Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.bouncycastle/bc-fips@1.0.1
Typemaven
Namespaceorg.bouncycastle
Namebc-fips
Version1.0.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.0.2
Latest_non_vulnerable_version2.1.2
Affected_by_vulnerabilities
0
url VCID-crd1-k1qv-jkec
vulnerability_id VCID-crd1-k1qv-jkec
summary 
Observable Differences in Behavior to Error Inputs in Bouncy Castle
In Legion of the Bouncy Castle BC before 1.55 and BC-FJA before 1.0.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key performing the encryption.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26939
reference_id
reference_type
scores
0
value 0.02437
scoring_system epss
scoring_elements 0.85444
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26939
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26939
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26939
2
reference_url https://github.com/bcgit/bc-java/commit/930f8b274c4f1f3a46e68b5441f1e7fadb57e8c1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commit/930f8b274c4f1f3a46e68b5441f1e7fadb57e8c1
3
reference_url https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e@%3Cissues.solr.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e@%3Cissues.solr.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e%40%3Cissues.solr.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e%40%3Cissues.solr.apache.org%3E
5
reference_url https://lists.debian.org/debian-lts-announce/2020/11/msg00007.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/11/msg00007.html
6
reference_url https://security.netapp.com/advisory/ntap-20201202-0005
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20201202-0005
7
reference_url https://github.com/bcgit/bc-java/wiki/CVE-2020-26939
reference_id CVE-2020-26939
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/wiki/CVE-2020-26939
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26939
reference_id CVE-2020-26939
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26939
9
reference_url https://github.com/advisories/GHSA-72m5-fvvv-55m6
reference_id GHSA-72m5-fvvv-55m6
reference_type
scores
url https://github.com/advisories/GHSA-72m5-fvvv-55m6
fixed_packages
0
url pkg:maven/org.bouncycastle/bc-fips@1.0.2
purl pkg:maven/org.bouncycastle/bc-fips@1.0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bouncycastle/bc-fips@1.0.2
aliases CVE-2020-26939, GHSA-72m5-fvvv-55m6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-crd1-k1qv-jkec
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.bouncycastle/bc-fips@1.0.1