Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/gg.jte/jte@1.6.0
Typemaven
Namespacegg.jte
Namejte
Version1.6.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.1.16
Latest_non_vulnerable_version3.1.16
Affected_by_vulnerabilities
0
url VCID-vjj4-3zg1-ckbv
vulnerability_id VCID-vjj4-3zg1-ckbv
summary jte (Java Template Engine) is a secure and lightweight template engine for Java and Kotlin. In affected versions Jte HTML templates with `script` tags or script attributes that include a Javascript template string (backticks) are subject to XSS. The `javaScriptBlock` and `javaScriptAttribute` methods in the `Escape` class do not escape backticks, which are used for Javascript template strings. Dollar signs in template strings should also be escaped as well to prevent undesired interpolation. HTML templates rendered by Jte's `OwaspHtmlTemplateOutput` in versions less than or equal to `3.1.15` with `script` tags or script attributes that contain Javascript template strings (backticks) are vulnerable. Users are advised to upgrade to version 3.1.16 or later to resolve this issue. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-23026
reference_id
reference_type
scores
0
value 0.00286
scoring_system epss
scoring_elements 0.52442
published_at 2026-06-11T12:55:00Z
1
value 0.00286
scoring_system epss
scoring_elements 0.52564
published_at 2026-06-14T12:55:00Z
2
value 0.00286
scoring_system epss
scoring_elements 0.5257
published_at 2026-06-12T12:55:00Z
3
value 0.00286
scoring_system epss
scoring_elements 0.52582
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-23026
1
reference_url https://github.com/casid/jte
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/casid/jte
2
reference_url https://github.com/casid/jte/commit/a6fb00d53c7b8dbb86de933215dbe1b9191a57f1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/casid/jte/commit/a6fb00d53c7b8dbb86de933215dbe1b9191a57f1
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-23026
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-23026
4
reference_url https://github.com/casid/jte/blob/main/jte-runtime/src/main/java/gg/jte/html/escape/Escape.java#L43-L83
reference_id Escape.java#L43-L83
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-13T20:08:50Z/
url https://github.com/casid/jte/blob/main/jte-runtime/src/main/java/gg/jte/html/escape/Escape.java#L43-L83
5
reference_url https://github.com/advisories/GHSA-vh22-6c6h-rm8q
reference_id GHSA-vh22-6c6h-rm8q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vh22-6c6h-rm8q
6
reference_url https://github.com/casid/jte/security/advisories/GHSA-vh22-6c6h-rm8q
reference_id GHSA-vh22-6c6h-rm8q
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-13T20:08:50Z/
url https://github.com/casid/jte/security/advisories/GHSA-vh22-6c6h-rm8q
7
reference_url https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Template_literals#description
reference_id Template_literals#description
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-13T20:08:50Z/
url https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Template_literals#description
fixed_packages
0
url pkg:maven/gg.jte/jte@3.1.16
purl pkg:maven/gg.jte/jte@3.1.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/gg.jte/jte@3.1.16
aliases CVE-2025-23026, GHSA-vh22-6c6h-rm8q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vjj4-3zg1-ckbv
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/gg.jte/jte@1.6.0