Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.zookeeper/zookeeper@3.9.4
Typemaven
Namespaceorg.apache.zookeeper
Namezookeeper
Version3.9.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.9.5
Latest_non_vulnerable_version3.9.5
Affected_by_vulnerabilities
0
url VCID-6789-5wwx-qqch
vulnerability_id VCID-6789-5wwx-qqch
summary 
Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in ZooKeeper ZKTrustManager
Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS (PTR) when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to note that attacker must present a certificate which is trusted by ZKTrustManager which makes the attack vector harder to exploit. Users are recommended to upgrade to version 3.8.6 or 3.9.5, which fixes this issue by introducing a new configuration option to disable reverse DNS lookup in client and quorum protocols.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24281.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24281.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-24281
reference_id
reference_type
scores
0
value 0.00026
scoring_system epss
scoring_elements 0.07113
published_at 2026-04-04T12:55:00Z
1
value 0.00026
scoring_system epss
scoring_elements 0.07058
published_at 2026-04-02T12:55:00Z
2
value 0.00026
scoring_system epss
scoring_elements 0.07088
published_at 2026-04-07T12:55:00Z
3
value 0.00029
scoring_system epss
scoring_elements 0.08203
published_at 2026-04-09T12:55:00Z
4
value 0.00029
scoring_system epss
scoring_elements 0.08185
published_at 2026-04-08T12:55:00Z
5
value 0.00029
scoring_system epss
scoring_elements 0.08042
published_at 2026-04-18T12:55:00Z
6
value 0.00029
scoring_system epss
scoring_elements 0.08057
published_at 2026-04-16T12:55:00Z
7
value 0.00029
scoring_system epss
scoring_elements 0.08157
published_at 2026-04-13T12:55:00Z
8
value 0.00029
scoring_system epss
scoring_elements 0.08174
published_at 2026-04-12T12:55:00Z
9
value 0.00029
scoring_system epss
scoring_elements 0.08194
published_at 2026-04-11T12:55:00Z
10
value 0.00039
scoring_system epss
scoring_elements 0.11597
published_at 2026-04-24T12:55:00Z
11
value 0.00039
scoring_system epss
scoring_elements 0.11487
published_at 2026-04-29T12:55:00Z
12
value 0.00039
scoring_system epss
scoring_elements 0.11558
published_at 2026-04-26T12:55:00Z
13
value 0.00039
scoring_system epss
scoring_elements 0.11641
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-24281
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24281
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24281
3
reference_url https://github.com/apache/zookeeper
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/zookeeper
4
reference_url https://github.com/apache/zookeeper/commit/66c4efecdda1302d9cfb3af9eedb122b74452bf3
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/zookeeper/commit/66c4efecdda1302d9cfb3af9eedb122b74452bf3
5
reference_url https://issues.apache.org/jira/browse/ZOOKEEPER-4986
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/ZOOKEEPER-4986
6
reference_url https://lists.apache.org/thread/088ddsbrzhd5lxzbqf5n24yg0mwh9jt2
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T17:36:42Z/
url https://lists.apache.org/thread/088ddsbrzhd5lxzbqf5n24yg0mwh9jt2
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-24281
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-24281
8
reference_url http://www.openwall.com/lists/oss-security/2026/03/07/4
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/03/07/4
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130496
reference_id 1130496
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130496
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2445449
reference_id 2445449
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2445449
11
reference_url https://github.com/advisories/GHSA-7xrh-hqfc-g7qr
reference_id GHSA-7xrh-hqfc-g7qr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7xrh-hqfc-g7qr
12
reference_url https://access.redhat.com/errata/RHSA-2026:10184
reference_id RHSA-2026:10184
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10184
13
reference_url https://access.redhat.com/errata/RHSA-2026:8509
reference_id RHSA-2026:8509
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8509
fixed_packages
0
url pkg:maven/org.apache.zookeeper/zookeeper@3.9.5
purl pkg:maven/org.apache.zookeeper/zookeeper@3.9.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.9.5
aliases CVE-2026-24281, GHSA-7xrh-hqfc-g7qr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6789-5wwx-qqch
Fixing_vulnerabilities
0
url VCID-hbdm-1ts5-f7ad
vulnerability_id VCID-hbdm-1ts5-f7ad
summary 
Apache ZooKeeper: Insufficient Permission Check in AdminServer Snapshot/Restore Commands
Improper permission checks in the AdminServer allow an authenticated client with insufficient privileges to invoke the `snapshot` and `restore` commands. The intended requirement is authentication and authorization on the root path (`/`) with **ALL** permission for these operations; however, affected versions permit invocation without that level of authorization. The primary risk is disclosure of cluster state via snapshots to a lesser-privileged client.

*   **Affected:** `org.apache.zookeeper:zookeeper` 3.9.0 through 3.9.3.
*   **Fixed:** 3.9.4 (ZOOKEEPER-4964 “check permissions individually during admin server auth”).
*   **Mitigations:**
*   Disable both commands (`admin.snapshot.enabled`, `admin.restore.enabled`).
*   Disable AdminServer (`admin.enableServer`).
*   Ensure the root ACL is not open; note that ZooKeeper ACLs are not recursive.
*   Upgrade to 3.9.4.
references
0
reference_url http://github.com/apache/zookeeper/commit/71e173fcbcc9deb784081cf867bd045df3c32635
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/apache/zookeeper/commit/71e173fcbcc9deb784081cf867bd045df3c32635
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58457.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58457.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-58457
reference_id
reference_type
scores
0
value 0.00108
scoring_system epss
scoring_elements 0.28968
published_at 2026-04-21T12:55:00Z
1
value 0.00131
scoring_system epss
scoring_elements 0.3257
published_at 2026-04-13T12:55:00Z
2
value 0.00131
scoring_system epss
scoring_elements 0.32598
published_at 2026-04-12T12:55:00Z
3
value 0.00131
scoring_system epss
scoring_elements 0.32636
published_at 2026-04-11T12:55:00Z
4
value 0.00131
scoring_system epss
scoring_elements 0.32634
published_at 2026-04-09T12:55:00Z
5
value 0.00131
scoring_system epss
scoring_elements 0.32608
published_at 2026-04-16T12:55:00Z
6
value 0.00131
scoring_system epss
scoring_elements 0.32561
published_at 2026-04-07T12:55:00Z
7
value 0.00131
scoring_system epss
scoring_elements 0.3274
published_at 2026-04-04T12:55:00Z
8
value 0.00131
scoring_system epss
scoring_elements 0.32705
published_at 2026-04-02T12:55:00Z
9
value 0.00131
scoring_system epss
scoring_elements 0.32585
published_at 2026-04-18T12:55:00Z
10
value 0.00131
scoring_system epss
scoring_elements 0.32609
published_at 2026-04-08T12:55:00Z
11
value 0.00141
scoring_system epss
scoring_elements 0.33731
published_at 2026-04-29T12:55:00Z
12
value 0.00141
scoring_system epss
scoring_elements 0.3384
published_at 2026-04-24T12:55:00Z
13
value 0.00141
scoring_system epss
scoring_elements 0.33817
published_at 2026-04-26T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-58457
3
reference_url https://github.com/apache/zookeeper
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/zookeeper
4
reference_url https://lists.apache.org/thread/r5yol0kkhx2fzw22pxk1ozwm3oc6yxrx
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-24T13:47:31Z/
url https://lists.apache.org/thread/r5yol0kkhx2fzw22pxk1ozwm3oc6yxrx
5
reference_url https://zookeeper.apache.org/doc/current/zookeeperSnapshotAndRestore.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://zookeeper.apache.org/doc/current/zookeeperSnapshotAndRestore.html
6
reference_url https://zookeeper.apache.org/doc/r3.9.4/releasenotes.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://zookeeper.apache.org/doc/r3.9.4/releasenotes.html
7
reference_url https://zookeeper.apache.org/security.html#CVE-2025-58457
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://zookeeper.apache.org/security.html#CVE-2025-58457
8
reference_url http://www.openwall.com/lists/oss-security/2025/09/24/10
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/09/24/10
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116339
reference_id 1116339
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116339
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2397773
reference_id 2397773
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2397773
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-58457
reference_id CVE-2025-58457
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-58457
12
reference_url https://github.com/advisories/GHSA-2hmj-97jw-28jh
reference_id GHSA-2hmj-97jw-28jh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2hmj-97jw-28jh
fixed_packages
0
url pkg:maven/org.apache.zookeeper/zookeeper@3.9.4
purl pkg:maven/org.apache.zookeeper/zookeeper@3.9.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6789-5wwx-qqch
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.9.4
aliases CVE-2025-58457, GHSA-2hmj-97jw-28jh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hbdm-1ts5-f7ad
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.9.4