Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apereo.cas/cas-server-core-services-authentication@5.3.0-RC1

Type maven

Namespace org.apereo.cas

Name cas-server-core-services-authentication

Version 5.3.0-RC1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 6.1.7.2

Latest_non_vulnerable_version 6.6.6

Affected_by_vulnerabilities

url VCID-rg8s-suza-q7gb

vulnerability_id VCID-rg8s-suza-q7gb

summary

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Multiple classes used within Apereo CAS make use of apache commons-lang3 `RandomStringUtils` for token and ID generation which makes them predictable due to `RandomStringUtils` PRNG's algorithm not being cryptographically strong.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10754

reference_id

reference_type

scores

value	0.004
scoring_system	epss
scoring_elements	0.61094
published_at	2026-06-05T12:55:00Z

value	0.004
scoring_system	epss
scoring_elements	0.61102
published_at	2026-06-06T12:55:00Z

value	0.004
scoring_system	epss
scoring_elements	0.61046
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10754

reference_url

https://github.com/apereo/cas

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apereo/cas

reference_url

https://github.com/apereo/cas/commit/40bf278e66786544411c471de5123e7a71826b9f

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apereo/cas/commit/40bf278e66786544411c471de5123e7a71826b9f

reference_url

https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-467402

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-467402

reference_url

https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-467404

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-467404

reference_url

https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-467406

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-467406

reference_url

https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-468868

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-468868

reference_url

https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-468869

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-468869

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10754

reference_id

CVE-2019-10754

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10754

reference_url	https://github.com/advisories/GHSA-g24w-373r-5pxg
reference_id	GHSA-g24w-373r-5pxg
reference_type
scores
url	https://github.com/advisories/GHSA-g24w-373r-5pxg

fixed_packages

url pkg:maven/org.apereo.cas/cas-server-core-services-authentication@6.1.0-RC5

purl pkg:maven/org.apereo.cas/cas-server-core-services-authentication@6.1.0-RC5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-64wk-sy3g-t3et

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apereo.cas/cas-server-core-services-authentication@6.1.0-RC5

aliases CVE-2019-10754, GHSA-g24w-373r-5pxg

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rg8s-suza-q7gb

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apereo.cas/cas-server-core-services-authentication@5.3.0-RC1

Package Instance