Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.eclipse.californium/scandium@2.7.1
Typemaven
Namespaceorg.eclipse.californium
Namescandium
Version2.7.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.7.4
Latest_non_vulnerable_version3.7.0
Affected_by_vulnerabilities
0
url VCID-3hrj-jepp-fyet
vulnerability_id VCID-3hrj-jepp-fyet
summary Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. In versions prior to 3.7.0, and 2.7.4, Californium is vulnerable to a Denial of Service. Failing handshakes don't cleanup counters for throttling, causing the threshold to be reached without being released again. This results in permanently dropping records. The issue was reported for certificate based handshakes, but may also affect PSK based handshakes. It generally affects client and server as well. This issue is patched in version 3.7.0 and 2.7.4. There are no known workarounds. main: commit 726bac57659410da463dcf404b3e79a7312ac0b9 2.7.x: commit 5648a0c27c2c2667c98419254557a14bac2b1f3f
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-39368.json
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-39368.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-39368
reference_id
reference_type
scores
0
value 0.00149
scoring_system epss
scoring_elements 0.3534
published_at 2026-06-12T12:55:00Z
1
value 0.00149
scoring_system epss
scoring_elements 0.35163
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-39368
2
reference_url https://cwe.mitre.org/data/definitions/452.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cwe.mitre.org/data/definitions/452.html
3
reference_url https://github.com/eclipse-californium/californium
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse-californium/californium
4
reference_url https://github.com/eclipse-californium/californium/issues/2065
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse-californium/californium/issues/2065
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2145205
reference_id 2145205
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2145205
6
reference_url https://github.com/eclipse-californium/californium/commit/5648a0c27c2c2667c98419254557a14bac2b1f3f
reference_id 5648a0c27c2c2667c98419254557a14bac2b1f3f
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:49:13Z/
url https://github.com/eclipse-californium/californium/commit/5648a0c27c2c2667c98419254557a14bac2b1f3f
7
reference_url https://github.com/eclipse-californium/californium/commit/726bac57659410da463dcf404b3e79a7312ac0b9
reference_id 726bac57659410da463dcf404b3e79a7312ac0b9
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:49:13Z/
url https://github.com/eclipse-californium/californium/commit/726bac57659410da463dcf404b3e79a7312ac0b9
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-39368
reference_id CVE-2022-39368
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-39368
9
reference_url https://github.com/advisories/GHSA-p72g-cgh9-ghjg
reference_id GHSA-p72g-cgh9-ghjg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p72g-cgh9-ghjg
10
reference_url https://github.com/eclipse-californium/californium/security/advisories/GHSA-p72g-cgh9-ghjg
reference_id GHSA-p72g-cgh9-ghjg
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:49:13Z/
url https://github.com/eclipse-californium/californium/security/advisories/GHSA-p72g-cgh9-ghjg
11
reference_url https://access.redhat.com/errata/RHSA-2023:2100
reference_id RHSA-2023:2100
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2100
12
reference_url https://access.redhat.com/errata/RHSA-2023:3906
reference_id RHSA-2023:3906
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3906
fixed_packages
0
url pkg:maven/org.eclipse.californium/scandium@2.7.4
purl pkg:maven/org.eclipse.californium/scandium@2.7.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.californium/scandium@2.7.4
1
url pkg:maven/org.eclipse.californium/scandium@3.7.0
purl pkg:maven/org.eclipse.californium/scandium@3.7.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.californium/scandium@3.7.0
aliases CVE-2022-39368, GHSA-p72g-cgh9-ghjg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3hrj-jepp-fyet
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.californium/scandium@2.7.1