Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.jackrabbit/jackrabbit-core@2.0.5
Typemaven
Namespaceorg.apache.jackrabbit
Namejackrabbit-core
Version2.0.5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.0.6
Latest_non_vulnerable_version2.10.1
Affected_by_vulnerabilities
0
url VCID-gf7s-hs5a-sbbz
vulnerability_id VCID-gf7s-hs5a-sbbz
summary 
Improper Input Validation
XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request.
references
0
reference_url http://mail-archives.apache.org/mod_mbox/jackrabbit-announce/201505.mbox/%3C555DA644.8080908%40greenbytes.de%3E
reference_id
reference_type
scores
url http://mail-archives.apache.org/mod_mbox/jackrabbit-announce/201505.mbox/%3C555DA644.8080908%40greenbytes.de%3E
1
reference_url http://packetstormsecurity.com/files/132005/Jackrabbit-WebDAV-XXE-Injection.html
reference_id
reference_type
scores
url http://packetstormsecurity.com/files/132005/Jackrabbit-WebDAV-XXE-Injection.html
2
reference_url https://issues.apache.org/jira/browse/JCR-3883
reference_id
reference_type
scores
url https://issues.apache.org/jira/browse/JCR-3883
3
reference_url https://www.exploit-db.com/exploits/37110/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/37110/
4
reference_url http://www.apache.org/dist/jackrabbit/2.10.1/RELEASE-NOTES.txt
reference_id
reference_type
scores
url http://www.apache.org/dist/jackrabbit/2.10.1/RELEASE-NOTES.txt
5
reference_url http://www.debian.org/security/2015/dsa-3298
reference_id
reference_type
scores
url http://www.debian.org/security/2015/dsa-3298
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-1833
reference_id CVE-2015-1833
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2015-1833
7
reference_url https://github.com/advisories/GHSA-9284-j4c9-779q
reference_id GHSA-9284-j4c9-779q
reference_type
scores
url https://github.com/advisories/GHSA-9284-j4c9-779q
fixed_packages
0
url pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.0.6
purl pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.0.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.0.6
1
url pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.2.14
purl pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.2.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.2.14
2
url pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.4.6
purl pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.4.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.4.6
3
url pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.6.6
purl pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.6.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.6.6
4
url pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.8.1
purl pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.8.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.8.1
5
url pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.10.1
purl pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.10.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.10.1
aliases CVE-2015-1833, GHSA-9284-j4c9-779q
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gf7s-hs5a-sbbz
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/jackrabbit-core@2.0.5