Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.cxf.fediz/fediz-jetty9@1.3.1
Typemaven
Namespaceorg.apache.cxf.fediz
Namefediz-jetty9
Version1.3.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.4.4
Latest_non_vulnerable_version1.4.4
Affected_by_vulnerabilities
0
url VCID-3579-h8fu-j7e5
vulnerability_id VCID-3579-h8fu-j7e5
summary 
Improper Input Validation
Versions of Apache CXF Fediz do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-8038
reference_id
reference_type
scores
0
value 0.50435
scoring_system epss
scoring_elements 0.97897
published_at 2026-06-08T12:55:00Z
1
value 0.50435
scoring_system epss
scoring_elements 0.97896
published_at 2026-06-05T12:55:00Z
2
value 0.50435
scoring_system epss
scoring_elements 0.97892
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-8038
1
reference_url https://github.com/apache/cxf-fediz/commit/b6ed9865d0614332fa419fe4b6d0fe81bc2e660d
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/cxf-fediz/commit/b6ed9865d0614332fa419fe4b6d0fe81bc2e660d
2
reference_url https://lists.apache.org/thread.html/f0a6a05ec3b3a00458da43712b0ff3a2f573175d9bfb39fb0de21424@%3Cdev.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/f0a6a05ec3b3a00458da43712b0ff3a2f573175d9bfb39fb0de21424@%3Cdev.cxf.apache.org%3E
3
reference_url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
9
reference_url http://www.securitytracker.com/id/1041220
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1041220
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-8038
reference_id CVE-2018-8038
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-8038
11
reference_url http://cxf.apache.org/security-advisories.data/CVE-2018-8038.txt.asc
reference_id CVE-2018-8038.TXT.ASC
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://cxf.apache.org/security-advisories.data/CVE-2018-8038.txt.asc
12
reference_url https://github.com/advisories/GHSA-w3gh-g32m-cvhr
reference_id GHSA-w3gh-g32m-cvhr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-w3gh-g32m-cvhr
fixed_packages
0
url pkg:maven/org.apache.cxf.fediz/fediz-jetty9@1.4.4
purl pkg:maven/org.apache.cxf.fediz/fediz-jetty9@1.4.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf.fediz/fediz-jetty9@1.4.4
aliases CVE-2018-8038, GHSA-w3gh-g32m-cvhr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3579-h8fu-j7e5
1
url VCID-65a6-3ngq-kke9
vulnerability_id VCID-65a6-3ngq-kke9
summary 
Cross-Site Request Forgery (CSRF)
Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications that were found vulnerable to Cross-Site Request Forgery.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-7661
reference_id
reference_type
scores
0
value 0.00925
scoring_system epss
scoring_elements 0.76423
published_at 2026-06-08T12:55:00Z
1
value 0.00925
scoring_system epss
scoring_elements 0.76411
published_at 2026-06-04T12:55:00Z
2
value 0.00925
scoring_system epss
scoring_elements 0.76439
published_at 2026-06-05T12:55:00Z
3
value 0.00925
scoring_system epss
scoring_elements 0.76445
published_at 2026-06-06T12:55:00Z
4
value 0.00925
scoring_system epss
scoring_elements 0.76434
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-7661
1
reference_url https://github.com/apache/cxf-fediz/commit/acdbe8c213576792dd95d87315bcc181ea61b57f
reference_id
reference_type
scores
url https://github.com/apache/cxf-fediz/commit/acdbe8c213576792dd95d87315bcc181ea61b57f
2
reference_url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
3
reference_url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
8
reference_url http://www.securitytracker.com/id/1038497
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1038497
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7661
reference_id CVE-2017-7661
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-7661
10
reference_url http://cxf.apache.org/security-advisories.data/CVE-2017-7661.txt.asc
reference_id CVE-2017-7661.TXT.ASC
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://cxf.apache.org/security-advisories.data/CVE-2017-7661.txt.asc
11
reference_url https://github.com/advisories/GHSA-whw7-h25v-9qvx
reference_id GHSA-whw7-h25v-9qvx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-whw7-h25v-9qvx
fixed_packages
0
url pkg:maven/org.apache.cxf.fediz/fediz-jetty9@1.3.2
purl pkg:maven/org.apache.cxf.fediz/fediz-jetty9@1.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3579-h8fu-j7e5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf.fediz/fediz-jetty9@1.3.2
aliases CVE-2017-7661, GHSA-whw7-h25v-9qvx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-65a6-3ngq-kke9
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf.fediz/fediz-jetty9@1.3.1