{"url":"http://public2.vulnerablecode.io/api/packages/53567?format=json","purl":"pkg:maven/org.apache.cxf.fediz/apache-fediz@1.3.2","type":"maven","namespace":"org.apache.cxf.fediz","name":"apache-fediz","version":"1.3.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.3.3","latest_non_vulnerable_version":"1.4.4","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38616?format=json","vulnerability_id":"VCID-65a6-3ngq-kke9","summary":"Cross-Site Request Forgery (CSRF)\nApache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications that were found vulnerable to Cross-Site Request Forgery.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7661","reference_id":"CVE-2017-7661","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7661"},{"reference_url":"http://cxf.apache.org/security-advisories.data/CVE-2017-7661.txt.asc","reference_id":"CVE-2017-7661.TXT.ASC","reference_type":"","scores":[],"url":"http://cxf.apache.org/security-advisories.data/CVE-2017-7661.txt.asc"},{"reference_url":"https://github.com/advisories/GHSA-whw7-h25v-9qvx","reference_id":"GHSA-whw7-h25v-9qvx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-whw7-h25v-9qvx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53570?format=json","purl":"pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.1"}],"aliases":["CVE-2017-7661","GHSA-whw7-h25v-9qvx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-65a6-3ngq-kke9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38617?format=json","vulnerability_id":"VCID-kyy8-szgp-bkfh","summary":"Cross-Site Request Forgery (CSRF)\nA malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active.","references":[{"reference_url":"https://github.com/apache/cxf-fediz/commit/c68e4820816c19241568f4a8fe8600bffb0243cd","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/cxf-fediz/commit/c68e4820816c19241568f4a8fe8600bffb0243cd"},{"reference_url":"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"http://www.securitytracker.com/id/1038498","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1038498"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7662","reference_id":"CVE-2017-7662","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7662"},{"reference_url":"http://cxf.apache.org/security-advisories.data/CVE-2017-7662.txt.asc","reference_id":"CVE-2017-7662.TXT.ASC","reference_type":"","scores":[],"url":"http://cxf.apache.org/security-advisories.data/CVE-2017-7662.txt.asc"},{"reference_url":"https://github.com/advisories/GHSA-f5ch-36rg-vfcc","reference_id":"GHSA-f5ch-36rg-vfcc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f5ch-36rg-vfcc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53571?format=json","purl":"pkg:maven/org.apache.cxf.fediz/apache-fediz@1.3.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf.fediz/apache-fediz@1.3.3"},{"url":"http://public2.vulnerablecode.io/api/packages/53570?format=json","purl":"pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.1"}],"aliases":["CVE-2017-7662","GHSA-f5ch-36rg-vfcc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kyy8-szgp-bkfh"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf.fediz/apache-fediz@1.3.2"}