Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/io.micronaut/micronaut-http-server-netty@1.3.2
Typemaven
Namespaceio.micronaut
Namemicronaut-http-server-netty
Version1.3.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.8.3
Latest_non_vulnerable_version3.8.3
Affected_by_vulnerabilities
0
url VCID-3gux-w76g-fyam
vulnerability_id VCID-3gux-w76g-fyam
summary 
Path Traversal
Micronaut is a JVM-based, full stack Java framework designed for building JVM applications. With a basic configuration, it is possible to access any file from a filesystem, using `"/../../"` in the URL. This occurs because Micronaut does not restrict file access to configured paths.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32769
reference_id
reference_type
scores
0
value 0.00436
scoring_system epss
scoring_elements 0.63381
published_at 2026-06-09T12:55:00Z
1
value 0.00436
scoring_system epss
scoring_elements 0.63336
published_at 2026-06-04T12:55:00Z
2
value 0.00436
scoring_system epss
scoring_elements 0.63379
published_at 2026-06-05T12:55:00Z
3
value 0.00436
scoring_system epss
scoring_elements 0.63387
published_at 2026-06-06T12:55:00Z
4
value 0.00436
scoring_system epss
scoring_elements 0.63377
published_at 2026-06-07T12:55:00Z
5
value 0.00436
scoring_system epss
scoring_elements 0.63364
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32769
1
reference_url https://github.com/micronaut-projects/micronaut-core/commit/a0cfeb13bf1ef5d692d16d4a3b91b34b7456bb11
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/micronaut-projects/micronaut-core/commit/a0cfeb13bf1ef5d692d16d4a3b91b34b7456bb11
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32769
reference_id CVE-2021-32769
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32769
3
reference_url https://github.com/advisories/GHSA-cjx7-399x-p2rj
reference_id GHSA-cjx7-399x-p2rj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cjx7-399x-p2rj
4
reference_url https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-cjx7-399x-p2rj
reference_id GHSA-cjx7-399x-p2rj
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-cjx7-399x-p2rj
fixed_packages
0
url pkg:maven/io.micronaut/micronaut-http-server-netty@2.5.9
purl pkg:maven/io.micronaut/micronaut-http-server-netty@2.5.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nquu-8vyb-9qap
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.micronaut/micronaut-http-server-netty@2.5.9
aliases CVE-2021-32769, GHSA-cjx7-399x-p2rj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3gux-w76g-fyam
1
url VCID-nquu-8vyb-9qap
vulnerability_id VCID-nquu-8vyb-9qap
summary 
Improper Control of a Resource Through its Lifetime
Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought. A malicious/compromised website can make HTTP requests to `localhost`. Normally, such requests would trigger a CORS preflight check which would prevent the request; however, some requests are "simple" and do not require a preflight check. These endpoints, if enabled and not secured, is vulnerable to being triggered. Production environments typically disable unused endpoints and secure/restrict access to needed endpoints. A more likely victim is the developer in their local development host, who has enabled endpoints without security for the sake of easing development. This issue has been addressed in version 3.8.3. Users are advised to upgrade.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-23639
reference_id
reference_type
scores
0
value 0.00036
scoring_system epss
scoring_elements 0.10933
published_at 2026-06-09T12:55:00Z
1
value 0.00036
scoring_system epss
scoring_elements 0.10918
published_at 2026-06-08T12:55:00Z
2
value 0.00036
scoring_system epss
scoring_elements 0.10999
published_at 2026-06-07T12:55:00Z
3
value 0.00036
scoring_system epss
scoring_elements 0.11034
published_at 2026-06-06T12:55:00Z
4
value 0.00036
scoring_system epss
scoring_elements 0.11041
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-23639
1
reference_url https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T15:05:36Z/
url https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests
2
reference_url https://github.com/micronaut-projects/micronaut-core
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/micronaut-projects/micronaut-core
3
reference_url https://github.com/micronaut-projects/micronaut-core/commit/01adb21e57137caaf7004313d2055c5a78b1f47b
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/micronaut-projects/micronaut-core/commit/01adb21e57137caaf7004313d2055c5a78b1f47b
4
reference_url https://github.com/micronaut-projects/micronaut-core/pull/8642
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/micronaut-projects/micronaut-core/pull/8642
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-23639
reference_id CVE-2024-23639
reference_type
scores
0
value 5.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-23639
6
reference_url https://github.com/advisories/GHSA-583g-g682-crxf
reference_id GHSA-583g-g682-crxf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-583g-g682-crxf
7
reference_url https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-583g-g682-crxf
reference_id GHSA-583g-g682-crxf
reference_type
scores
0
value 5.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T15:05:36Z/
url https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-583g-g682-crxf
fixed_packages
0
url pkg:maven/io.micronaut/micronaut-http-server-netty@3.8.3
purl pkg:maven/io.micronaut/micronaut-http-server-netty@3.8.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.micronaut/micronaut-http-server-netty@3.8.3
aliases CVE-2024-23639, GHSA-583g-g682-crxf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nquu-8vyb-9qap
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/io.micronaut/micronaut-http-server-netty@1.3.2