Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.openmeetings/openmeetings-parent@2.1.1
Typemaven
Namespaceorg.apache.openmeetings
Nameopenmeetings-parent
Version2.1.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.1.2
Latest_non_vulnerable_version7.1.0
Affected_by_vulnerabilities
0
url VCID-33h6-dtvw-kudy
vulnerability_id VCID-33h6-dtvw-kudy
summary 
Overly Permissive Cross-domain Whitelist
Apache OpenMeetings has an overly permissive `crossdomain.xml` file. This allows for flash content to be loaded from untrusted domains.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7680
reference_id CVE-2017-7680
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-7680
fixed_packages
0
url pkg:maven/org.apache.openmeetings/openmeetings-parent@3.3.0
purl pkg:maven/org.apache.openmeetings/openmeetings-parent@3.3.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.3.0
aliases CVE-2017-7680
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-33h6-dtvw-kudy
1
url VCID-4kqb-69nx-ffgr
vulnerability_id VCID-4kqb-69nx-ffgr
summary 
Information Exposure
Apache OpenMeetings displays Tomcat version and detailed error stack trace.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7683
reference_id CVE-2017-7683
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-7683
fixed_packages
0
url pkg:maven/org.apache.openmeetings/openmeetings-parent@3.3.0
purl pkg:maven/org.apache.openmeetings/openmeetings-parent@3.3.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.3.0
aliases CVE-2017-7683
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4kqb-69nx-ffgr
2
url VCID-73d7-xcav-67h3
vulnerability_id VCID-73d7-xcav-67h3
summary 
Cleartext Storage of Sensitive Information
Apache OpenMeetings updates user password in insecure manner.
references
0
reference_url http://www.securityfocus.com/bid/99586
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/99586
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7688
reference_id CVE-2017-7688
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-7688
fixed_packages
0
url pkg:maven/org.apache.openmeetings/openmeetings-parent@3.3.0
purl pkg:maven/org.apache.openmeetings/openmeetings-parent@3.3.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.3.0
aliases CVE-2017-7688
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-73d7-xcav-67h3
3
url VCID-7tkn-ptbs-ruhn
vulnerability_id VCID-7tkn-ptbs-ruhn
summary 
Trusting HTTP Permission Methods on the Server Side
Apache OpenMeetings responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH.
references
0
reference_url http://www.securityfocus.com/bid/99592
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/99592
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7685
reference_id CVE-2017-7685
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-7685
fixed_packages
0
url pkg:maven/org.apache.openmeetings/openmeetings-parent@3.3.0
purl pkg:maven/org.apache.openmeetings/openmeetings-parent@3.3.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.3.0
aliases CVE-2017-7685
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7tkn-ptbs-ruhn
4
url VCID-cy2v-sp7y-guba
vulnerability_id VCID-cy2v-sp7y-guba
summary 
Improper Restriction of Excessive Authentication Attempts
Apache OpenMeetings uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection.
references
0
reference_url http://www.securityfocus.com/bid/99587
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/99587
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7673
reference_id CVE-2017-7673
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-7673
fixed_packages
0
url pkg:maven/org.apache.openmeetings/openmeetings-parent@3.3.0
purl pkg:maven/org.apache.openmeetings/openmeetings-parent@3.3.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.3.0
aliases CVE-2017-7673
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cy2v-sp7y-guba
5
url VCID-g2md-yap1-pkhe
vulnerability_id VCID-g2md-yap1-pkhe
summary 
Uncontrolled Resource Consumption
Apache OpenMeetings does not check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server.
references
0
reference_url http://www.securityfocus.com/bid/99584
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/99584
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7684
reference_id CVE-2017-7684
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-7684
fixed_packages
0
url pkg:maven/org.apache.openmeetings/openmeetings-parent@3.3.0
purl pkg:maven/org.apache.openmeetings/openmeetings-parent@3.3.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.3.0
aliases CVE-2017-7684
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g2md-yap1-pkhe
6
url VCID-gpv8-hbup-pudv
vulnerability_id VCID-gpv8-hbup-pudv
summary Apache OpenMeetings is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7666
reference_id CVE-2017-7666
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-7666
fixed_packages
0
url pkg:maven/org.apache.openmeetings/openmeetings-parent@3.3.0
purl pkg:maven/org.apache.openmeetings/openmeetings-parent@3.3.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.3.0
aliases CVE-2017-7666
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gpv8-hbup-pudv
7
url VCID-sv6x-344a-uucy
vulnerability_id VCID-sv6x-344a-uucy
summary 
SQL Injection
Apache OpenMeetings is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7681
reference_id CVE-2017-7681
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-7681
fixed_packages
0
url pkg:maven/org.apache.openmeetings/openmeetings-parent@3.3.0
purl pkg:maven/org.apache.openmeetings/openmeetings-parent@3.3.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.3.0
aliases CVE-2017-7681
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sv6x-344a-uucy
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@2.1.1