Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.isis.core/isis-core@2.0.0-M8
Typemaven
Namespaceorg.apache.isis.core
Nameisis-core
Version2.0.0-M8
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.0.0-M9
Latest_non_vulnerable_version2.0.0-M9
Affected_by_vulnerabilities
0
url VCID-bk2c-rawk-fqap
vulnerability_id VCID-bk2c-rawk-fqap
summary Prior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved. In particular, the end-user could enter javascript or similar and this would be executed. As of this release, the inputted strings are properly escaped when rendered.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42466
reference_id
reference_type
scores
0
value 0.2198
scoring_system epss
scoring_elements 0.95916
published_at 2026-06-13T12:55:00Z
1
value 0.2198
scoring_system epss
scoring_elements 0.95914
published_at 2026-06-12T12:55:00Z
2
value 0.2198
scoring_system epss
scoring_elements 0.95901
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42466
1
reference_url https://github.com/apache/isis
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/isis
2
reference_url https://github.com/apache/isis/commit/30f94df14ea47cea3d10d468a1230fb96a749743
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/isis/commit/30f94df14ea47cea3d10d468a1230fb96a749743
3
reference_url https://github.com/apache/isis/commit/33de85d7e40a01f120d8de2adf04d47687362bdd
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/isis/commit/33de85d7e40a01f120d8de2adf04d47687362bdd
4
reference_url https://github.com/apache/isis/commit/342255124635013194f63c41a7639f979b3340e8
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/isis/commit/342255124635013194f63c41a7639f979b3340e8
5
reference_url https://github.com/apache/isis/commit/a44d53f24a60bcbcbf3919d1b251d5d1e96ba3c2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/isis/commit/a44d53f24a60bcbcbf3919d1b251d5d1e96ba3c2
6
reference_url https://github.com/apache/isis/commit/c6e9b392de073d1050b56d8209b7c3079d58c600
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/isis/commit/c6e9b392de073d1050b56d8209b7c3079d58c600
7
reference_url https://github.com/apache/isis/commit/cc94a9965a82ba8faac1b151777c44061b178673
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/isis/commit/cc94a9965a82ba8faac1b151777c44061b178673
8
reference_url https://issues.apache.org/jira/browse/ISIS-3240
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/ISIS-3240
9
reference_url http://www.openwall.com/lists/oss-security/2022/10/19/2
reference_id 2
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T19:54:06Z/
url http://www.openwall.com/lists/oss-security/2022/10/19/2
10
reference_url https://lists.apache.org/thread/83ftj5jgtv3mbm28w3trjyvd591jztrz
reference_id 83ftj5jgtv3mbm28w3trjyvd591jztrz
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T19:54:06Z/
url https://lists.apache.org/thread/83ftj5jgtv3mbm28w3trjyvd591jztrz
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42466
reference_id CVE-2022-42466
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-42466
12
reference_url https://github.com/advisories/GHSA-7pfc-cc9x-8p4m
reference_id GHSA-7pfc-cc9x-8p4m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7pfc-cc9x-8p4m
fixed_packages
0
url pkg:maven/org.apache.isis.core/isis-core@2.0.0-M9
purl pkg:maven/org.apache.isis.core/isis-core@2.0.0-M9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.isis.core/isis-core@2.0.0-M9
aliases CVE-2022-42466, GHSA-7pfc-cc9x-8p4m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bk2c-rawk-fqap
Fixing_vulnerabilities
0
url VCID-95g2-jvrf-nqef
vulnerability_id VCID-95g2-jvrf-nqef
summary When running in prototype mode, the h2 webconsole module (accessible from the Prototype menu) is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable this capability. As of 2.0.0-M8, this can now be done using the 'isis.prototyping.h2-console.web-allow-remote-access' configuration property; the web console will be unavailable without setting this configuration. As an additional safeguard, the new 'isis.prototyping.h2-console.generate-random-web-admin-password' configuration parameter (enabled by default) requires that the administrator use a randomly generated password to use the console. The password is printed to the log, as "webAdminPass: xxx" (where "xxx") is the password. To revert to the original behaviour, the administrator would therefore need to set these configuration parameter: isis.prototyping.h2-console.web-allow-remote-access=true isis.prototyping.h2-console.generate-random-web-admin-password=false Note also that the h2 webconsole is never available in production mode, so these safeguards are only to ensure that the webconsole is secured by default also in prototype mode.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42467
reference_id
reference_type
scores
0
value 0.00431
scoring_system epss
scoring_elements 0.63139
published_at 2026-06-13T12:55:00Z
1
value 0.00431
scoring_system epss
scoring_elements 0.63126
published_at 2026-06-12T12:55:00Z
2
value 0.00431
scoring_system epss
scoring_elements 0.63025
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42467
1
reference_url https://github.com/apache/isis
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/isis
2
reference_url https://github.com/apache/isis/commit/9fcab9816dac37e0f07ffe3f5c4f47df9cec8694
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/isis/commit/9fcab9816dac37e0f07ffe3f5c4f47df9cec8694
3
reference_url http://www.openwall.com/lists/oss-security/2022/10/19/1
reference_id 1
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-22T19:34:45Z/
url http://www.openwall.com/lists/oss-security/2022/10/19/1
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42467
reference_id CVE-2022-42467
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-42467
5
reference_url https://github.com/advisories/GHSA-998r-j9rx-qm8m
reference_id GHSA-998r-j9rx-qm8m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-998r-j9rx-qm8m
6
reference_url https://lists.apache.org/thread/jbv2ddt00h7ntlbm6vkk4wdmb31pm8q3
reference_id jbv2ddt00h7ntlbm6vkk4wdmb31pm8q3
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-22T19:34:45Z/
url https://lists.apache.org/thread/jbv2ddt00h7ntlbm6vkk4wdmb31pm8q3
fixed_packages
0
url pkg:maven/org.apache.isis.core/isis-core@2.0.0-M8
purl pkg:maven/org.apache.isis.core/isis-core@2.0.0-M8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bk2c-rawk-fqap
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.isis.core/isis-core@2.0.0-M8
aliases CVE-2022-42467, GHSA-998r-j9rx-qm8m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-95g2-jvrf-nqef
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.isis.core/isis-core@2.0.0-M8