Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.cxf/cxf-rt-management@2.7.2

Type maven

Namespace org.apache.cxf

Name cxf-rt-management

Version 2.7.2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.2.13

Latest_non_vulnerable_version 3.3.6

Affected_by_vulnerabilities

url VCID-nrkw-nr8p-wbfc

vulnerability_id VCID-nrkw-nr8p-wbfc

summary Apache CXF JMX Integration is vulnerable to a MITM attack

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1954.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1954.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1954

reference_id

reference_type

scores

value	0.00216
scoring_system	epss
scoring_elements	0.44304
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1954

reference_url

https://github.com/apache/cxf/commit/1cf4fed546904a4a2560f53a2a2391d834b4026c

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/cxf/commit/1cf4fed546904a4a2560f53a2a2391d834b4026c

reference_url

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E

reference_url

https://security.netapp.com/advisory/ntap-20220210-0001

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220210-0001

reference_url	https://security.netapp.com/advisory/ntap-20220210-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220210-0001/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1824301
reference_id	1824301
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1824301

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1954

reference_id

CVE-2020-1954

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1954

reference_url

http://cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1&modificationDate=1585730169000&api=v2

reference_id

CVE-2020-1954.TXT.ASC?VERSION=1&MODIFICATIONDATE=1585730169000&API=V2

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1&modificationDate=1585730169000&api=v2

reference_url

https://github.com/advisories/GHSA-ffm7-7r8g-77xm

reference_id

GHSA-ffm7-7r8g-77xm

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-ffm7-7r8g-77xm

reference_url	https://access.redhat.com/errata/RHSA-2020:3585
reference_id	RHSA-2020:3585
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3585

reference_url	https://access.redhat.com/errata/RHSA-2020:4244
reference_id	RHSA-2020:4244
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4244

reference_url	https://access.redhat.com/errata/RHSA-2020:4245
reference_id	RHSA-2020:4245
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4245

reference_url	https://access.redhat.com/errata/RHSA-2020:4246
reference_id	RHSA-2020:4246
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4246

reference_url	https://access.redhat.com/errata/RHSA-2020:4247
reference_id	RHSA-2020:4247
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4247

reference_url	https://access.redhat.com/errata/RHSA-2020:4931
reference_id	RHSA-2020:4931
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4931

reference_url	https://access.redhat.com/errata/RHSA-2020:4960
reference_id	RHSA-2020:4960
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4960

reference_url	https://access.redhat.com/errata/RHSA-2020:4961
reference_id	RHSA-2020:4961
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4961

fixed_packages

url	pkg:maven/org.apache.cxf/cxf-rt-management@3.2.13
purl	pkg:maven/org.apache.cxf/cxf-rt-management@3.2.13
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-management@3.2.13

url	pkg:maven/org.apache.cxf/cxf-rt-management@3.3.6
purl	pkg:maven/org.apache.cxf/cxf-rt-management@3.3.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-management@3.3.6

aliases CVE-2020-1954, GHSA-ffm7-7r8g-77xm

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nrkw-nr8p-wbfc

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-management@2.7.2

Package Instance