Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.dubbo/dubbo@2.7.18
Typemaven
Namespaceorg.apache.dubbo
Namedubbo
Version2.7.18
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.7.21
Latest_non_vulnerable_version3.2.5
Affected_by_vulnerabilities
0
url VCID-3ba4-5baw-6kbx
vulnerability_id VCID-3ba4-5baw-6kbx
summary 
A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. 

This issue affects Apache Dubbo 2.7.x version 2.7.21 and prior versions; Apache Dubbo 3.0.x version 3.0.13 and prior versions; Apache Dubbo 3.1.x version 3.1.5 and prior versions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-23638
reference_id
reference_type
scores
0
value 0.50291
scoring_system epss
scoring_elements 0.97906
published_at 2026-06-12T12:55:00Z
1
value 0.50291
scoring_system epss
scoring_elements 0.97898
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-23638
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-23638
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-23638
2
reference_url https://lists.apache.org/thread/8h6zscfzj482z512d2v5ft63hdhzm0cb
reference_id 8h6zscfzj482z512d2v5ft63hdhzm0cb
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-23T16:41:19Z/
url https://lists.apache.org/thread/8h6zscfzj482z512d2v5ft63hdhzm0cb
3
reference_url https://github.com/advisories/GHSA-933g-v89r-x8pf
reference_id GHSA-933g-v89r-x8pf
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-933g-v89r-x8pf
fixed_packages
0
url pkg:maven/org.apache.dubbo/dubbo@2.7.21
purl pkg:maven/org.apache.dubbo/dubbo@2.7.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dubbo/dubbo@2.7.21
1
url pkg:maven/org.apache.dubbo/dubbo@2.7.22
purl pkg:maven/org.apache.dubbo/dubbo@2.7.22
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dubbo/dubbo@2.7.22
2
url pkg:maven/org.apache.dubbo/dubbo@3.0.13
purl pkg:maven/org.apache.dubbo/dubbo@3.0.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dubbo/dubbo@3.0.13
3
url pkg:maven/org.apache.dubbo/dubbo@3.1.5
purl pkg:maven/org.apache.dubbo/dubbo@3.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cdpn-ekny-myg7
1
vulnerability VCID-tqy6-r8my-dfg6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dubbo/dubbo@3.1.5
aliases CVE-2023-23638, GHSA-933g-v89r-x8pf
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3ba4-5baw-6kbx
Fixing_vulnerabilities
0
url VCID-k2dn-bf7q-d3df
vulnerability_id VCID-k2dn-bf7q-d3df
summary A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo 3.1.x version 3.1.0 and prior versions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-39198
reference_id
reference_type
scores
0
value 0.10341
scoring_system epss
scoring_elements 0.93377
published_at 2026-06-12T12:55:00Z
1
value 0.10341
scoring_system epss
scoring_elements 0.93356
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-39198
1
reference_url https://github.com/apache/dubbo-hessian-lite
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/dubbo-hessian-lite
2
reference_url https://github.com/apache/dubbo-hessian-lite/releases/tag/v3.2.13
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/dubbo-hessian-lite/releases/tag/v3.2.13
3
reference_url https://github.com/apache/dubbo/releases/tag/dubbo-2.7.18
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/dubbo/releases/tag/dubbo-2.7.18
4
reference_url https://github.com/apache/dubbo/releases/tag/dubbo-3.0.12
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/dubbo/releases/tag/dubbo-3.0.12
5
reference_url https://github.com/apache/dubbo/releases/tag/dubbo-3.1.1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/dubbo/releases/tag/dubbo-3.1.1
6
reference_url https://lists.apache.org/thread/8d3zqrkoy4jh8dy37j4rd7g9jodzlvkk
reference_id 8d3zqrkoy4jh8dy37j4rd7g9jodzlvkk
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-13T14:48:24Z/
url https://lists.apache.org/thread/8d3zqrkoy4jh8dy37j4rd7g9jodzlvkk
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-39198
reference_id CVE-2022-39198
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-39198
8
reference_url https://github.com/advisories/GHSA-5qwq-g2hx-r6f7
reference_id GHSA-5qwq-g2hx-r6f7
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5qwq-g2hx-r6f7
fixed_packages
0
url pkg:maven/org.apache.dubbo/dubbo@2.7.18
purl pkg:maven/org.apache.dubbo/dubbo@2.7.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3ba4-5baw-6kbx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dubbo/dubbo@2.7.18
1
url pkg:maven/org.apache.dubbo/dubbo@3.0.12
purl pkg:maven/org.apache.dubbo/dubbo@3.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3ba4-5baw-6kbx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dubbo/dubbo@3.0.12
2
url pkg:maven/org.apache.dubbo/dubbo@3.1.1
purl pkg:maven/org.apache.dubbo/dubbo@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3ba4-5baw-6kbx
1
vulnerability VCID-tqy6-r8my-dfg6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dubbo/dubbo@3.1.1
aliases CVE-2022-39198, GHSA-5qwq-g2hx-r6f7
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k2dn-bf7q-d3df
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dubbo/dubbo@2.7.18