Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.springframework.webflow/spring-webflow@2.4.0
Typemaven
Namespaceorg.springframework.webflow
Namespring-webflow
Version2.4.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.4.5.RELEASE
Latest_non_vulnerable_version2.4.6.RELEASE
Affected_by_vulnerabilities
0
url VCID-118m-ekmk-wbgc
vulnerability_id VCID-118m-ekmk-wbgc
summary 
Data Binding Expression Vulnerability
Applications that do not change the value of the `MvcViewFactoryCreator` `useSpringBinding` property which is disabled by default (`i.e.`, set to `false`) can be vulnerable to malicious EL expressions in view states that process form submissions but do not have a sub-element to declare explicit data binding property mappings.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4971
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4971
1
reference_url https://jira.spring.io/browse/SWF-1700
reference_id
reference_type
scores
url https://jira.spring.io/browse/SWF-1700
2
reference_url http://www.securityfocus.com/bid/98785
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/98785
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-4971
reference_id CVE-2017-4971
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-4971
4
reference_url https://pivotal.io/security/cve-2017-4971
reference_id CVE-2017-4971
reference_type
scores
url https://pivotal.io/security/cve-2017-4971
fixed_packages
0
url pkg:maven/org.springframework.webflow/spring-webflow@2.4.5.RELEASE
purl pkg:maven/org.springframework.webflow/spring-webflow@2.4.5.RELEASE
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.webflow/spring-webflow@2.4.5.RELEASE
aliases CVE-2017-4971
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-118m-ekmk-wbgc
1
url VCID-typx-8qp2-y3ec
vulnerability_id VCID-typx-8qp2-y3ec
summary 
Insecure Default Initialization of Resource
Applications that do not change the value of the `MvcViewFactoryCreator` `useSpringBinding` property which is disabled by default can be vulnerable to malicious EL expressions in view states that process form submissions but do not have a sub-element to declare explicit data binding property mappings.
references
0
reference_url http://www.securityfocus.com/bid/100849
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/100849
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-8039
reference_id CVE-2017-8039
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-8039
2
reference_url https://pivotal.io/security/cve-2017-8039
reference_id CVE-2017-8039
reference_type
scores
url https://pivotal.io/security/cve-2017-8039
fixed_packages
0
url pkg:maven/org.springframework.webflow/spring-webflow@2.4.6.RELEASE
purl pkg:maven/org.springframework.webflow/spring-webflow@2.4.6.RELEASE
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.webflow/spring-webflow@2.4.6.RELEASE
aliases CVE-2017-8039
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-typx-8qp2-y3ec
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.webflow/spring-webflow@2.4.0