Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/io.quarkus/quarkus-smallrye-graphql-client@3.5.3
Typemaven
Namespaceio.quarkus
Namequarkus-smallrye-graphql-client
Version3.5.3
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-wzd6-3ma2-rfff
vulnerability_id VCID-wzd6-3ma2-rfff
summary 
Missing Authorization
A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and functionality outside of normal granted API permissions.
references
0
reference_url https://access.redhat.com/errata/RHSA-2023:7612
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7612
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2252197
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2252197
2
reference_url https://github.com/quarkusio/quarkus/pull/36961
reference_id
reference_type
scores
url https://github.com/quarkusio/quarkus/pull/36961
3
reference_url https://github.com/quarkusio/quarkus/releases/tag/2.13.9.Final
reference_id
reference_type
scores
url https://github.com/quarkusio/quarkus/releases/tag/2.13.9.Final
4
reference_url https://github.com/quarkusio/quarkus/releases/tag/3.5.3
reference_id
reference_type
scores
url https://github.com/quarkusio/quarkus/releases/tag/3.5.3
5
reference_url https://access.redhat.com/security/cve/CVE-2023-6394
reference_id CVE-2023-6394
reference_type
scores
url https://access.redhat.com/security/cve/CVE-2023-6394
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-6394
reference_id CVE-2023-6394
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-6394
7
reference_url https://github.com/advisories/GHSA-mvc8-6ffp-jrx5
reference_id GHSA-mvc8-6ffp-jrx5
reference_type
scores
url https://github.com/advisories/GHSA-mvc8-6ffp-jrx5
fixed_packages
0
url pkg:maven/io.quarkus/quarkus-smallrye-graphql-client@2.13.9.Final
purl pkg:maven/io.quarkus/quarkus-smallrye-graphql-client@2.13.9.Final
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-smallrye-graphql-client@2.13.9.Final
1
url pkg:maven/io.quarkus/quarkus-smallrye-graphql-client@3.5.3
purl pkg:maven/io.quarkus/quarkus-smallrye-graphql-client@3.5.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-smallrye-graphql-client@3.5.3
aliases CVE-2023-6394, GHSA-mvc8-6ffp-jrx5
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wzd6-3ma2-rfff
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-smallrye-graphql-client@3.5.3