Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/io.github.skylot/jadx-plugins-api@1.4.4
Typemaven
Namespaceio.github.skylot
Namejadx-plugins-api
Version1.4.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.4.5
Latest_non_vulnerable_version1.4.5
Affected_by_vulnerabilities
0
url VCID-2uwt-z5ub-zbbe
vulnerability_id VCID-2uwt-z5ub-zbbe
summary 
Jadx-gui vulnerable to swing HTML Denial of Service (DoS) attack
### Impact
Using jadx-gui to open a special zip file with entry containing HTML sequence like `<html><frame>` will cause interface to get stuck and throw exceptions like:
```
java.lang.RuntimeException: Can't build aframeset, BranchElement(frameset) 1,3
:no ROWS or COLS defined.
	at java.desktop/javax.swing.text.html.HTMLEditorKit$HTMLFactory.create(HTMLEditorKit.java:1387)
	at java.desktop/javax.swing.plaf.basic.BasicHTML$BasicHTMLViewFactory.create(BasicHTML.java:379)
	at java.desktop/javax.swing.text.CompositeView.loadChildren(CompositeView.java:112)
```

### References
https://www.oracle.com/java/technologies/javase/seccodeguide.html

Guideline 3-7 / INJECT-7: Disable HTML display in Swing components:

Many Swing pluggable look-and-feels interpret text in certain components starting with <html> as HTML. If the text is from an untrusted source, an adversary may craft the HTML such that other components appear to be present or to perform inclusion attacks.

To disable the HTML render feature, set the "html.disable" client property of each component to Boolean.TRUE (no other Boolean true instance will do).
```java
label.putClientProperty("html.disable", true);
```
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-39259
reference_id
reference_type
scores
0
value 0.00055
scoring_system epss
scoring_elements 0.17532
published_at 2026-06-09T12:55:00Z
1
value 0.00055
scoring_system epss
scoring_elements 0.17556
published_at 2026-06-04T12:55:00Z
2
value 0.00055
scoring_system epss
scoring_elements 0.17635
published_at 2026-06-05T12:55:00Z
3
value 0.00055
scoring_system epss
scoring_elements 0.17629
published_at 2026-06-06T12:55:00Z
4
value 0.00055
scoring_system epss
scoring_elements 0.17596
published_at 2026-06-07T12:55:00Z
5
value 0.00055
scoring_system epss
scoring_elements 0.17516
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-39259
1
reference_url https://github.com/skylot/jadx
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/skylot/jadx
2
reference_url https://github.com/skylot/jadx/releases/tag/v1.4.5
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/skylot/jadx/releases/tag/v1.4.5
3
reference_url https://github.com/skylot/jadx/security/advisories/GHSA-3r7j-8mqh-6qhx
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:22Z/
url https://github.com/skylot/jadx/security/advisories/GHSA-3r7j-8mqh-6qhx
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-39259
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-39259
5
reference_url https://www.oracle.com/java/technologies/javase/seccodeguide.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/java/technologies/javase/seccodeguide.html
6
reference_url https://github.com/advisories/GHSA-3r7j-8mqh-6qhx
reference_id GHSA-3r7j-8mqh-6qhx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3r7j-8mqh-6qhx
fixed_packages
0
url pkg:maven/io.github.skylot/jadx-plugins-api@1.4.5
purl pkg:maven/io.github.skylot/jadx-plugins-api@1.4.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.github.skylot/jadx-plugins-api@1.4.5
aliases CVE-2022-39259, GHSA-3r7j-8mqh-6qhx, GMS-2022-5657
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2uwt-z5ub-zbbe
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/io.github.skylot/jadx-plugins-api@1.4.4