Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/rg.mule.modules/mule-apikit-module@1.3.1
Typemaven
Namespacerg.mule.modules
Namemule-apikit-module
Version1.3.1
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-va4z-2dcn-cfdp
vulnerability_id VCID-va4z-2dcn-cfdp
summary 
Withdrawn Advisory: Improper Restriction of XML External Entity Reference in Mulesoft APIkit
## Withdrawn Advisory
This advisory has been withdrawn because it does not affected a package in a [supported ecosystem](https://docs.github.com/en/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database#about-types-of-security-advisories). This link has been maintained to preserve external references.

## Original Description

Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXmlSchemaValidator.java
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10991
reference_id
reference_type
scores
0
value 0.00364
scoring_system epss
scoring_elements 0.58785
published_at 2026-06-09T12:55:00Z
1
value 0.00364
scoring_system epss
scoring_elements 0.5874
published_at 2026-06-04T12:55:00Z
2
value 0.00364
scoring_system epss
scoring_elements 0.58787
published_at 2026-06-05T12:55:00Z
3
value 0.00364
scoring_system epss
scoring_elements 0.58792
published_at 2026-06-06T12:55:00Z
4
value 0.00364
scoring_system epss
scoring_elements 0.58784
published_at 2026-06-07T12:55:00Z
5
value 0.00364
scoring_system epss
scoring_elements 0.58769
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10991
1
reference_url https://github.com/mulesoft/apikit
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mulesoft/apikit
2
reference_url https://github.com/mulesoft/apikit/issues/547
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mulesoft/apikit/issues/547
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10991
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10991
4
reference_url https://github.com/advisories/GHSA-jffq-528j-mp6c
reference_id GHSA-jffq-528j-mp6c
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jffq-528j-mp6c
fixed_packages
0
url pkg:maven/rg.mule.modules/mule-apikit-module@1.3.1
purl pkg:maven/rg.mule.modules/mule-apikit-module@1.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/rg.mule.modules/mule-apikit-module@1.3.1
aliases CVE-2020-10991, GHSA-jffq-528j-mp6c
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-va4z-2dcn-cfdp
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/rg.mule.modules/mule-apikit-module@1.3.1