Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/io.micronaut/micronaut-http-client@2.0.0.M2
Typemaven
Namespaceio.micronaut
Namemicronaut-http-client
Version2.0.0.M2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.2.7
Latest_non_vulnerable_version3.2.7
Affected_by_vulnerabilities
0
url VCID-6a9y-866d-z3e3
vulnerability_id VCID-6a9y-866d-z3e3
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32769
reference_id
reference_type
scores
0
value 0.00436
scoring_system epss
scoring_elements 0.63447
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32769
1
reference_url https://github.com/micronaut-projects/micronaut-core/commit/a0cfeb13bf1ef5d692d16d4a3b91b34b7456bb11
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/micronaut-projects/micronaut-core/commit/a0cfeb13bf1ef5d692d16d4a3b91b34b7456bb11
2
reference_url https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-cjx7-399x-p2rj
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-cjx7-399x-p2rj
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32769
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32769
4
reference_url https://github.com/advisories/GHSA-cjx7-399x-p2rj
reference_id GHSA-cjx7-399x-p2rj
reference_type
scores
url https://github.com/advisories/GHSA-cjx7-399x-p2rj
fixed_packages
0
url pkg:maven/io.micronaut/micronaut-http-client@2.5.9
purl pkg:maven/io.micronaut/micronaut-http-client@2.5.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-xwb3-ctrw-9bd3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.micronaut/micronaut-http-client@2.5.9
aliases CVE-2021-32769, GHSA-cjx7-399x-p2rj
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6a9y-866d-z3e3
1
url VCID-xwb3-ctrw-9bd3
vulnerability_id VCID-xwb3-ctrw-9bd3
summary Micronaut is a JVM-based, full stack Java framework designed for building JVM web applications with support for Java, Kotlin and the Groovy language. In affected versions sending an invalid Content Type header leads to memory leak in DefaultArgumentConversionContext as this type is erroneously used in static state. ### Impact Sending an invalid Content Type header leads to memory leak in `DefaultArgumentConversionContext` as this type is erroneously used in static state. ### Patches The problem is patched in Micronaut 3.2.7 and above. ### Workarounds The default content type binder can be replaced in an existing Micronaut application to mitigate the issue: ```java package example; import java.util.List; import io.micronaut.context.annotation.Replaces; import io.micronaut.core.convert.ConversionService; import io.micronaut.http.MediaType; import io.micronaut.http.bind.DefaultRequestBinderRegistry; import io.micronaut.http.bind.binders.RequestArgumentBinder; import jakarta.inject.Singleton; @Singleton @Replaces(DefaultRequestBinderRegistry.class) class FixedRequestBinderRegistry extends DefaultRequestBinderRegistry { public FixedRequestBinderRegistry(ConversionService conversionService, List<RequestArgumentBinder> binders) { super(conversionService, binders); } @Override protected void registerDefaultConverters(ConversionService<?> conversionService) { super.registerDefaultConverters(conversionService); conversionService.addConverter(CharSequence.class, MediaType.class, charSequence -> { try { return MediaType.of(charSequence); } catch (IllegalArgumentException e) { return null; } }); } } ``` ### References Commit that introduced the vulnerability https://github.com/micronaut-projects/micronaut-core/commit/b8ec32c311689667c69ae7d9f9c3b3a8abc96fe3 ### For more information If you have any questions or comments about this advisory: * Open an issue in [Micronaut Core](https://github.com/micronaut-projects/micronaut-core/issues) * Email us at [info@micronaut.io](mailto:info@micronaut.io)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-21700
reference_id
reference_type
scores
0
value 0.00322
scoring_system epss
scoring_elements 0.5559
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-21700
1
reference_url https://github.com/micronaut-projects/micronaut-core
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/micronaut-projects/micronaut-core
2
reference_url https://github.com/micronaut-projects/micronaut-core/commit/b8ec32c311689667c69ae7d9f9c3b3a8abc96fe3
reference_id b8ec32c311689667c69ae7d9f9c3b3a8abc96fe3
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:58:04Z/
url https://github.com/micronaut-projects/micronaut-core/commit/b8ec32c311689667c69ae7d9f9c3b3a8abc96fe3
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-21700
reference_id CVE-2022-21700
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-21700
4
reference_url https://github.com/advisories/GHSA-2457-2263-mm9f
reference_id GHSA-2457-2263-mm9f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2457-2263-mm9f
5
reference_url https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-2457-2263-mm9f
reference_id GHSA-2457-2263-mm9f
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:58:04Z/
url https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-2457-2263-mm9f
fixed_packages
0
url pkg:maven/io.micronaut/micronaut-http-client@3.2.7
purl pkg:maven/io.micronaut/micronaut-http-client@3.2.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.micronaut/micronaut-http-client@3.2.7
aliases CVE-2022-21700, GHSA-2457-2263-mm9f
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xwb3-ctrw-9bd3
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/io.micronaut/micronaut-http-client@2.0.0.M2