Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/io.micronaut/micronaut-http-server-netty@1.0.0.RC3

Type maven

Namespace io.micronaut

Name micronaut-http-server-netty

Version 1.0.0.RC3

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.8.3

Latest_non_vulnerable_version 3.8.3

Affected_by_vulnerabilities

url VCID-6a9y-866d-z3e3

vulnerability_id VCID-6a9y-866d-z3e3

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-32769

reference_id

reference_type

scores

value	0.00436
scoring_system	epss
scoring_elements	0.63447
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-32769

reference_url

https://github.com/micronaut-projects/micronaut-core/commit/a0cfeb13bf1ef5d692d16d4a3b91b34b7456bb11

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/micronaut-projects/micronaut-core/commit/a0cfeb13bf1ef5d692d16d4a3b91b34b7456bb11

reference_url

https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-cjx7-399x-p2rj

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-cjx7-399x-p2rj

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-32769

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-32769

reference_url	https://github.com/advisories/GHSA-cjx7-399x-p2rj
reference_id	GHSA-cjx7-399x-p2rj
reference_type
scores
url	https://github.com/advisories/GHSA-cjx7-399x-p2rj

fixed_packages

url pkg:maven/io.micronaut/micronaut-http-server-netty@2.5.9

purl pkg:maven/io.micronaut/micronaut-http-server-netty@2.5.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mmj-7ctu-skgz

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.micronaut/micronaut-http-server-netty@2.5.9

aliases CVE-2021-32769, GHSA-cjx7-399x-p2rj

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6a9y-866d-z3e3

url VCID-8mmj-7ctu-skgz

vulnerability_id VCID-8mmj-7ctu-skgz

summary Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought. A malicious/compromised website can make HTTP requests to `localhost`. Normally, such requests would trigger a CORS preflight check which would prevent the request; however, some requests are "simple" and do not require a preflight check. These endpoints, if enabled and not secured, are vulnerable to being triggered. Production environments typically disable unused endpoints and secure/restrict access to needed endpoints. A more likely victim is the developer in their local development host, who has enabled endpoints without security for the sake of easing development. This issue has been addressed in version 3.8.3. Users are advised to upgrade.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-23639

reference_id

reference_type

scores

value	0.00036
scoring_system	epss
scoring_elements	0.11014
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-23639

reference_url

https://github.com/micronaut-projects/micronaut-core

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/micronaut-projects/micronaut-core

reference_url

https://github.com/micronaut-projects/micronaut-core/commit/01adb21e57137caaf7004313d2055c5a78b1f47b

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/micronaut-projects/micronaut-core/commit/01adb21e57137caaf7004313d2055c5a78b1f47b

reference_url

https://github.com/micronaut-projects/micronaut-core/pull/8642

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/micronaut-projects/micronaut-core/pull/8642

reference_url

https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests

reference_id

CORS#simple_requests

reference_type

scores

value	5.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T15:05:36Z/

url

https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-23639

reference_id

CVE-2024-23639

reference_type

scores

value	5.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-23639

reference_url

https://github.com/advisories/GHSA-583g-g682-crxf

reference_id

GHSA-583g-g682-crxf

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-583g-g682-crxf

reference_url

https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-583g-g682-crxf

reference_id

GHSA-583g-g682-crxf

reference_type

scores

value	5.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T15:05:36Z/

url

https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-583g-g682-crxf

fixed_packages

url	pkg:maven/io.micronaut/micronaut-http-server-netty@3.8.3
purl	pkg:maven/io.micronaut/micronaut-http-server-netty@3.8.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.micronaut/micronaut-http-server-netty@3.8.3

aliases CVE-2024-23639, GHSA-583g-g682-crxf

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8mmj-7ctu-skgz

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.micronaut/micronaut-http-server-netty@1.0.0.RC3

Package Instance