Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.http4s/http4s-core_2.12@0.21.8
Typemaven
Namespaceorg.http4s
Namehttp4s-core_2.12
Version0.21.8
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.21.34
Latest_non_vulnerable_version1.0-2-1e49ccf
Affected_by_vulnerabilities
0
url VCID-1ykn-yyp7-wbgg
vulnerability_id VCID-1ykn-yyp7-wbgg
summary 
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
http4s is an open source scala interface for HTTP. Header values (`Header.value`), Status reason phrases (`Status.reason`), URI paths (`Uri.Path`), URI authority registered names (`URI.RegName`).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41084
reference_id
reference_type
scores
0
value 0.00451
scoring_system epss
scoring_elements 0.64068
published_at 2026-06-07T12:55:00Z
1
value 0.00451
scoring_system epss
scoring_elements 0.64078
published_at 2026-06-06T12:55:00Z
2
value 0.00451
scoring_system epss
scoring_elements 0.6407
published_at 2026-06-05T12:55:00Z
3
value 0.00451
scoring_system epss
scoring_elements 0.64028
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41084
1
reference_url https://github.com/http4s/http4s
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/http4s/http4s
2
reference_url https://github.com/http4s/http4s/commit/d02007db1da4f8f3df2dbf11f1db9ac7afc3f9d8
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/http4s/http4s/commit/d02007db1da4f8f3df2dbf11f1db9ac7afc3f9d8
3
reference_url https://httpwg.org/http-core/draft-ietf-httpbis-semantics-latest.html#fields.values
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://httpwg.org/http-core/draft-ietf-httpbis-semantics-latest.html#fields.values
4
reference_url https://owasp.org/www-community/attacks/HTTP_Response_Splitting
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://owasp.org/www-community/attacks/HTTP_Response_Splitting
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41084
reference_id CVE-2021-41084
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41084
6
reference_url https://github.com/advisories/GHSA-5vcm-3xc3-w7x3
reference_id GHSA-5vcm-3xc3-w7x3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5vcm-3xc3-w7x3
7
reference_url https://github.com/http4s/http4s/security/advisories/GHSA-5vcm-3xc3-w7x3
reference_id GHSA-5vcm-3xc3-w7x3
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/http4s/http4s/security/advisories/GHSA-5vcm-3xc3-w7x3
fixed_packages
0
url pkg:maven/org.http4s/http4s-core_2.12@0.21.29
purl pkg:maven/org.http4s/http4s-core_2.12@0.21.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ecme-hxe7-q7d8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.http4s/http4s-core_2.12@0.21.29
1
url pkg:maven/org.http4s/http4s-core_2.12@0.22.5
purl pkg:maven/org.http4s/http4s-core_2.12@0.22.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ecme-hxe7-q7d8
1
vulnerability VCID-zpsp-jh45-7ygv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.http4s/http4s-core_2.12@0.22.5
2
url pkg:maven/org.http4s/http4s-core_2.12@0.23.4
purl pkg:maven/org.http4s/http4s-core_2.12@0.23.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ecme-hxe7-q7d8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.http4s/http4s-core_2.12@0.23.4
3
url pkg:maven/org.http4s/http4s-core_2.12@1.0-2-1e49ccf
purl pkg:maven/org.http4s/http4s-core_2.12@1.0-2-1e49ccf
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.http4s/http4s-core_2.12@1.0-2-1e49ccf
aliases CVE-2021-41084, GHSA-5vcm-3xc3-w7x3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1ykn-yyp7-wbgg
1
url VCID-83r2-kxmr-zucc
vulnerability_id VCID-83r2-kxmr-zucc
summary 
Origin Validation Error
The original `CORS` implementation and `CORSConfig` are deprecated.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39185
reference_id
reference_type
scores
0
value 0.00169
scoring_system epss
scoring_elements 0.3782
published_at 2026-06-04T12:55:00Z
1
value 0.00169
scoring_system epss
scoring_elements 0.37883
published_at 2026-06-07T12:55:00Z
2
value 0.00169
scoring_system epss
scoring_elements 0.37914
published_at 2026-06-06T12:55:00Z
3
value 0.00169
scoring_system epss
scoring_elements 0.37911
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39185
1
reference_url https://github.com/http4s/http4s
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/http4s/http4s
2
reference_url https://github.com/http4s/http4s/releases/tag/v0.23.2
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/http4s/http4s/releases/tag/v0.23.2
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-39185
reference_id CVE-2021-39185
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-39185
4
reference_url https://github.com/advisories/GHSA-52cf-226f-rhr6
reference_id GHSA-52cf-226f-rhr6
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-52cf-226f-rhr6
5
reference_url https://github.com/http4s/http4s/security/advisories/GHSA-52cf-226f-rhr6
reference_id GHSA-52cf-226f-rhr6
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/http4s/http4s/security/advisories/GHSA-52cf-226f-rhr6
fixed_packages
0
url pkg:maven/org.http4s/http4s-core_2.12@0.21.27
purl pkg:maven/org.http4s/http4s-core_2.12@0.21.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ykn-yyp7-wbgg
1
vulnerability VCID-ecme-hxe7-q7d8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.http4s/http4s-core_2.12@0.21.27
1
url pkg:maven/org.http4s/http4s-core_2.12@0.22-53-01128f5
purl pkg:maven/org.http4s/http4s-core_2.12@0.22-53-01128f5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ykn-yyp7-wbgg
1
vulnerability VCID-83r2-kxmr-zucc
2
vulnerability VCID-ecme-hxe7-q7d8
3
vulnerability VCID-zpsp-jh45-7ygv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.http4s/http4s-core_2.12@0.22-53-01128f5
2
url pkg:maven/org.http4s/http4s-core_2.12@0.22.3
purl pkg:maven/org.http4s/http4s-core_2.12@0.22.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ykn-yyp7-wbgg
1
vulnerability VCID-ecme-hxe7-q7d8
2
vulnerability VCID-zpsp-jh45-7ygv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.http4s/http4s-core_2.12@0.22.3
3
url pkg:maven/org.http4s/http4s-core_2.12@0.23.2
purl pkg:maven/org.http4s/http4s-core_2.12@0.23.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ykn-yyp7-wbgg
1
vulnerability VCID-ecme-hxe7-q7d8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.http4s/http4s-core_2.12@0.23.2
4
url pkg:maven/org.http4s/http4s-core_2.12@1.0-2-1e49ccf
purl pkg:maven/org.http4s/http4s-core_2.12@1.0-2-1e49ccf
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.http4s/http4s-core_2.12@1.0-2-1e49ccf
aliases CVE-2021-39185, GHSA-52cf-226f-rhr6
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-83r2-kxmr-zucc
2
url VCID-ecme-hxe7-q7d8
vulnerability_id VCID-ecme-hxe7-q7d8
summary 
Http4s improperly parses User-Agent and Server headers
### Impact

The `User-Agent` and `Server` header parsers are susceptible to a fatal error on certain inputs.  In http4s, modeled headers are lazily parsed, so this only applies to services that explicitly request these typed headers. 

#### v0.21.x

```scala
val unsafe: Option[`User-Agent`] = req.headers.get(`User-Agent`)
```

#### v0.22.x, v0.23.x, v1.x

```scala
val unsafe: Option[`User-Agent`] = req.headers.get[`User-Agent`]
val alsoUnsafe: Option[`Server`] = req.headers.get[Server]
```

### Patches

Fixes are released in 0.21.34, 0.22.15, 0.23.17, and 1.0.0-M38.

### Workarounds

#### Use the weakly typed header interface

##### v0.21.x

```scala
val safe: Option[Header] = req.headers.get("User-Agent".ci)
// but don't do this
val unsafe = header.map(_.parsed) 
```

##### v0.22.x, v0.23.x, v1.x

```scala
val safe: Option[Header] = req.headers.get(ci"User-Agent")
```
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22465
reference_id
reference_type
scores
0
value 0.00335
scoring_system epss
scoring_elements 0.56617
published_at 2026-06-07T12:55:00Z
1
value 0.00335
scoring_system epss
scoring_elements 0.5657
published_at 2026-06-04T12:55:00Z
2
value 0.00335
scoring_system epss
scoring_elements 0.56623
published_at 2026-06-05T12:55:00Z
3
value 0.00335
scoring_system epss
scoring_elements 0.56629
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22465
1
reference_url https://github.com/http4s/http4s
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/http4s/http4s
2
reference_url https://github.com/http4s/http4s/security/advisories/GHSA-54w6-vxfh-fw7f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:02:19Z/
url https://github.com/http4s/http4s/security/advisories/GHSA-54w6-vxfh-fw7f
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22465
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22465
4
reference_url https://github.com/advisories/GHSA-54w6-vxfh-fw7f
reference_id GHSA-54w6-vxfh-fw7f
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-54w6-vxfh-fw7f
fixed_packages
0
url pkg:maven/org.http4s/http4s-core_2.12@0.21.34
purl pkg:maven/org.http4s/http4s-core_2.12@0.21.34
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.http4s/http4s-core_2.12@0.21.34
1
url pkg:maven/org.http4s/http4s-core_2.12@0.22.15
purl pkg:maven/org.http4s/http4s-core_2.12@0.22.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-zpsp-jh45-7ygv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.http4s/http4s-core_2.12@0.22.15
2
url pkg:maven/org.http4s/http4s-core_2.12@0.23.17
purl pkg:maven/org.http4s/http4s-core_2.12@0.23.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.http4s/http4s-core_2.12@0.23.17
aliases CVE-2023-22465, GHSA-54w6-vxfh-fw7f
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ecme-hxe7-q7d8
3
url VCID-n9x9-k998-77cm
vulnerability_id VCID-n9x9-k998-77cm
summary 
Uncontrolled Resource Consumption
Blaze, accepts connections unconditionally on a dedicated thread pool. This has the net effect of amplifying degradation in services that are unable to handle their current request load, since incoming connections are still accepted and added to an unbounded queue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21293
reference_id
reference_type
scores
0
value 0.00408
scoring_system epss
scoring_elements 0.61503
published_at 2026-06-04T12:55:00Z
1
value 0.00408
scoring_system epss
scoring_elements 0.61547
published_at 2026-06-07T12:55:00Z
2
value 0.00408
scoring_system epss
scoring_elements 0.61558
published_at 2026-06-06T12:55:00Z
3
value 0.00408
scoring_system epss
scoring_elements 0.61551
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21293
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21294
reference_id
reference_type
scores
0
value 0.00408
scoring_system epss
scoring_elements 0.61547
published_at 2026-06-07T12:55:00Z
1
value 0.00408
scoring_system epss
scoring_elements 0.61503
published_at 2026-06-04T12:55:00Z
2
value 0.00408
scoring_system epss
scoring_elements 0.61551
published_at 2026-06-05T12:55:00Z
3
value 0.00408
scoring_system epss
scoring_elements 0.61558
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21294
2
reference_url https://github.com/http4s/blaze/commit/4f786177f9fb71ab272f3a5f6c80bca3e5662aa1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/http4s/blaze/commit/4f786177f9fb71ab272f3a5f6c80bca3e5662aa1
3
reference_url https://github.com/http4s/http4s/commit/987d6589ef79545b9bb2324ac4bdebf82d9a0171
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/http4s/http4s/commit/987d6589ef79545b9bb2324ac4bdebf82d9a0171
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21293
reference_id CVE-2021-21293
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21293
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21294
reference_id CVE-2021-21294
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21294
6
reference_url https://github.com/advisories/GHSA-xhv5-w9c5-2r2w
reference_id GHSA-xhv5-w9c5-2r2w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xhv5-w9c5-2r2w
7
reference_url https://github.com/http4s/http4s/security/advisories/GHSA-xhv5-w9c5-2r2w
reference_id GHSA-xhv5-w9c5-2r2w
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/http4s/http4s/security/advisories/GHSA-xhv5-w9c5-2r2w
8
reference_url https://github.com/advisories/GHSA-xmw9-q7x9-j5qc
reference_id GHSA-xmw9-q7x9-j5qc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xmw9-q7x9-j5qc
9
reference_url https://github.com/http4s/blaze/security/advisories/GHSA-xmw9-q7x9-j5qc
reference_id GHSA-xmw9-q7x9-j5qc
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/http4s/blaze/security/advisories/GHSA-xmw9-q7x9-j5qc
fixed_packages
0
url pkg:maven/org.http4s/http4s-core_2.12@0.21.17
purl pkg:maven/org.http4s/http4s-core_2.12@0.21.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ykn-yyp7-wbgg
1
vulnerability VCID-83r2-kxmr-zucc
2
vulnerability VCID-ecme-hxe7-q7d8
3
vulnerability VCID-zpsp-jh45-7ygv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.http4s/http4s-core_2.12@0.21.17
aliases CVE-2021-21293, CVE-2021-21294, GHSA-xhv5-w9c5-2r2w, GHSA-xmw9-q7x9-j5qc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n9x9-k998-77cm
4
url VCID-zpsp-jh45-7ygv
vulnerability_id VCID-zpsp-jh45-7ygv
summary 
Path Traversal
Http4s is a Scala interface for HTTP services. `StaticFile.fromUrl` can leak the presence of a directory on a server when the `URL` scheme is not `file://`, and the URL points to a fetchable resource under its scheme and authority. The function returns `F[None]`, indicating no resource, if `url.getFile` is a directory, without first checking the scheme or authority of the URL. If a URL connection to the scheme and URL would return a stream, and the path in the URL exists as a directory on the server, the presence of the directory on the server could be inferred from the response. The contents and other metadata about the directory are not exposed.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32643
reference_id
reference_type
scores
0
value 0.00316
scoring_system epss
scoring_elements 0.5509
published_at 2026-06-06T12:55:00Z
1
value 0.00316
scoring_system epss
scoring_elements 0.5508
published_at 2026-06-07T12:55:00Z
2
value 0.00316
scoring_system epss
scoring_elements 0.55023
published_at 2026-06-04T12:55:00Z
3
value 0.00316
scoring_system epss
scoring_elements 0.55081
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32643
1
reference_url https://github.com/http4s/http4s/commit/52e1890665410b4385e37b96bc49c5e3c708e4e9
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/http4s/http4s/commit/52e1890665410b4385e37b96bc49c5e3c708e4e9
2
reference_url https://mvnrepository.com/artifact/org.http4s/http4s-core
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://mvnrepository.com/artifact/org.http4s/http4s-core
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32643
reference_id CVE-2021-32643
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32643
4
reference_url https://github.com/advisories/GHSA-6h7w-fc84-x7p6
reference_id GHSA-6h7w-fc84-x7p6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6h7w-fc84-x7p6
5
reference_url https://github.com/http4s/http4s/security/advisories/GHSA-6h7w-fc84-x7p6
reference_id GHSA-6h7w-fc84-x7p6
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/http4s/http4s/security/advisories/GHSA-6h7w-fc84-x7p6
fixed_packages
0
url pkg:maven/org.http4s/http4s-core_2.12@0.21.24
purl pkg:maven/org.http4s/http4s-core_2.12@0.21.24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ykn-yyp7-wbgg
1
vulnerability VCID-83r2-kxmr-zucc
2
vulnerability VCID-ecme-hxe7-q7d8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.http4s/http4s-core_2.12@0.21.24
1
url pkg:maven/org.http4s/http4s-core_2.12@0.23.1
purl pkg:maven/org.http4s/http4s-core_2.12@0.23.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ykn-yyp7-wbgg
1
vulnerability VCID-83r2-kxmr-zucc
2
vulnerability VCID-ecme-hxe7-q7d8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.http4s/http4s-core_2.12@0.23.1
2
url pkg:maven/org.http4s/http4s-core_2.12@1.0.0-M23
purl pkg:maven/org.http4s/http4s-core_2.12@1.0.0-M23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.http4s/http4s-core_2.12@1.0.0-M23
aliases CVE-2021-32643, GHSA-6h7w-fc84-x7p6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zpsp-jh45-7ygv
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.http4s/http4s-core_2.12@0.21.8