Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.syncope.client.idrepo/syncope-client-idrepo-console@4.0.4

Type maven

Namespace org.apache.syncope.client.idrepo

Name syncope-client-idrepo-console

Version 4.0.4

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-xz1w-yztr-wbbj

vulnerability_id VCID-xz1w-yztr-wbbj

summary

Apache Syncope: Console XXE on Keymaster parameters
Improper Restriction of XML External Entity Reference vulnerability in Apache Syncope Console. An administrator with adequate entitlements to create or edit Keymaster parameters via Console can construct malicious XML text to launch an XXE attack, thereby causing sensitive data leakage occurs.

This issue affects Apache Syncope: from 3.0 through 3.0.15, from 4.0 through 4.0.3.

Users are recommended to upgrade to version 3.0.16 / 4.0.4, which fix this issue.

references

reference_url

https://github.com/apache/syncope

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/syncope

reference_url

https://lists.apache.org/thread/mzgbdn8hzk8vr94o660njcc7w62c2pos

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/mzgbdn8hzk8vr94o660njcc7w62c2pos

reference_url

http://www.openwall.com/lists/oss-security/2026/02/02/2

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2026/02/02/2

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-23795

reference_id

CVE-2026-23795

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-23795

reference_url	https://github.com/advisories/GHSA-73f3-rqqf-2j54
reference_id	GHSA-73f3-rqqf-2j54
reference_type
scores
url	https://github.com/advisories/GHSA-73f3-rqqf-2j54

fixed_packages

url	pkg:maven/org.apache.syncope.client.idrepo/syncope-client-idrepo-console@3.0.16
purl	pkg:maven/org.apache.syncope.client.idrepo/syncope-client-idrepo-console@3.0.16
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.syncope.client.idrepo/syncope-client-idrepo-console@3.0.16

url	pkg:maven/org.apache.syncope.client.idrepo/syncope-client-idrepo-console@4.0.4
purl	pkg:maven/org.apache.syncope.client.idrepo/syncope-client-idrepo-console@4.0.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.syncope.client.idrepo/syncope-client-idrepo-console@4.0.4

aliases CVE-2026-23795, GHSA-73f3-rqqf-2j54

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xz1w-yztr-wbbj

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.syncope.client.idrepo/syncope-client-idrepo-console@4.0.4

Package Instance