Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.sling/org.apache.sling.commons.messaging.mail@2.0.0
Typemaven
Namespaceorg.apache.sling
Nameorg.apache.sling.commons.messaging.mail
Version2.0.0
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-mkf8-a5k3-83fs
vulnerability_id VCID-mkf8-a5k3-83fs
summary 
Improper Certificate Validation
Apache Sling Commons Messaging Mail provides a simple layer on top of JavaMail/Jakarta Mail for OSGi to send mails via SMTPS. To reduce the risk of "man in the middle" attacks additional server identity checks must be performed when accessing mail servers. For compatibility reasons these additional checks are disabled by default in JavaMail/Jakarta Mail. The SimpleMailService in Apache Sling Commons Messaging Mail 1.0 lacks an option to enable these checks for the shared mail session. A user could enable these checks nevertheless by accessing the session via the message created by SimpleMessageBuilder and setting the property mail.smtps.ssl.checkserveridentity to true. Apache Sling Commons Messaging Mail 2.0 adds support for enabling server identity checks and these checks are enabled by default. - https://javaee.github.io/javamail/docs/SSLNOTES.txt - https://javaee.github.io/javamail/docs/api/com/sun/mail/smtp/package-summary.html - https://github.com/eclipse-ee4j/mail/issues/429
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44549.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44549.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-44549
reference_id
reference_type
scores
0
value 0.00185
scoring_system epss
scoring_elements 0.39816
published_at 2026-05-07T12:55:00Z
1
value 0.00185
scoring_system epss
scoring_elements 0.40268
published_at 2026-04-04T12:55:00Z
2
value 0.00185
scoring_system epss
scoring_elements 0.4019
published_at 2026-04-07T12:55:00Z
3
value 0.00185
scoring_system epss
scoring_elements 0.40254
published_at 2026-04-09T12:55:00Z
4
value 0.00185
scoring_system epss
scoring_elements 0.40265
published_at 2026-04-11T12:55:00Z
5
value 0.00185
scoring_system epss
scoring_elements 0.40227
published_at 2026-04-12T12:55:00Z
6
value 0.00185
scoring_system epss
scoring_elements 0.40208
published_at 2026-04-13T12:55:00Z
7
value 0.00185
scoring_system epss
scoring_elements 0.40255
published_at 2026-04-16T12:55:00Z
8
value 0.00185
scoring_system epss
scoring_elements 0.40224
published_at 2026-04-18T12:55:00Z
9
value 0.00185
scoring_system epss
scoring_elements 0.40148
published_at 2026-04-21T12:55:00Z
10
value 0.00185
scoring_system epss
scoring_elements 0.39973
published_at 2026-04-24T12:55:00Z
11
value 0.00185
scoring_system epss
scoring_elements 0.39959
published_at 2026-04-26T12:55:00Z
12
value 0.00185
scoring_system epss
scoring_elements 0.39878
published_at 2026-04-29T12:55:00Z
13
value 0.00185
scoring_system epss
scoring_elements 0.3975
published_at 2026-05-05T12:55:00Z
14
value 0.00185
scoring_system epss
scoring_elements 0.40094
published_at 2026-04-01T12:55:00Z
15
value 0.00185
scoring_system epss
scoring_elements 0.40243
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-44549
2
reference_url https://github.com/eclipse-ee4j
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse-ee4j
3
reference_url https://github.com/eclipse-ee4j/mail/issues/429
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse-ee4j/mail/issues/429
4
reference_url https://javaee.github.io/javamail/docs/api/com/sun/mail/smtp/package-summary.html
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://javaee.github.io/javamail/docs/api/com/sun/mail/smtp/package-summary.html
5
reference_url https://javaee.github.io/javamail/docs/SSLNOTES.txt
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://javaee.github.io/javamail/docs/SSLNOTES.txt
6
reference_url https://lists.apache.org/thread/l8p9h2bqvkj6rhv4w8kzctb817415b7f
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/l8p9h2bqvkj6rhv4w8kzctb817415b7f
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2315808
reference_id 2315808
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2315808
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-44549
reference_id CVE-2021-44549
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-44549
9
reference_url https://github.com/advisories/GHSA-c69w-jj56-834w
reference_id GHSA-c69w-jj56-834w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c69w-jj56-834w
10
reference_url https://access.redhat.com/errata/RHSA-2024:7670
reference_id RHSA-2024:7670
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7670
11
reference_url https://access.redhat.com/errata/RHSA-2024:7676
reference_id RHSA-2024:7676
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7676
12
reference_url https://access.redhat.com/errata/RHSA-2024:8884
reference_id RHSA-2024:8884
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8884
13
reference_url https://access.redhat.com/errata/RHSA-2024:8885
reference_id RHSA-2024:8885
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8885
14
reference_url https://access.redhat.com/errata/RHSA-2024:8886
reference_id RHSA-2024:8886
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8886
15
reference_url https://access.redhat.com/errata/RHSA-2024:8887
reference_id RHSA-2024:8887
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8887
fixed_packages
0
url pkg:maven/org.apache.sling/org.apache.sling.commons.messaging.mail@2.0
purl pkg:maven/org.apache.sling/org.apache.sling.commons.messaging.mail@2.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.sling/org.apache.sling.commons.messaging.mail@2.0
1
url pkg:maven/org.apache.sling/org.apache.sling.commons.messaging.mail@2.0.0
purl pkg:maven/org.apache.sling/org.apache.sling.commons.messaging.mail@2.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.sling/org.apache.sling.commons.messaging.mail@2.0.0
aliases CVE-2021-44549, GHSA-c69w-jj56-834w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mkf8-a5k3-83fs
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.sling/org.apache.sling.commons.messaging.mail@2.0.0