Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.eclipse.jetty.ee9/jetty-ee9-servlets@12.0.0-beta1
Typemaven
Namespaceorg.eclipse.jetty.ee9
Namejetty-ee9-servlets
Version12.0.0-beta1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version12.0.3
Latest_non_vulnerable_version12.0.3
Affected_by_vulnerabilities
0
url VCID-thpu-76e5-j3d3
vulnerability_id VCID-thpu-76e5-j3d3
summary 
Jetty vulnerable to errant command quoting in CGI Servlet
If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested.

```java
if (execCmd.length() > 0 && execCmd.charAt(0) != '"' && execCmd.contains(" "))
execCmd = "\"" + execCmd + "\"";
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36479.json
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36479.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-36479
reference_id
reference_type
scores
0
value 0.01383
scoring_system epss
scoring_elements 0.80385
published_at 2026-04-29T12:55:00Z
1
value 0.01383
scoring_system epss
scoring_elements 0.80255
published_at 2026-04-02T12:55:00Z
2
value 0.01383
scoring_system epss
scoring_elements 0.80276
published_at 2026-04-04T12:55:00Z
3
value 0.01383
scoring_system epss
scoring_elements 0.80264
published_at 2026-04-07T12:55:00Z
4
value 0.01383
scoring_system epss
scoring_elements 0.80291
published_at 2026-04-08T12:55:00Z
5
value 0.01383
scoring_system epss
scoring_elements 0.80302
published_at 2026-04-09T12:55:00Z
6
value 0.01383
scoring_system epss
scoring_elements 0.80321
published_at 2026-04-11T12:55:00Z
7
value 0.01383
scoring_system epss
scoring_elements 0.80306
published_at 2026-04-12T12:55:00Z
8
value 0.01383
scoring_system epss
scoring_elements 0.803
published_at 2026-04-13T12:55:00Z
9
value 0.01383
scoring_system epss
scoring_elements 0.8033
published_at 2026-04-16T12:55:00Z
10
value 0.01383
scoring_system epss
scoring_elements 0.80332
published_at 2026-04-18T12:55:00Z
11
value 0.01383
scoring_system epss
scoring_elements 0.80336
published_at 2026-04-21T12:55:00Z
12
value 0.01383
scoring_system epss
scoring_elements 0.80362
published_at 2026-04-24T12:55:00Z
13
value 0.01383
scoring_system epss
scoring_elements 0.80368
published_at 2026-04-26T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-36479
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26048
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26048
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26049
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26049
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36479
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36479
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40167
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40167
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41900
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41900
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/eclipse/jetty.project
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse/jetty.project
9
reference_url https://github.com/eclipse/jetty.project/pull/9516
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T15:04:27Z/
url https://github.com/eclipse/jetty.project/pull/9516
10
reference_url https://github.com/eclipse/jetty.project/pull/9888
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T15:04:27Z/
url https://github.com/eclipse/jetty.project/pull/9888
11
reference_url https://github.com/eclipse/jetty.project/pull/9889
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T15:04:27Z/
url https://github.com/eclipse/jetty.project/pull/9889
12
reference_url https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T15:04:27Z/
url https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html
13
reference_url https://www.debian.org/security/2023/dsa-5507
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T15:04:27Z/
url https://www.debian.org/security/2023/dsa-5507
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2239630
reference_id 2239630
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2239630
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-36479
reference_id CVE-2023-36479
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-36479
16
reference_url https://github.com/advisories/GHSA-3gh6-v5v9-6v9j
reference_id GHSA-3gh6-v5v9-6v9j
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3gh6-v5v9-6v9j
17
reference_url https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j
reference_id GHSA-3gh6-v5v9-6v9j
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T15:04:27Z/
url https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j
18
reference_url https://access.redhat.com/errata/RHSA-2024:0797
reference_id RHSA-2024:0797
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0797
fixed_packages
0
url pkg:maven/org.eclipse.jetty.ee9/jetty-ee9-servlets@12.0.0-beta2
purl pkg:maven/org.eclipse.jetty.ee9/jetty-ee9-servlets@12.0.0-beta2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty.ee9/jetty-ee9-servlets@12.0.0-beta2
aliases CVE-2023-36479, GHSA-3gh6-v5v9-6v9j
risk_score 1.6
exploitability 0.5
weighted_severity 3.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-thpu-76e5-j3d3
Fixing_vulnerabilities
Risk_score1.6
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty.ee9/jetty-ee9-servlets@12.0.0-beta1