Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.wildfly.security/wildfly-elytron@1.8.0.Final
Typemaven
Namespaceorg.wildfly.security
Namewildfly-elytron
Version1.8.0.Final
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.15.15.Final
Latest_non_vulnerable_version2.6.2.Final
Affected_by_vulnerabilities
0
url VCID-6ssa-j1q1-c3cs
vulnerability_id VCID-6ssa-j1q1-c3cs
summary 
Wildfly-elytron possibly vulnerable to timing attacks via use of unsafe comparator
wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses `java.util.Arrays.equals` in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use `java.security.MessageDigest.isEqual` instead. This flaw allows an attacker to access secure information or impersonate an authed user.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3143.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3143.json
1
reference_url https://access.redhat.com/security/cve/CVE-2022-3143
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-09T13:46:20Z/
url https://access.redhat.com/security/cve/CVE-2022-3143
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3143
reference_id
reference_type
scores
0
value 0.00499
scoring_system epss
scoring_elements 0.65967
published_at 2026-04-16T12:55:00Z
1
value 0.00499
scoring_system epss
scoring_elements 0.65928
published_at 2026-04-04T12:55:00Z
2
value 0.00499
scoring_system epss
scoring_elements 0.65894
published_at 2026-04-07T12:55:00Z
3
value 0.00499
scoring_system epss
scoring_elements 0.65946
published_at 2026-04-08T12:55:00Z
4
value 0.00499
scoring_system epss
scoring_elements 0.65957
published_at 2026-04-09T12:55:00Z
5
value 0.00499
scoring_system epss
scoring_elements 0.65975
published_at 2026-04-11T12:55:00Z
6
value 0.00499
scoring_system epss
scoring_elements 0.65962
published_at 2026-04-12T12:55:00Z
7
value 0.00499
scoring_system epss
scoring_elements 0.65931
published_at 2026-04-13T12:55:00Z
8
value 0.00499
scoring_system epss
scoring_elements 0.65898
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3143
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2124682
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2124682
4
reference_url https://github.com/wildfly-security/wildfly-elytron
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wildfly-security/wildfly-elytron
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-3143
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-3143
6
reference_url https://github.com/advisories/GHSA-jmj6-p2j9-68cp
reference_id GHSA-jmj6-p2j9-68cp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jmj6-p2j9-68cp
7
reference_url https://access.redhat.com/errata/RHSA-2023:0552
reference_id RHSA-2023:0552
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0552
8
reference_url https://access.redhat.com/errata/RHSA-2023:0553
reference_id RHSA-2023:0553
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0553
9
reference_url https://access.redhat.com/errata/RHSA-2023:0554
reference_id RHSA-2023:0554
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0554
10
reference_url https://access.redhat.com/errata/RHSA-2023:0556
reference_id RHSA-2023:0556
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0556
11
reference_url https://access.redhat.com/errata/RHSA-2023:4983
reference_id RHSA-2023:4983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4983
fixed_packages
0
url pkg:maven/org.wildfly.security/wildfly-elytron@1.15.15.Final
purl pkg:maven/org.wildfly.security/wildfly-elytron@1.15.15.Final
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.wildfly.security/wildfly-elytron@1.15.15.Final
1
url pkg:maven/org.wildfly.security/wildfly-elytron@1.20.3.Final
purl pkg:maven/org.wildfly.security/wildfly-elytron@1.20.3.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rkxb-8u8q-1ua4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.wildfly.security/wildfly-elytron@1.20.3.Final
aliases CVE-2022-3143, GHSA-jmj6-p2j9-68cp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ssa-j1q1-c3cs
1
url VCID-7qwz-74p6-yqhs
vulnerability_id VCID-7qwz-74p6-yqhs
summary 
Observable Discrepancy in Wildfly Elytron
A flaw was found in Wildfly Elytron where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality. This flaw affectes Wildfly Elytron versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3642.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3642.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3642
reference_id
reference_type
scores
0
value 0.00267
scoring_system epss
scoring_elements 0.50197
published_at 2026-04-16T12:55:00Z
1
value 0.00267
scoring_system epss
scoring_elements 0.50171
published_at 2026-04-08T12:55:00Z
2
value 0.00267
scoring_system epss
scoring_elements 0.50165
published_at 2026-04-09T12:55:00Z
3
value 0.00267
scoring_system epss
scoring_elements 0.50182
published_at 2026-04-11T12:55:00Z
4
value 0.00267
scoring_system epss
scoring_elements 0.50156
published_at 2026-04-12T12:55:00Z
5
value 0.00267
scoring_system epss
scoring_elements 0.50152
published_at 2026-04-13T12:55:00Z
6
value 0.00267
scoring_system epss
scoring_elements 0.50104
published_at 2026-04-01T12:55:00Z
7
value 0.00267
scoring_system epss
scoring_elements 0.50139
published_at 2026-04-02T12:55:00Z
8
value 0.00267
scoring_system epss
scoring_elements 0.50167
published_at 2026-04-04T12:55:00Z
9
value 0.00267
scoring_system epss
scoring_elements 0.50117
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3642
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1981407
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1981407
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3642
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3642
4
reference_url https://github.com/advisories/GHSA-5499-qjvh-6j7w
reference_id GHSA-5499-qjvh-6j7w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5499-qjvh-6j7w
5
reference_url https://access.redhat.com/errata/RHSA-2021:3656
reference_id RHSA-2021:3656
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3656
6
reference_url https://access.redhat.com/errata/RHSA-2021:3658
reference_id RHSA-2021:3658
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3658
7
reference_url https://access.redhat.com/errata/RHSA-2021:3660
reference_id RHSA-2021:3660
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3660
8
reference_url https://access.redhat.com/errata/RHSA-2021:3880
reference_id RHSA-2021:3880
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3880
9
reference_url https://access.redhat.com/errata/RHSA-2021:4767
reference_id RHSA-2021:4767
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4767
10
reference_url https://access.redhat.com/errata/RHSA-2021:5149
reference_id RHSA-2021:5149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5149
11
reference_url https://access.redhat.com/errata/RHSA-2021:5150
reference_id RHSA-2021:5150
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5150
12
reference_url https://access.redhat.com/errata/RHSA-2021:5151
reference_id RHSA-2021:5151
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5151
13
reference_url https://access.redhat.com/errata/RHSA-2021:5154
reference_id RHSA-2021:5154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5154
14
reference_url https://access.redhat.com/errata/RHSA-2021:5170
reference_id RHSA-2021:5170
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5170
15
reference_url https://access.redhat.com/errata/RHSA-2022:0146
reference_id RHSA-2022:0146
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0146
16
reference_url https://access.redhat.com/errata/RHSA-2022:0520
reference_id RHSA-2022:0520
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0520
17
reference_url https://access.redhat.com/errata/RHSA-2022:1179
reference_id RHSA-2022:1179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1179
18
reference_url https://access.redhat.com/errata/RHSA-2022:5532
reference_id RHSA-2022:5532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5532
19
reference_url https://access.redhat.com/errata/RHSA-2022:5903
reference_id RHSA-2022:5903
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5903
fixed_packages
0
url pkg:maven/org.wildfly.security/wildfly-elytron@1.10.14
purl pkg:maven/org.wildfly.security/wildfly-elytron@1.10.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.wildfly.security/wildfly-elytron@1.10.14
1
url pkg:maven/org.wildfly.security/wildfly-elytron@1.10.14.Final
purl pkg:maven/org.wildfly.security/wildfly-elytron@1.10.14.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6ssa-j1q1-c3cs
1
vulnerability VCID-99vp-bk8n-q3cp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.wildfly.security/wildfly-elytron@1.10.14.Final
2
url pkg:maven/org.wildfly.security/wildfly-elytron@1.15.5
purl pkg:maven/org.wildfly.security/wildfly-elytron@1.15.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.wildfly.security/wildfly-elytron@1.15.5
3
url pkg:maven/org.wildfly.security/wildfly-elytron@1.15.5.Final
purl pkg:maven/org.wildfly.security/wildfly-elytron@1.15.5.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6ssa-j1q1-c3cs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.wildfly.security/wildfly-elytron@1.15.5.Final
4
url pkg:maven/org.wildfly.security/wildfly-elytron@1.16.1.Final
purl pkg:maven/org.wildfly.security/wildfly-elytron@1.16.1.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6ssa-j1q1-c3cs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.wildfly.security/wildfly-elytron@1.16.1.Final
5
url pkg:maven/org.wildfly.security/wildfly-elytron@1.16.1
purl pkg:maven/org.wildfly.security/wildfly-elytron@1.16.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.wildfly.security/wildfly-elytron@1.16.1
aliases CVE-2021-3642, GHSA-5499-qjvh-6j7w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7qwz-74p6-yqhs
2
url VCID-99vp-bk8n-q3cp
vulnerability_id VCID-99vp-bk8n-q3cp
summary 
Session Fixation
A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10714.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10714.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10714
reference_id
reference_type
scores
0
value 0.00366
scoring_system epss
scoring_elements 0.58608
published_at 2026-04-16T12:55:00Z
1
value 0.00366
scoring_system epss
scoring_elements 0.58464
published_at 2026-04-01T12:55:00Z
2
value 0.00366
scoring_system epss
scoring_elements 0.58549
published_at 2026-04-02T12:55:00Z
3
value 0.00366
scoring_system epss
scoring_elements 0.58569
published_at 2026-04-04T12:55:00Z
4
value 0.00366
scoring_system epss
scoring_elements 0.5854
published_at 2026-04-07T12:55:00Z
5
value 0.00366
scoring_system epss
scoring_elements 0.58591
published_at 2026-04-08T12:55:00Z
6
value 0.00366
scoring_system epss
scoring_elements 0.58598
published_at 2026-04-09T12:55:00Z
7
value 0.00366
scoring_system epss
scoring_elements 0.58614
published_at 2026-04-11T12:55:00Z
8
value 0.00366
scoring_system epss
scoring_elements 0.58595
published_at 2026-04-12T12:55:00Z
9
value 0.00366
scoring_system epss
scoring_elements 0.58575
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10714
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1825714
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1825714
3
reference_url https://github.com/wildfly-security/wildfly-elytron
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wildfly-security/wildfly-elytron
4
reference_url https://security.netapp.com/advisory/ntap-20201223-0002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20201223-0002
5
reference_url https://security.netapp.com/advisory/ntap-20201223-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20201223-0002/
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10714
reference_id CVE-2020-10714
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10714
7
reference_url https://github.com/advisories/GHSA-7fhr-2694-rg79
reference_id GHSA-7fhr-2694-rg79
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7fhr-2694-rg79
8
reference_url https://access.redhat.com/errata/RHSA-2020:3585
reference_id RHSA-2020:3585
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3585
9
reference_url https://access.redhat.com/errata/RHSA-2020:3779
reference_id RHSA-2020:3779
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3779
10
reference_url https://access.redhat.com/errata/RHSA-2020:4960
reference_id RHSA-2020:4960
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4960
11
reference_url https://access.redhat.com/errata/RHSA-2020:4961
reference_id RHSA-2020:4961
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4961
fixed_packages
0
url pkg:maven/org.wildfly.security/wildfly-elytron@1.11.4
purl pkg:maven/org.wildfly.security/wildfly-elytron@1.11.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.wildfly.security/wildfly-elytron@1.11.4
1
url pkg:maven/org.wildfly.security/wildfly-elytron@1.11.4.Final
purl pkg:maven/org.wildfly.security/wildfly-elytron@1.11.4.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6ssa-j1q1-c3cs
1
vulnerability VCID-7qwz-74p6-yqhs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.wildfly.security/wildfly-elytron@1.11.4.Final
aliases CVE-2020-10714, GHSA-7fhr-2694-rg79
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-99vp-bk8n-q3cp
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.wildfly.security/wildfly-elytron@1.8.0.Final