Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.2

Type maven

Namespace org.apache.openmeetings

Name openmeetings-parent

Version 3.1.2

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 3.3.0

Latest_non_vulnerable_version 7.1.0

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-13a5-bd9x-g7c1

vulnerability_id VCID-13a5-bd9x-g7c1

summary

Cross-site Scripting
A Cross-site scripting (XSS) vulnerability in Apache OpenMeetings allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event.

references

reference_url	http://openmeetings.apache.org/security.html
reference_id
reference_type
scores
url	http://openmeetings.apache.org/security.html

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2016-2163
reference_id	CVE-2016-2163
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2016-2163

fixed_packages

url	pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.2
purl	pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.2

aliases CVE-2016-2163

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-13a5-bd9x-g7c1

url VCID-h2vq-z9kt-5fe2

vulnerability_id VCID-h2vq-z9kt-5fe2

summary

Information Exposure
The (1) `FileService.importFileByInternalUserId` and (2) `FileService.importFile` SOAP API methods in Apache OpenMeetings improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file.

references

reference_url	http://openmeetings.apache.org/security.html
reference_id
reference_type
scores
url	http://openmeetings.apache.org/security.html

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2016-2164
reference_id	CVE-2016-2164
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2016-2164

fixed_packages

url	pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.2
purl	pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.2

aliases CVE-2016-2164

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h2vq-z9kt-5fe2

url VCID-r6n7-g747-a7cm

vulnerability_id VCID-r6n7-g747-a7cm

summary

Cross-site Scripting
Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings allows remote attackers to inject arbitrary web script or HTML via the `swf` parameter.

references

reference_url	http://openmeetings.apache.org/security.html
reference_id
reference_type
scores
url	http://openmeetings.apache.org/security.html

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2016-3089
reference_id	CVE-2016-3089
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2016-3089

fixed_packages

url	pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.2
purl	pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.2

aliases CVE-2016-3089

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r6n7-g747-a7cm

url VCID-wzcc-gkzc-u3cp

vulnerability_id VCID-wzcc-gkzc-u3cp

summary

Deserialization of Untrusted Data
Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack.

references

reference_url	http://openmeetings.markmail.org/thread/tr47byaaopnemvne
reference_id
reference_type
scores
url	http://openmeetings.markmail.org/thread/tr47byaaopnemvne

reference_url	http://www.securityfocus.com/bid/94145
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94145

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2016-8736
reference_id	CVE-2016-8736
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2016-8736

reference_url	https://github.com/advisories/GHSA-6cpg-3w7f-j67q
reference_id	GHSA-6cpg-3w7f-j67q
reference_type
scores
url	https://github.com/advisories/GHSA-6cpg-3w7f-j67q

fixed_packages

url	pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.2
purl	pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.2

aliases CVE-2016-8736, GHSA-6cpg-3w7f-j67q

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wzcc-gkzc-u3cp

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.2

Package Instance