Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.jena/jena-sdb@3.17.0
Typemaven
Namespaceorg.apache.jena
Namejena-sdb
Version3.17.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-sabb-kund-aqd1
vulnerability_id VCID-sabb-kund-aqd1
summary Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a result an application using Apache Jena SDB can be subject to RCE when connected to a malicious database server. Apache Jena SDB has been EOL since December 2020 and users should migrate to alternative options e.g. Apache Jena TDB 2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-45136
reference_id
reference_type
scores
0
value 0.01959
scoring_system epss
scoring_elements 0.83881
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-45136
1
reference_url https://github.com/apache/jena
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/jena
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024738
reference_id 1024738
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024738
3
reference_url http://www.openwall.com/lists/oss-security/2022/11/14/5
reference_id 5
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-18T19:28:10Z/
url http://www.openwall.com/lists/oss-security/2022/11/14/5
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-45136
reference_id CVE-2022-45136
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-45136
5
reference_url https://github.com/advisories/GHSA-g2qw-6vrr-v6pq
reference_id GHSA-g2qw-6vrr-v6pq
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g2qw-6vrr-v6pq
6
reference_url https://lists.apache.org/thread/mc77cdl5stgjtjoldk467gdf756qjt31
reference_id mc77cdl5stgjtjoldk467gdf756qjt31
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-18T19:28:10Z/
url https://lists.apache.org/thread/mc77cdl5stgjtjoldk467gdf756qjt31
fixed_packages
aliases CVE-2022-45136, GHSA-g2qw-6vrr-v6pq
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sabb-kund-aqd1
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jena/jena-sdb@3.17.0