Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.http4s/http4s-blaze-server_2.12@0.20.18

Type maven

Namespace org.http4s

Name http4s-blaze-server_2.12

Version 0.20.18

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 0.21.17

Latest_non_vulnerable_version 0.21.17

Affected_by_vulnerabilities

url VCID-n9x9-k998-77cm

vulnerability_id VCID-n9x9-k998-77cm

summary

Uncontrolled Resource Consumption
Blaze, accepts connections unconditionally on a dedicated thread pool. This has the net effect of amplifying degradation in services that are unable to handle their current request load, since incoming connections are still accepted and added to an unbounded queue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21293

reference_id

reference_type

scores

value	0.00408
scoring_system	epss
scoring_elements	0.61551
published_at	2026-06-05T12:55:00Z

value	0.00408
scoring_system	epss
scoring_elements	0.61503
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21293

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21294

reference_id

reference_type

scores

value	0.00408
scoring_system	epss
scoring_elements	0.61551
published_at	2026-06-05T12:55:00Z

value	0.00408
scoring_system	epss
scoring_elements	0.61503
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21294

reference_url

https://github.com/http4s/blaze/commit/4f786177f9fb71ab272f3a5f6c80bca3e5662aa1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/http4s/blaze/commit/4f786177f9fb71ab272f3a5f6c80bca3e5662aa1

reference_url

https://github.com/http4s/http4s/commit/987d6589ef79545b9bb2324ac4bdebf82d9a0171

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/http4s/http4s/commit/987d6589ef79545b9bb2324ac4bdebf82d9a0171

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21293

reference_id

CVE-2021-21293

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21293

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21294

reference_id

CVE-2021-21294

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21294

reference_url	https://github.com/advisories/GHSA-xhv5-w9c5-2r2w
reference_id	GHSA-xhv5-w9c5-2r2w
reference_type
scores
url	https://github.com/advisories/GHSA-xhv5-w9c5-2r2w

reference_url

https://github.com/http4s/http4s/security/advisories/GHSA-xhv5-w9c5-2r2w

reference_id

GHSA-xhv5-w9c5-2r2w

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/http4s/http4s/security/advisories/GHSA-xhv5-w9c5-2r2w

reference_url	https://github.com/advisories/GHSA-xmw9-q7x9-j5qc
reference_id	GHSA-xmw9-q7x9-j5qc
reference_type
scores
url	https://github.com/advisories/GHSA-xmw9-q7x9-j5qc

reference_url

https://github.com/http4s/blaze/security/advisories/GHSA-xmw9-q7x9-j5qc

reference_id

GHSA-xmw9-q7x9-j5qc

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/http4s/blaze/security/advisories/GHSA-xmw9-q7x9-j5qc

fixed_packages

url	pkg:maven/org.http4s/http4s-blaze-server_2.12@0.21.17
purl	pkg:maven/org.http4s/http4s-blaze-server_2.12@0.21.17
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.http4s/http4s-blaze-server_2.12@0.21.17

aliases CVE-2021-21293, CVE-2021-21294, GHSA-xhv5-w9c5-2r2w, GHSA-xmw9-q7x9-j5qc

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n9x9-k998-77cm

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.http4s/http4s-blaze-server_2.12@0.20.18

Package Instance