Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.4

Type maven

Namespace org.apache.cxf.fediz

Name apache-fediz

Version 1.4.4

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-3579-h8fu-j7e5

vulnerability_id VCID-3579-h8fu-j7e5

summary

Improper Input Validation
Versions of Apache CXF Fediz do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-8038

reference_id

reference_type

scores

value	0.50435
scoring_system	epss
scoring_elements	0.97892
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-8038

reference_url

https://github.com/apache/cxf-fediz/commit/b6ed9865d0614332fa419fe4b6d0fe81bc2e660d

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/cxf-fediz/commit/b6ed9865d0614332fa419fe4b6d0fe81bc2e660d

reference_url

https://lists.apache.org/thread.html/f0a6a05ec3b3a00458da43712b0ff3a2f573175d9bfb39fb0de21424@%3Cdev.cxf.apache.org%3E

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/f0a6a05ec3b3a00458da43712b0ff3a2f573175d9bfb39fb0de21424@%3Cdev.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E

reference_url

http://www.securitytracker.com/id/1041220

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securitytracker.com/id/1041220

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-8038

reference_id

CVE-2018-8038

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-8038

reference_url

http://cxf.apache.org/security-advisories.data/CVE-2018-8038.txt.asc

reference_id

CVE-2018-8038.TXT.ASC

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://cxf.apache.org/security-advisories.data/CVE-2018-8038.txt.asc

reference_url

https://github.com/advisories/GHSA-w3gh-g32m-cvhr

reference_id

GHSA-w3gh-g32m-cvhr

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-w3gh-g32m-cvhr

fixed_packages

url	pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.4
purl	pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.4

aliases CVE-2018-8038, GHSA-w3gh-g32m-cvhr

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3579-h8fu-j7e5

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.4

Package Instance