Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.infinispan/infinispan-core@9.3.1.Final

Type maven

Namespace org.infinispan

Name infinispan-core

Version 9.3.1.Final

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 10.0.0

Latest_non_vulnerable_version 15.0.0.Dev07

Affected_by_vulnerabilities

url VCID-35hm-5w35-2fax

vulnerability_id VCID-35hm-5w35-2fax

summary

references

reference_url

https://access.redhat.com/errata/RHSA-2020:0481

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2020:0481

reference_url

https://access.redhat.com/errata/RHSA-2020:0727

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2020:0727

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10174

reference_id

reference_type

scores

value	0.00882
scoring_system	epss
scoring_elements	0.75714
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10174

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10174

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10174

reference_url

https://github.com/infinispan/infinispan

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/infinispan/infinispan

reference_url

https://github.com/infinispan/infinispan/commit/5dbb05cfaca01a1a66732b82a0f5ba615ccbd214

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/infinispan/infinispan/commit/5dbb05cfaca01a1a66732b82a0f5ba615ccbd214

reference_url

https://github.com/infinispan/infinispan/commit/7bdc2822ccf79127a488130239c49a5e944e3ca2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/infinispan/infinispan/commit/7bdc2822ccf79127a488130239c49a5e944e3ca2

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10174

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10174

reference_url

https://security.netapp.com/advisory/ntap-20220210-0018

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220210-0018

reference_url	https://security.netapp.com/advisory/ntap-20220210-0018/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220210-0018/

reference_url	https://github.com/advisories/GHSA-h47x-2j37-fw5m
reference_id	GHSA-h47x-2j37-fw5m
reference_type
scores
url	https://github.com/advisories/GHSA-h47x-2j37-fw5m

fixed_packages

url pkg:maven/org.infinispan/infinispan-core@9.4.17.Final

purl pkg:maven/org.infinispan/infinispan-core@9.4.17.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-c182-hsx9-ybf6

vulnerability	VCID-xmqr-gm6z-uucn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.infinispan/infinispan-core@9.4.17.Final

aliases CVE-2019-10174, GHSA-h47x-2j37-fw5m

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-35hm-5w35-2fax

url VCID-c182-hsx9-ybf6

vulnerability_id VCID-c182-hsx9-ybf6

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10158

reference_id

reference_type

scores

value	0.00509
scoring_system	epss
scoring_elements	0.66652
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10158

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10158

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10158

reference_url

https://github.com/infinispan/infinispan

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/infinispan/infinispan

reference_url

https://github.com/infinispan/infinispan/commit/4b381c5910265972ccaabefbdbd16a2b929f6b72

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/infinispan/infinispan/commit/4b381c5910265972ccaabefbdbd16a2b929f6b72

reference_url

https://github.com/infinispan/infinispan/commits/9.4.15.Final

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/infinispan/infinispan/commits/9.4.15.Final

reference_url	https://github.com/infinispan/infinispan/commits/9.4.15.Final/
reference_id
reference_type
scores
url	https://github.com/infinispan/infinispan/commits/9.4.15.Final/

reference_url

https://github.com/infinispan/infinispan/pull/6960

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/infinispan/infinispan/pull/6960

reference_url

https://github.com/infinispan/infinispan/pull/7025

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/infinispan/infinispan/pull/7025

reference_url

https://github.com/infinispan/infinispan/pull/7043

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/infinispan/infinispan/pull/7043

reference_url

https://security.netapp.com/advisory/ntap-20231227-0009

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20231227-0009

reference_url	https://security.netapp.com/advisory/ntap-20231227-0009/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20231227-0009/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10158

reference_id

CVE-2019-10158

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10158

reference_url

https://github.com/advisories/GHSA-6x3v-rw2q-9gx7

reference_id

GHSA-6x3v-rw2q-9gx7

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6x3v-rw2q-9gx7

fixed_packages

url pkg:maven/org.infinispan/infinispan-core@9.4.15.Final

purl pkg:maven/org.infinispan/infinispan-core@9.4.15.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-35hm-5w35-2fax

vulnerability	VCID-c182-hsx9-ybf6

vulnerability	VCID-xmqr-gm6z-uucn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.infinispan/infinispan-core@9.4.15.Final

url	pkg:maven/org.infinispan/infinispan-core@10.0.0
purl	pkg:maven/org.infinispan/infinispan-core@10.0.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.infinispan/infinispan-core@10.0.0

url pkg:maven/org.infinispan/infinispan-core@10.0.0.Final

purl pkg:maven/org.infinispan/infinispan-core@10.0.0.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-xmqr-gm6z-uucn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.infinispan/infinispan-core@10.0.0.Final

aliases CVE-2019-10158, GHSA-6x3v-rw2q-9gx7

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c182-hsx9-ybf6

url VCID-xmqr-gm6z-uucn

vulnerability_id VCID-xmqr-gm6z-uucn

summary

Missing Authorization
A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-25711

reference_id

reference_type

scores

value	0.00183
scoring_system	epss
scoring_elements	0.3977
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-25711

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1897618

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1897618

reference_url

https://security.netapp.com/advisory/ntap-20220210-0023

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220210-0023

reference_url	https://security.netapp.com/advisory/ntap-20220210-0023/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220210-0023/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-25711

reference_id

CVE-2020-25711

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-25711

reference_url

https://github.com/advisories/GHSA-8674-26jc-wh98

reference_id

GHSA-8674-26jc-wh98

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8674-26jc-wh98

fixed_packages

url	pkg:maven/org.infinispan/infinispan-core@11.0.6.Final
purl	pkg:maven/org.infinispan/infinispan-core@11.0.6.Final
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.infinispan/infinispan-core@11.0.6.Final

aliases CVE-2020-25711, GHSA-8674-26jc-wh98

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xmqr-gm6z-uucn

Fixing_vulnerabilities

url VCID-ydpa-5yvz-u7ak

vulnerability_id VCID-ydpa-5yvz-u7ak

summary

Deserialization of Untrusted Data
Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possible further attacks. Versions 9.0.3.Final, 9.1.7.Final, 8.2.10.Final, 9.2.2.Final, 9.3.0.Alpha1 are believed to be affected.

references

reference_url

https://access.redhat.com/errata/RHSA-2018:1833

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:1833

reference_url

https://access.redhat.com/errata/RHSA-2019:3892

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:3892

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1131

reference_id

reference_type

scores

value	0.0053
scoring_system	epss
scoring_elements	0.67539
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1131

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1576492

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1576492

reference_url

https://github.com/infinispan/infinispan

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/infinispan/infinispan

reference_url

http://www.securityfocus.com/bid/104218

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/104218

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1131

reference_id

CVE-2018-1131

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1131

reference_url

https://github.com/advisories/GHSA-qqfc-m9hc-pqv3

reference_id

GHSA-qqfc-m9hc-pqv3

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qqfc-m9hc-pqv3

fixed_packages

url pkg:maven/org.infinispan/infinispan-core@8.2.11.Final

purl pkg:maven/org.infinispan/infinispan-core@8.2.11.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-35hm-5w35-2fax

vulnerability	VCID-8ykd-476e-w7fy

vulnerability	VCID-c182-hsx9-ybf6

vulnerability	VCID-xmqr-gm6z-uucn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.infinispan/infinispan-core@8.2.11.Final

url pkg:maven/org.infinispan/infinispan-core@9.1.0.Alpha1

purl pkg:maven/org.infinispan/infinispan-core@9.1.0.Alpha1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-35hm-5w35-2fax

vulnerability	VCID-8ykd-476e-w7fy

vulnerability	VCID-c182-hsx9-ybf6

vulnerability	VCID-xmqr-gm6z-uucn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.infinispan/infinispan-core@9.1.0.Alpha1

url pkg:maven/org.infinispan/infinispan-core@9.2.0.Alpha1

purl pkg:maven/org.infinispan/infinispan-core@9.2.0.Alpha1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-35hm-5w35-2fax

vulnerability	VCID-8ykd-476e-w7fy

vulnerability	VCID-c182-hsx9-ybf6

vulnerability	VCID-xmqr-gm6z-uucn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.infinispan/infinispan-core@9.2.0.Alpha1

url pkg:maven/org.infinispan/infinispan-core@9.2.3.Final

purl pkg:maven/org.infinispan/infinispan-core@9.2.3.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-35hm-5w35-2fax

vulnerability	VCID-c182-hsx9-ybf6

vulnerability	VCID-xmqr-gm6z-uucn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.infinispan/infinispan-core@9.2.3.Final

url pkg:maven/org.infinispan/infinispan-core@9.3.0.Beta1

purl pkg:maven/org.infinispan/infinispan-core@9.3.0.Beta1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-35hm-5w35-2fax

vulnerability	VCID-c182-hsx9-ybf6

vulnerability	VCID-xmqr-gm6z-uucn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.infinispan/infinispan-core@9.3.0.Beta1

url pkg:maven/org.infinispan/infinispan-core@9.3.1.Final

purl pkg:maven/org.infinispan/infinispan-core@9.3.1.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-35hm-5w35-2fax

vulnerability	VCID-c182-hsx9-ybf6

vulnerability	VCID-xmqr-gm6z-uucn

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.infinispan/infinispan-core@9.3.1.Final

aliases CVE-2018-1131, GHSA-qqfc-m9hc-pqv3

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ydpa-5yvz-u7ak

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.infinispan/infinispan-core@9.3.1.Final

Package Instance