Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.cxf.fediz/fediz-spring2@1.2.3

Type maven

Namespace org.apache.cxf.fediz

Name fediz-spring2

Version 1.2.3

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1.2.4

Latest_non_vulnerable_version 1.4.4

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-5cwu-zwsr-zqf8

vulnerability_id VCID-5cwu-zwsr-zqf8

summary

Improper Access Control
The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token with a trusted signature.

references

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2016-4464
reference_id	CVE-2016-4464
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2016-4464

reference_url	https://github.com/advisories/GHSA-qpwj-mvv7-v3m9
reference_id	GHSA-qpwj-mvv7-v3m9
reference_type
scores
url	https://github.com/advisories/GHSA-qpwj-mvv7-v3m9

fixed_packages

url	pkg:maven/org.apache.cxf.fediz/fediz-spring2@1.2.3
purl	pkg:maven/org.apache.cxf.fediz/fediz-spring2@1.2.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf.fediz/fediz-spring2@1.2.3

url	pkg:maven/org.apache.cxf.fediz/fediz-spring2@1.3.1
purl	pkg:maven/org.apache.cxf.fediz/fediz-spring2@1.3.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf.fediz/fediz-spring2@1.3.1

aliases CVE-2016-4464, GHSA-qpwj-mvv7-v3m9

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5cwu-zwsr-zqf8

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf.fediz/fediz-spring2@1.2.3

Package Instance