Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.jackrabbit/jackrabbit-core@1.4.10
Typemaven
Namespaceorg.apache.jackrabbit
Namejackrabbit-core
Version1.4.10
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.22.2
Latest_non_vulnerable_version2.23.2-beta
Affected_by_vulnerabilities
0
url VCID-4ms6-rggq-dqhn
vulnerability_id VCID-4ms6-rggq-dqhn
summary 
Apache Jackrabbit: Core and JCR Commons are vulnerable to Deserialization of Untrusted Data
There is a serialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons.

This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1.

Deployments that accept JNDI URIs for JCR lookup from untrusted users allows them to inject malicious JNDI references, potentially leading to arbitrary code execution through deserialization of untrusted data. Users are recommended to upgrade to version 2.22.2. JCR lookup through JNDI has been disabled by default in 2.22.2. Users of this feature need to enable it explicitly and are adviced to review their use of JNDI URI for JCR lookup.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58782.json
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58782.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-58782
reference_id
reference_type
scores
0
value 0.00579
scoring_system epss
scoring_elements 0.69285
published_at 2026-06-09T12:55:00Z
1
value 0.00579
scoring_system epss
scoring_elements 0.69281
published_at 2026-06-05T12:55:00Z
2
value 0.00579
scoring_system epss
scoring_elements 0.69289
published_at 2026-06-06T12:55:00Z
3
value 0.00579
scoring_system epss
scoring_elements 0.6928
published_at 2026-06-07T12:55:00Z
4
value 0.00579
scoring_system epss
scoring_elements 0.69265
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-58782
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58782
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58782
3
reference_url https://github.com/apache/jackrabbit
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/jackrabbit
4
reference_url https://github.com/apache/jackrabbit/pull/229
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/jackrabbit/pull/229
5
reference_url https://issues.apache.org/jira/browse/JCR-5135
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/JCR-5135
6
reference_url https://lists.apache.org/thread/t4wdrost6dh17dh406g792j9wq6xmy6v
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-08T19:54:59Z/
url https://lists.apache.org/thread/t4wdrost6dh17dh406g792j9wq6xmy6v
7
reference_url http://www.openwall.com/lists/oss-security/2025/09/06/3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/09/06/3
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1114861
reference_id 1114861
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1114861
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2393816
reference_id 2393816
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2393816
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-58782
reference_id CVE-2025-58782
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-58782
11
reference_url https://github.com/advisories/GHSA-cxvc-g8f2-4gmm
reference_id GHSA-cxvc-g8f2-4gmm
reference_type
scores
url https://github.com/advisories/GHSA-cxvc-g8f2-4gmm
fixed_packages
0
url pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.22.2
purl pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.22.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.22.2
aliases CVE-2025-58782, GHSA-cxvc-g8f2-4gmm
risk_score 3.5
exploitability 0.5
weighted_severity 6.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4ms6-rggq-dqhn
1
url VCID-gf7s-hs5a-sbbz
vulnerability_id VCID-gf7s-hs5a-sbbz
summary 
Improper Input Validation
XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request.
references
0
reference_url http://mail-archives.apache.org/mod_mbox/jackrabbit-announce/201505.mbox/%3C555DA644.8080908%40greenbytes.de%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://mail-archives.apache.org/mod_mbox/jackrabbit-announce/201505.mbox/%3C555DA644.8080908%40greenbytes.de%3E
1
reference_url http://packetstormsecurity.com/files/132005/Jackrabbit-WebDAV-XXE-Injection.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/132005/Jackrabbit-WebDAV-XXE-Injection.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1833.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1833.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-1833
reference_id
reference_type
scores
0
value 0.31034
scoring_system epss
scoring_elements 0.96846
published_at 2026-06-07T12:55:00Z
1
value 0.31034
scoring_system epss
scoring_elements 0.96845
published_at 2026-06-08T12:55:00Z
2
value 0.31034
scoring_system epss
scoring_elements 0.96841
published_at 2026-06-05T12:55:00Z
3
value 0.31034
scoring_system epss
scoring_elements 0.96837
published_at 2026-06-04T12:55:00Z
4
value 0.31034
scoring_system epss
scoring_elements 0.9685
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-1833
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1833
5
reference_url https://github.com/apache/jackrabbit
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/jackrabbit
6
reference_url https://github.com/apache/jackrabbit/commit/17e9f68f5a3f05ded20569777a7b07422680612d
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/jackrabbit/commit/17e9f68f5a3f05ded20569777a7b07422680612d
7
reference_url https://github.com/apache/jackrabbit/commit/26e601934d0f439f0a61d62265f52936d79df40d
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/jackrabbit/commit/26e601934d0f439f0a61d62265f52936d79df40d
8
reference_url https://github.com/apache/jackrabbit/commit/3903739363b79deb7579802fbc27b9b7448218b2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/jackrabbit/commit/3903739363b79deb7579802fbc27b9b7448218b2
9
reference_url https://github.com/apache/jackrabbit/commit/6191b366c607e65325a0116097aca8a359b36486
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/jackrabbit/commit/6191b366c607e65325a0116097aca8a359b36486
10
reference_url https://github.com/apache/jackrabbit/commit/89c5c4ed6ab250ad609829517f167d2dbe0abdd0
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/jackrabbit/commit/89c5c4ed6ab250ad609829517f167d2dbe0abdd0
11
reference_url https://github.com/apache/jackrabbit/commit/b7fa1ae39641936872617ff95363353b0345b777
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/jackrabbit/commit/b7fa1ae39641936872617ff95363353b0345b777
12
reference_url https://github.com/apache/jackrabbit/commit/ddf9a3cd408397d0805917299c4114b09449373d
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/jackrabbit/commit/ddf9a3cd408397d0805917299c4114b09449373d
13
reference_url https://issues.apache.org/jira/browse/JCR-3883
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/JCR-3883
14
reference_url https://www.exploit-db.com/exploits/37110
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/37110
15
reference_url https://www.exploit-db.com/exploits/37110/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/37110/
16
reference_url http://www.apache.org/dist/jackrabbit/2.10.1/RELEASE-NOTES.txt
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.apache.org/dist/jackrabbit/2.10.1/RELEASE-NOTES.txt
17
reference_url http://www.debian.org/security/2015/dsa-3298
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2015/dsa-3298
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1223883
reference_id 1223883
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1223883
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787316
reference_id 787316
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787316
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-1833
reference_id CVE-2015-1833
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-1833
21
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/37110.py
reference_id CVE-2015-1833;OSVDB-122382
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/37110.py
22
reference_url https://github.com/advisories/GHSA-9284-j4c9-779q
reference_id GHSA-9284-j4c9-779q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9284-j4c9-779q
fixed_packages
0
url pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.0.6
purl pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.0.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.0.6
1
url pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.1.0
purl pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4ms6-rggq-dqhn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.1.0
2
url pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.2.14
purl pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.2.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.2.14
3
url pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.3.0
purl pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4ms6-rggq-dqhn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.3.0
4
url pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.4.6
purl pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.4.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4ms6-rggq-dqhn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.4.6
5
url pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.6.6
purl pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.6.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4ms6-rggq-dqhn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.6.6
6
url pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.8.1
purl pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4ms6-rggq-dqhn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.8.1
7
url pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.10.1
purl pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4ms6-rggq-dqhn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.10.1
aliases CVE-2015-1833, GHSA-9284-j4c9-779q
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gf7s-hs5a-sbbz
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/jackrabbit-core@1.4.10