Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/it.geosolutions.jaiext.jiffle/jt-jiffle@1.1.22
Typemaven
Namespaceit.geosolutions.jaiext.jiffle
Namejt-jiffle
Version1.1.22
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.1.22
Latest_non_vulnerable_version1.1.22
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-vpth-3x1m-13cv
vulnerability_id VCID-vpth-3x1m-13cv
summary 
Improper Control of Generation of Code ('Code Injection') in jai-ext
Programs using jt-jiffle, and allowing Jiffle script to be provided via network request, are susceptible to a Remote Code Execution as the Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects the downstream GeoServer project.
references
0
reference_url https://github.com/geosolutions-it/jai-ext
reference_id
reference_type
scores
url https://github.com/geosolutions-it/jai-ext
1
reference_url https://github.com/geosolutions-it/jai-ext/commit/cb1d6565d38954676b0a366da4f965fef38da1cb
reference_id
reference_type
scores
url https://github.com/geosolutions-it/jai-ext/commit/cb1d6565d38954676b0a366da4f965fef38da1cb
2
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-24816
reference_id
reference_type
scores
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-24816
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24816
reference_id CVE-2022-24816
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-24816
4
reference_url https://github.com/advisories/GHSA-v92f-jx6p-73rx
reference_id GHSA-v92f-jx6p-73rx
reference_type
scores
url https://github.com/advisories/GHSA-v92f-jx6p-73rx
5
reference_url https://github.com/geosolutions-it/jai-ext/security/advisories/GHSA-v92f-jx6p-73rx
reference_id GHSA-v92f-jx6p-73rx
reference_type
scores
url https://github.com/geosolutions-it/jai-ext/security/advisories/GHSA-v92f-jx6p-73rx
fixed_packages
0
url pkg:maven/it.geosolutions.jaiext.jiffle/jt-jiffle@1.1.22
purl pkg:maven/it.geosolutions.jaiext.jiffle/jt-jiffle@1.1.22
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/it.geosolutions.jaiext.jiffle/jt-jiffle@1.1.22
aliases CVE-2022-24816, GHSA-v92f-jx6p-73rx
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vpth-3x1m-13cv
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/it.geosolutions.jaiext.jiffle/jt-jiffle@1.1.22