Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.derby/derby@10.1.1.0
Typemaven
Namespaceorg.apache.derby
Namederby
Version10.1.1.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version10.17.1.0
Latest_non_vulnerable_version10.17.1.0
Affected_by_vulnerabilities
0
url VCID-5zyr-6ee7-1yeu
vulnerability_id VCID-5zyr-6ee7-1yeu
summary 
Exposure of Sensitive Information to an Unauthorized Actor
Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
references
0
reference_url http://db.apache.org/derby/releases/release-10.1.2.1.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://db.apache.org/derby/releases/release-10.1.2.1.html
1
reference_url http://issues.apache.org/jira/browse/DERBY-530
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://issues.apache.org/jira/browse/DERBY-530
2
reference_url http://issues.apache.org/jira/browse/DERBY-559
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://issues.apache.org/jira/browse/DERBY-559
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2005-4849
reference_id
reference_type
scores
0
value 0.02646
scoring_system epss
scoring_elements 0.86002
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2005-4849
4
reference_url https://github.com/apache/derby
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/derby
5
reference_url https://github.com/apache/derby/commit/09a7325f75a4f96a7735e46c9723930f88ea2613
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/derby/commit/09a7325f75a4f96a7735e46c9723930f88ea2613
6
reference_url https://github.com/apache/derby/commit/82d721fd53e30dbb86d6d742c085030985091968
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/derby/commit/82d721fd53e30dbb86d6d742c085030985091968
7
reference_url https://github.com/apache/derby/commit/fd24a7590ff5426bac68303fbeca07dbc5067412
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/derby/commit/fd24a7590ff5426bac68303fbeca07dbc5067412
8
reference_url http://svn.apache.org/viewvc?view=revision&revision=289672
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://svn.apache.org/viewvc?view=revision&revision=289672
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2005-4849
reference_id CVE-2005-4849
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2005-4849
10
reference_url https://github.com/advisories/GHSA-rp7r-79rm-2758
reference_id GHSA-rp7r-79rm-2758
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rp7r-79rm-2758
fixed_packages
0
url pkg:maven/org.apache.derby/derby@10.1.2.1
purl pkg:maven/org.apache.derby/derby@10.1.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.derby/derby@10.1.2.1
aliases CVE-2005-4849, GHSA-rp7r-79rm-2758
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5zyr-6ee7-1yeu
1
url VCID-k4bt-rpme-bfc7
vulnerability_id VCID-k4bt-rpme-bfc7
summary 
Apache Derby: LDAP injection vulnerability in authenticator
A cleverly devised username might bypass LDAP authentication checks. In 
LDAP-authenticated Derby installations, this could let an attacker fill 
up the disk by creating junk Derby databases. In LDAP-authenticated 
Derby installations, this could also allow the attacker to execute 
malware which was visible to and executable by the account which booted 
the Derby server. In LDAP-protected databases which weren't also 
protected by SQL GRANT/REVOKE authorization, this vulnerability could 
also let an attacker view and corrupt sensitive data and run sensitive 
database functions and procedures.

Mitigation:

Users should upgrade to Java 21 and Derby 10.17.1.0.

Alternatively, users who wish to remain on older Java versions should 
build their own Derby distribution from one of the release families to 
which the fix was backported: 10.16, 10.15, and 10.14. Those are the 
releases which correspond, respectively, with Java LTS versions 17, 11, 
and 8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-46337
reference_id
reference_type
scores
0
value 0.00047
scoring_system epss
scoring_elements 0.14806
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-46337
1
reference_url https://github.com/apache/derby
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/derby
2
reference_url https://issues.apache.org/jira/browse/DERBY-7147
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/DERBY-7147
3
reference_url https://lists.apache.org/thread/q23kvvtoohgzwybxpwozmvvk17rp0td3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-10T13:43:46Z/
url https://lists.apache.org/thread/q23kvvtoohgzwybxpwozmvvk17rp0td3
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056755
reference_id 1056755
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056755
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-46337
reference_id CVE-2022-46337
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-46337
6
reference_url https://github.com/advisories/GHSA-rcjc-c4pj-xxrp
reference_id GHSA-rcjc-c4pj-xxrp
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rcjc-c4pj-xxrp
fixed_packages
0
url pkg:maven/org.apache.derby/derby@10.14.3
purl pkg:maven/org.apache.derby/derby@10.14.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.derby/derby@10.14.3
1
url pkg:maven/org.apache.derby/derby@10.15.2.1
purl pkg:maven/org.apache.derby/derby@10.15.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.derby/derby@10.15.2.1
2
url pkg:maven/org.apache.derby/derby@10.16.1.2
purl pkg:maven/org.apache.derby/derby@10.16.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.derby/derby@10.16.1.2
3
url pkg:maven/org.apache.derby/derby@10.17.1.0
purl pkg:maven/org.apache.derby/derby@10.17.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.derby/derby@10.17.1.0
aliases CVE-2022-46337, GHSA-rcjc-c4pj-xxrp
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k4bt-rpme-bfc7
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.derby/derby@10.1.1.0