Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.xwiki.platform/xwiki-platform-rest-server@16.10.11

Type maven

Namespace org.xwiki.platform

Name xwiki-platform-rest-server

Version 16.10.11

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 14.4.8

Latest_non_vulnerable_version 17.7.0-rc-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-v5ur-bju7-2fc4

vulnerability_id VCID-v5ur-bju7-2fc4

summary

XWiki's REST APIs don't enforce any limits, leading to unavailability and OOM in large wikis
XWiki's REST API doesn't enforce any limits for the number of items that can be requested in a single request at the moment. Depending on the number of pages in the wiki and the memory configuration, this can lead to slowness and unavailability of the wiki. As an example, the `/rest/wikis/xwiki/spaces` resource returns all spaces on the wiki by default, which are basically all pages.

references

reference_url	https://github.com/xwiki/xwiki-platform
reference_id
reference_type
scores
url	https://github.com/xwiki/xwiki-platform

reference_url	https://github.com/xwiki/xwiki-platform/commit/e3c47745195fb445b054537be86f5c01ee69558b
reference_id
reference_type
scores
url	https://github.com/xwiki/xwiki-platform/commit/e3c47745195fb445b054537be86f5c01ee69558b

reference_url	https://jira.xwiki.org/browse/XWIKI-23355
reference_id
reference_type
scores
url	https://jira.xwiki.org/browse/XWIKI-23355

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2025-66473
reference_id	CVE-2025-66473
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2025-66473

reference_url	https://github.com/advisories/GHSA-cc84-q3v3-mhgf
reference_id	GHSA-cc84-q3v3-mhgf
reference_type
scores
url	https://github.com/advisories/GHSA-cc84-q3v3-mhgf

reference_url	https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cc84-q3v3-mhgf
reference_id	GHSA-cc84-q3v3-mhgf
reference_type
scores
url	https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cc84-q3v3-mhgf

fixed_packages

url	pkg:maven/org.xwiki.platform/xwiki-platform-rest-server@16.10.11
purl	pkg:maven/org.xwiki.platform/xwiki-platform-rest-server@16.10.11
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-rest-server@16.10.11

url	pkg:maven/org.xwiki.platform/xwiki-platform-rest-server@17.4.4
purl	pkg:maven/org.xwiki.platform/xwiki-platform-rest-server@17.4.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-rest-server@17.4.4

url	pkg:maven/org.xwiki.platform/xwiki-platform-rest-server@17.7.0-rc-1
purl	pkg:maven/org.xwiki.platform/xwiki-platform-rest-server@17.7.0-rc-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-rest-server@17.7.0-rc-1

aliases CVE-2025-66473, GHSA-cc84-q3v3-mhgf

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v5ur-bju7-2fc4

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-rest-server@16.10.11

Package Instance