Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.calcite/calcite-core@1.14.0
Typemaven
Namespaceorg.apache.calcite
Namecalcite-core
Version1.14.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.26.0
Latest_non_vulnerable_version1.32.0
Affected_by_vulnerabilities
0
url VCID-6eyu-r1ys-gugz
vulnerability_id VCID-6eyu-r1ys-gugz
summary 
Missing Authentication for Critical Function
`HttpUtils#getURLConnection` method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses internally this method to connect with Druid and Splunk so information leakage may happen when using the respective Calcite adapters. The method itself is in a utility class so people may use it to create vulnerable HTTPS connections for other applications. From Apache Calcite onwards, the hostname verification will be performed using the default JVM truststore.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13955
reference_id
reference_type
scores
0
value 0.00784
scoring_system epss
scoring_elements 0.74121
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13955
1
reference_url https://github.com/apache/calcite/commit/43eeafcbac29d02c72bd520c003cdfc571de2d15
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/calcite/commit/43eeafcbac29d02c72bd520c003cdfc571de2d15
2
reference_url https://issues.apache.org/jira/browse/CALCITE-4298
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/CALCITE-4298
3
reference_url https://lists.apache.org/thread.html/r0b0fbe2038388175951ce1028182d980f9e9a7328be13d52dab70bb3%40%3Cdev.calcite.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r0b0fbe2038388175951ce1028182d980f9e9a7328be13d52dab70bb3%40%3Cdev.calcite.apache.org%3E
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13955
reference_id CVE-2020-13955
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13955
5
reference_url https://github.com/advisories/GHSA-hxp5-8pgq-mgv9
reference_id GHSA-hxp5-8pgq-mgv9
reference_type
scores
url https://github.com/advisories/GHSA-hxp5-8pgq-mgv9
fixed_packages
0
url pkg:maven/org.apache.calcite/calcite-core@1.26.0
purl pkg:maven/org.apache.calcite/calcite-core@1.26.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.calcite/calcite-core@1.26.0
aliases CVE-2020-13955, GHSA-hxp5-8pgq-mgv9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6eyu-r1ys-gugz
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.calcite/calcite-core@1.14.0