Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/commons-configuration2@2.8.0-1?distro=trixie
Typedeb
Namespacedebian
Namecommons-configuration2
Version2.8.0-1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.10.1-1
Latest_non_vulnerable_version2.11.0-3
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-mbst-3bec-ykcq
vulnerability_id VCID-mbst-3bec-ykcq
summary 
Code injection in Apache Commons Configuration
Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators by default.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-33980.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-33980.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-33980
reference_id
reference_type
scores
0
value 0.86659
scoring_system epss
scoring_elements 0.99425
published_at 2026-04-29T12:55:00Z
1
value 0.86659
scoring_system epss
scoring_elements 0.9942
published_at 2026-04-11T12:55:00Z
2
value 0.86659
scoring_system epss
scoring_elements 0.99423
published_at 2026-04-21T12:55:00Z
3
value 0.86659
scoring_system epss
scoring_elements 0.99424
published_at 2026-04-16T12:55:00Z
4
value 0.86659
scoring_system epss
scoring_elements 0.99422
published_at 2026-04-13T12:55:00Z
5
value 0.86659
scoring_system epss
scoring_elements 0.99421
published_at 2026-04-12T12:55:00Z
6
value 0.86659
scoring_system epss
scoring_elements 0.99414
published_at 2026-04-02T12:55:00Z
7
value 0.86659
scoring_system epss
scoring_elements 0.99417
published_at 2026-04-07T12:55:00Z
8
value 0.86659
scoring_system epss
scoring_elements 0.99418
published_at 2026-04-08T12:55:00Z
9
value 0.86659
scoring_system epss
scoring_elements 0.99419
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-33980
2
reference_url https://commons.apache.org/proper/commons-configuration/changes-report.html#a2.8.0
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://commons.apache.org/proper/commons-configuration/changes-report.html#a2.8.0
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33980
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33980
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/apache/commons-configuration
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/commons-configuration
6
reference_url https://issues.apache.org/jira/browse/CONFIGURATION-753
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/CONFIGURATION-753
7
reference_url https://issues.apache.org/jira/browse/CONFIGURATION-764
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/CONFIGURATION-764
8
reference_url https://lists.apache.org/thread/tdf5n7j80lfxdhs2764vn0xmpfodm87s
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/tdf5n7j80lfxdhs2764vn0xmpfodm87s
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-33980
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-33980
10
reference_url https://security.netapp.com/advisory/ntap-20221028-0015
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20221028-0015
11
reference_url https://security.netapp.com/advisory/ntap-20221028-0015/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20221028-0015/
12
reference_url https://www.debian.org/security/2022/dsa-5290
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5290
13
reference_url http://www.openwall.com/lists/oss-security/2022/07/06/5
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/07/06/5
14
reference_url http://www.openwall.com/lists/oss-security/2022/11/15/4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/11/15/4
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014960
reference_id 1014960
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014960
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2105067
reference_id 2105067
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2105067
17
reference_url https://github.com/advisories/GHSA-xj57-8qj4-c4m6
reference_id GHSA-xj57-8qj4-c4m6
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xj57-8qj4-c4m6
18
reference_url https://access.redhat.com/errata/RHSA-2022:6916
reference_id RHSA-2022:6916
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6916
19
reference_url https://access.redhat.com/errata/RHSA-2022:8652
reference_id RHSA-2022:8652
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8652
20
reference_url https://access.redhat.com/errata/RHSA-2023:2097
reference_id RHSA-2023:2097
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2097
fixed_packages
0
url pkg:deb/debian/commons-configuration2@2.8.0-1~deb11u1?distro=trixie
purl pkg:deb/debian/commons-configuration2@2.8.0-1~deb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7dw4-pssj-dqf8
1
vulnerability VCID-y9pv-wgb6-mfa7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/commons-configuration2@2.8.0-1~deb11u1%3Fdistro=trixie
1
url pkg:deb/debian/commons-configuration2@2.8.0-1?distro=trixie
purl pkg:deb/debian/commons-configuration2@2.8.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/commons-configuration2@2.8.0-1%3Fdistro=trixie
2
url pkg:deb/debian/commons-configuration2@2.8.0-2?distro=trixie
purl pkg:deb/debian/commons-configuration2@2.8.0-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7dw4-pssj-dqf8
1
vulnerability VCID-y9pv-wgb6-mfa7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/commons-configuration2@2.8.0-2%3Fdistro=trixie
3
url pkg:deb/debian/commons-configuration2@2.11.0-2?distro=trixie
purl pkg:deb/debian/commons-configuration2@2.11.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/commons-configuration2@2.11.0-2%3Fdistro=trixie
4
url pkg:deb/debian/commons-configuration2@2.11.0-3?distro=trixie
purl pkg:deb/debian/commons-configuration2@2.11.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/commons-configuration2@2.11.0-3%3Fdistro=trixie
aliases CVE-2022-33980, GHSA-xj57-8qj4-c4m6
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mbst-3bec-ykcq
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/commons-configuration2@2.8.0-1%3Fdistro=trixie