Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.vaadin/vaadin-bom@10.0.3
Typemaven
Namespacecom.vaadin
Namevaadin-bom
Version10.0.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version10.0.17
Latest_non_vulnerable_version20.0.6
Affected_by_vulnerabilities
0
url VCID-66wn-mcq4-fqhh
vulnerability_id VCID-66wn-mcq4-fqhh
summary 
Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-13
Missing output sanitization in default `RouteNotFoundError` view in `com.vaadin:flow-server` versions 1.0.0 through 1.0.10 (Vaadin 10.0.0 through 10.0.13), and 1.1.0 through 1.4.2 (Vaadin 11.0.0 through 13.0.5) allows attacker to execute malicious JavaScript via crafted URL.

- https://vaadin.com/security/cve-2019-25027
references
0
reference_url https://github.com/vaadin/platform
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform
1
reference_url https://vaadin.com/security/cve-2019-25027
reference_id CVE-2019-25027
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://vaadin.com/security/cve-2019-25027
2
reference_url https://github.com/advisories/GHSA-jqj4-r483-4gvr
reference_id GHSA-jqj4-r483-4gvr
reference_type
scores
url https://github.com/advisories/GHSA-jqj4-r483-4gvr
3
reference_url https://github.com/vaadin/platform/security/advisories/GHSA-jqj4-r483-4gvr
reference_id GHSA-jqj4-r483-4gvr
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform/security/advisories/GHSA-jqj4-r483-4gvr
fixed_packages
0
url pkg:maven/com.vaadin/vaadin-bom@10.0.14
purl pkg:maven/com.vaadin/vaadin-bom@10.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-tywj-48df-uqcb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@10.0.14
1
url pkg:maven/com.vaadin/vaadin-bom@13.0.6
purl pkg:maven/com.vaadin/vaadin-bom@13.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cuep-9tpy-zfbp
1
vulnerability VCID-tywj-48df-uqcb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@13.0.6
aliases GHSA-jqj4-r483-4gvr, GMS-2021-71
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-66wn-mcq4-fqhh
1
url VCID-tywj-48df-uqcb
vulnerability_id VCID-tywj-48df-uqcb
summary Cross-Site Request Forgery (CSRF) in com.vaadin:vaadin-bom.
references
0
reference_url https://github.com/vaadin/platform
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform
1
reference_url https://vaadin.com/security/cve-2021-31404
reference_id CVE-2021-31404
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://vaadin.com/security/cve-2021-31404
2
reference_url https://github.com/advisories/GHSA-c6c4-7x48-4cqp
reference_id GHSA-c6c4-7x48-4cqp
reference_type
scores
url https://github.com/advisories/GHSA-c6c4-7x48-4cqp
3
reference_url https://github.com/vaadin/platform/security/advisories/GHSA-c6c4-7x48-4cqp
reference_id GHSA-c6c4-7x48-4cqp
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform/security/advisories/GHSA-c6c4-7x48-4cqp
fixed_packages
0
url pkg:maven/com.vaadin/vaadin-bom@10.0.17
purl pkg:maven/com.vaadin/vaadin-bom@10.0.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@10.0.17
1
url pkg:maven/com.vaadin/vaadin-bom@14.4.7
purl pkg:maven/com.vaadin/vaadin-bom@14.4.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cuep-9tpy-zfbp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@14.4.7
2
url pkg:maven/com.vaadin/vaadin-bom@18.0.6
purl pkg:maven/com.vaadin/vaadin-bom@18.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-93dy-76qc-8fb7
1
vulnerability VCID-tmht-98ed-a3fq
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@18.0.6
aliases GHSA-c6c4-7x48-4cqp, GMS-2021-67
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tywj-48df-uqcb
2
url VCID-zu86-vdn3-5fc9
vulnerability_id VCID-zu86-vdn3-5fc9
summary 
Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11
Missing check in UIDL request handler in `com.vaadin:flow-server` versions 1.0.0 through 1.0.5 (Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2) allows attacker to update element property values via crafted synchronization message.

- https://vaadin.com/security/cve-2018-25007
references
0
reference_url https://github.com/vaadin/platform
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform
1
reference_url https://vaadin.com/security/cve-2018-25007
reference_id CVE-2018-25007
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://vaadin.com/security/cve-2018-25007
2
reference_url https://github.com/advisories/GHSA-3h5r-928v-mxhh
reference_id GHSA-3h5r-928v-mxhh
reference_type
scores
url https://github.com/advisories/GHSA-3h5r-928v-mxhh
3
reference_url https://github.com/vaadin/platform/security/advisories/GHSA-3h5r-928v-mxhh
reference_id GHSA-3h5r-928v-mxhh
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform/security/advisories/GHSA-3h5r-928v-mxhh
fixed_packages
0
url pkg:maven/com.vaadin/vaadin-bom@10.0.8
purl pkg:maven/com.vaadin/vaadin-bom@10.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-66wn-mcq4-fqhh
1
vulnerability VCID-tywj-48df-uqcb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@10.0.8
1
url pkg:maven/com.vaadin/vaadin-bom@11.0.3
purl pkg:maven/com.vaadin/vaadin-bom@11.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-66wn-mcq4-fqhh
1
vulnerability VCID-tywj-48df-uqcb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@11.0.3
aliases GHSA-3h5r-928v-mxhh, GMS-2021-63
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zu86-vdn3-5fc9
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin-bom@10.0.3