Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.springframework.boot/spring-boot-loader@3.3.3
Typemaven
Namespaceorg.springframework.boot
Namespring-boot-loader
Version3.3.3
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-h57m-bcs7-47f8
vulnerability_id VCID-h57m-bcs7-47f8
summary Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-38807
reference_id
reference_type
scores
0
value 0.00036
scoring_system epss
scoring_elements 0.11162
published_at 2026-06-13T12:55:00Z
1
value 0.00036
scoring_system epss
scoring_elements 0.11102
published_at 2026-06-11T12:55:00Z
2
value 0.00036
scoring_system epss
scoring_elements 0.11168
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-38807
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38807
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38807
2
reference_url https://github.com/spring-projects/spring-boot
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-boot
3
reference_url https://security.netapp.com/advisory/ntap-20250117-0006
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250117-0006
4
reference_url https://spring.io/security/cve-2024-38807
reference_id cve-2024-38807
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:13:03Z/
url https://spring.io/security/cve-2024-38807
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-38807
reference_id CVE-2024-38807
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-38807
6
reference_url https://github.com/advisories/GHSA-7cj3-x93g-gj76
reference_id GHSA-7cj3-x93g-gj76
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7cj3-x93g-gj76
fixed_packages
0
url pkg:maven/org.springframework.boot/spring-boot-loader@2.7.22
purl pkg:maven/org.springframework.boot/spring-boot-loader@2.7.22
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.boot/spring-boot-loader@2.7.22
1
url pkg:maven/org.springframework.boot/spring-boot-loader@3.0.17
purl pkg:maven/org.springframework.boot/spring-boot-loader@3.0.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.boot/spring-boot-loader@3.0.17
2
url pkg:maven/org.springframework.boot/spring-boot-loader@3.1.13
purl pkg:maven/org.springframework.boot/spring-boot-loader@3.1.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.boot/spring-boot-loader@3.1.13
3
url pkg:maven/org.springframework.boot/spring-boot-loader@3.2.9
purl pkg:maven/org.springframework.boot/spring-boot-loader@3.2.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.boot/spring-boot-loader@3.2.9
4
url pkg:maven/org.springframework.boot/spring-boot-loader@3.3.3
purl pkg:maven/org.springframework.boot/spring-boot-loader@3.3.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.boot/spring-boot-loader@3.3.3
aliases CVE-2024-38807, GHSA-7cj3-x93g-gj76
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h57m-bcs7-47f8
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.boot/spring-boot-loader@3.3.3