OPENMEETINGS-2765","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/OPENMEETINGS-2765"},{"reference_url":"https://lists.apache.org/thread/230plvhbdx26m43b0sy942wlwt6kkmmr","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-10T19:34:24Z/"}],"url":"https://lists.apache.org/thread/230plvhbdx26m43b0sy942wlwt6kkmmr"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29246","reference_id":"CVE-2023-29246","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29246"},{"reference_url":"https://github.com/advisories/GHSA-mg5h-f3q8-c96g","reference_id":"GHSA-mg5h-f3q8-c96g","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mg5h-f3q8-c96g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65099?format=json","purl":"pkg:maven/org.apache.openmeetings/openmeetings-parent@7.1.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@7.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/652891?format=json","purl":"pkg:maven/org.apache.openmeetings/openmeetings-parent@7.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xum-p9mm-kbc3"},{"vulnerability":"VCID-vbkk-qkme-uyh9"},{"vulnerability":"VCID-vm9c-dvcd-3khf"},{"vulnerability":"VCID-xsja-94mz-hqbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@7.2.0"}],"aliases":["CVE-2023-29246","GHSA-mg5h-f3q8-c96g"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-556q-4wch-sfde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44776?format=json","vulnerability_id":"VCID-6fca-mmbn-k7b7","summary":"Missing Authentication for Critical Function\nVendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28326","reference_id":"","reference_type":"","scores":[{"value":"0.01053","scoring_system":"epss","scoring_elements":"0.77942","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28326"},{"reference_url":"https://github.com/apache/openmeetings","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/openmeetings"},{"reference_url":"https://github.com/apache/openmeetings/commit/1fb71af36","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/openmeetings/commit/1fb71af36"},{"reference_url":"https://lists.apache.org/thread/r9vn12dp5yofn1h3wd5x4h7c3vmmr5d9","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-23T15:13:01Z/"}],"url":"https://lists.apache.org/thread/r9vn12dp5yofn1h3wd5x4h7c3vmmr5d9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28326","reference_id":"CVE-2023-28326","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28326"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64437?format=json","purl":"pkg:maven/org.apache.openmeetings/openmeetings-parent@7.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xum-p9mm-kbc3"},{"vulnerability":"VCID-556q-4wch-sfde"},{"vulnerability":"VCID-vbkk-qkme-uyh9"},{"vulnerability":"VCID-vfk3-wtbw-kuf9"},{"vulnerability":"VCID-vm9c-dvcd-3khf"},{"vulnerability":"VCID-xsja-94mz-hqbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@7.0.0"}],"aliases":["CVE-2023-28326","GHSA-3r48-3m8r-4r9w"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6fca-mmbn-k7b7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39444?format=json","vulnerability_id":"VCID-7cjy-cp47-gfdj","summary":"Improper Authentication\nIn Apache OpenMeetings, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1286","reference_id":"","reference_type":"","scores":[{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38941","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38853","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1286"},{"reference_url":"https://github.com/apache/openmeetings","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/openmeetings"},{"reference_url":"https://lists.apache.org/thread.html/dc2151baa5301bae773603cede0d62c21ee28588dd06e5e9253c13a8@%3Cuser.openmeetings.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/dc2151baa5301bae773603cede0d62c21ee28588dd06e5e9253c13a8@%3Cuser.openmeetings.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1286","reference_id":"CVE-2018-1286","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1286"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/151251?format=json","purl":"pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/55105?format=json","purl":"pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xum-p9mm-kbc3"},{"vulnerability":"VCID-556q-4wch-sfde"},{"vulnerability":"VCID-6fca-mmbn-k7b7"},{"vulnerability":"VCID-bpy2-2bjy-tyhp"},{"vulnerability":"VCID-d3yv-dzar-s3f6"},{"vulnerability":"VCID-vfk3-wtbw-kuf9"},{"vulnerability":"VCID-vm9c-dvcd-3khf"},{"vulnerability":"VCID-xsja-94mz-hqbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.3"}],"aliases":["CVE-2018-1286","GHSA-cv9j-7q4x-v2g2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7cjy-cp47-gfdj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45164?format=json","vulnerability_id":"VCID-vfk3-wtbw-kuf9","summary":"Improper Authentication\nAn attacker that has gained access to certain private information can use this to act as other user.\n\nVendor: The Apache Software Foundation\n\nVersions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29032","reference_id":"","reference_type":"","scores":[{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41052","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29032"},{"reference_url":"https://github.com/apache/openmeetings","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/openmeetings"},{"reference_url":"https://github.com/apache/openmeetings/commit/4e89e0ca076c83f26562f1146cf3e81ba0b16a7f","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/openmeetings/commit/4e89e0ca076c83f26562f1146cf3e81ba0b16a7f"},{"reference_url":"https://issues.apache.org/jira/browse/OPENMEETINGS-2764","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/OPENMEETINGS-2764"},{"reference_url":"https://lists.apache.org/thread/j2d6mg3rzcphfd8vvvk09d8p4o9lvnqp","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-10T19:44:48Z/"}],"url":"https://lists.apache.org/thread/j2d6mg3rzcphfd8vvvk09d8p4o9lvnqp"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29032","reference_id":"CVE-2023-29032","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29032"},{"reference_url":"https://github.com/advisories/GHSA-v9rm-7rv9-r3fw","reference_id":"GHSA-v9rm-7rv9-r3fw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-v9rm-7rv9-r3fw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65099?format=json","purl":"pkg:maven/org.apache.openmeetings/openmeetings-parent@7.1.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@7.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/652891?format=json","purl":"pkg:maven/org.apache.openmeetings/openmeetings-parent@7.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xum-p9mm-kbc3"},{"vulnerability":"VCID-vbkk-qkme-uyh9"},{"vulnerability":"VCID-vm9c-dvcd-3khf"},{"vulnerability":"VCID-xsja-94mz-hqbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@7.2.0"}],"aliases":["CVE-2023-29032","GHSA-v9rm-7rv9-r3fw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vfk3-wtbw-kuf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56442?format=json","vulnerability_id":"VCID-xsja-94mz-hqbh","summary":"Apache OpenMeetings vulnerable to Deserialization of Untrusted Data\nVendor: The Apache Software Foundation\n\nVersions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0\n\nDescription: Default clustering instructions at  https://openmeetings.apache.org/Clustering.html doesn't specify allow/deny lists for OpenJPA this leads to possible deserialisation of untrusted data.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-54676","reference_id":"","reference_type":"","scores":[{"value":"0.06098","scoring_system":"epss","scoring_elements":"0.90944","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-54676"},{"reference_url":"https://github.com/apache/openmeetings","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/openmeetings"},{"reference_url":"https://github.com/apache/openmeetings/commit/1c3426c6d3abbd984a3c01a61decf1242ea38923","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/openmeetings/commit/1c3426c6d3abbd984a3c01a61decf1242ea38923"},{"reference_url":"https://issues.apache.org/jira/browse/OPENMEETINGS-2787","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/OPENMEETINGS-2787"},{"reference_url":"https://lists.apache.org/thread/o0k05jxrt5tp4nm45lj14yfjxmg67m95","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-08T14:00:24Z/"}],"url":"https://lists.apache.org/thread/o0k05jxrt5tp4nm45lj14yfjxmg67m95"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/01/08/1","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/01/08/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-54676","reference_id":"CVE-2024-54676","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-54676"},{"reference_url":"https://github.com/advisories/GHSA-mjf9-4pcv-vfg7","reference_id":"GHSA-mjf9-4pcv-vfg7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mjf9-4pcv-vfg7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83701?format=json","purl":"pkg:maven/org.apache.openmeetings/openmeetings-parent@8.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xum-p9mm-kbc3"},{"vulnerability":"VCID-vbkk-qkme-uyh9"},{"vulnerability":"VCID-vm9c-dvcd-3khf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@8.0.0"}],"aliases":["CVE-2024-54676","GHSA-mjf9-4pcv-vfg7"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xsja-94mz-hqbh"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.3.1"}