Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@1.2.1-10.CP02_patch01

Type maven

Namespace org.jboss.resteasy

Name resteasy-jaxb-provider

Version 1.2.1-10.CP02_patch01

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.3.2

Latest_non_vulnerable_version 3.0.9.Final

Affected_by_vulnerabilities

url VCID-2rya-81tn-w7hw

vulnerability_id VCID-2rya-81tn-w7hw

summary

Improper Restriction of XML External Entity Reference
RESTEasy does not disable external entities when the `resteasy.document.expand.entity.references` parameter is set to false, which allows remote attackers to read arbitrary files and have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue.

references

reference_url

http://rhn.redhat.com/errata/RHSA-2014-1011.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-1011.html

reference_url

http://rhn.redhat.com/errata/RHSA-2014-1039.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-1039.html

reference_url

http://rhn.redhat.com/errata/RHSA-2014-1040.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-1040.html

reference_url

http://rhn.redhat.com/errata/RHSA-2014-1298.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-1298.html

reference_url

http://rhn.redhat.com/errata/RHSA-2015-0125.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2015-0125.html

reference_url

http://rhn.redhat.com/errata/RHSA-2015-0675.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2015-0675.html

reference_url

http://rhn.redhat.com/errata/RHSA-2015-0720.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2015-0720.html

reference_url

http://rhn.redhat.com/errata/RHSA-2015-0765.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2015-0765.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3490.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3490.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3490

reference_id

reference_type

scores

value	0.04646
scoring_system	epss
scoring_elements	0.8948
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3490

reference_url

https://github.com/resteasy/Resteasy/pull/521

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/resteasy/Resteasy/pull/521

reference_url

https://github.com/resteasy/Resteasy/pull/533

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/resteasy/Resteasy/pull/533

reference_url

https://github.com/ronsigal/Resteasy/commit/9b7d0f574cafdcf3bea5428f3145ab4908fc6d83

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ronsigal/Resteasy/commit/9b7d0f574cafdcf3bea5428f3145ab4908fc6d83

reference_url

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1107901
reference_id	1107901
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1107901

reference_url	https://bugzilla.redhat.com/CVE-2014-3490
reference_id	CVE-2014-3490
reference_type
scores
url	https://bugzilla.redhat.com/CVE-2014-3490

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-3490

reference_id

CVE-2014-3490

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-3490

reference_url	https://github.com/advisories/GHSA-qjpq-5pq3-43rr
reference_id	GHSA-qjpq-5pq3-43rr
reference_type
scores
url	https://github.com/advisories/GHSA-qjpq-5pq3-43rr

reference_url	https://access.redhat.com/errata/RHSA-2014:1011
reference_id	RHSA-2014:1011
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1011

reference_url	https://access.redhat.com/errata/RHSA-2014:1039
reference_id	RHSA-2014:1039
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1039

reference_url	https://access.redhat.com/errata/RHSA-2014:1040
reference_id	RHSA-2014:1040
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1040

reference_url	https://access.redhat.com/errata/RHSA-2014:1298
reference_id	RHSA-2014:1298
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1298

reference_url	https://access.redhat.com/errata/RHSA-2014:1904
reference_id	RHSA-2014:1904
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1904

reference_url	https://access.redhat.com/errata/RHSA-2015:0125
reference_id	RHSA-2015:0125
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0125

reference_url	https://access.redhat.com/errata/RHSA-2015:0234
reference_id	RHSA-2015:0234
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0234

reference_url	https://access.redhat.com/errata/RHSA-2015:0235
reference_id	RHSA-2015:0235
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0235

reference_url	https://access.redhat.com/errata/RHSA-2015:0675
reference_id	RHSA-2015:0675
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0675

reference_url	https://access.redhat.com/errata/RHSA-2015:0720
reference_id	RHSA-2015:0720
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0720

reference_url	https://access.redhat.com/errata/RHSA-2015:0765
reference_id	RHSA-2015:0765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0765

reference_url	https://access.redhat.com/errata/RHSA-2015:1009
reference_id	RHSA-2015:1009
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:1009

fixed_packages

url	pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3.0.9.Final
purl	pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3.0.9.Final
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3.0.9.Final

aliases CVE-2014-3490, GHSA-qjpq-5pq3-43rr

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2rya-81tn-w7hw

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@1.2.1-10.CP02_patch01

Package Instance