Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/libpgjava@42.3.3-1?distro=trixie
Typedeb
Namespacedebian
Namelibpgjava
Version42.3.3-1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version42.4.1-1
Latest_non_vulnerable_version42.7.11-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-hpc5-vtmd-gub5
vulnerability_id VCID-hpc5-vtmd-gub5
summary 
Path traversal in org.postgresql:postgresql
** DISPUTED ** In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat web root. NOTE: the vendor's position is that there is no pgjdbc vulnerability; instead, it is a vulnerability for any application to use the pgjdbc driver with untrusted connection properties.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26520.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26520.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-26520
reference_id
reference_type
scores
0
value 0.01277
scoring_system epss
scoring_elements 0.7969
published_at 2026-05-11T12:55:00Z
1
value 0.01277
scoring_system epss
scoring_elements 0.79694
published_at 2026-05-09T12:55:00Z
2
value 0.01277
scoring_system epss
scoring_elements 0.79676
published_at 2026-05-07T12:55:00Z
3
value 0.01277
scoring_system epss
scoring_elements 0.79616
published_at 2026-04-24T12:55:00Z
4
value 0.01277
scoring_system epss
scoring_elements 0.79654
published_at 2026-05-05T12:55:00Z
5
value 0.01277
scoring_system epss
scoring_elements 0.79638
published_at 2026-04-29T12:55:00Z
6
value 0.01277
scoring_system epss
scoring_elements 0.79622
published_at 2026-04-26T12:55:00Z
7
value 0.01277
scoring_system epss
scoring_elements 0.79704
published_at 2026-05-12T12:55:00Z
8
value 0.01277
scoring_system epss
scoring_elements 0.79742
published_at 2026-05-14T12:55:00Z
9
value 0.0128
scoring_system epss
scoring_elements 0.79609
published_at 2026-04-21T12:55:00Z
10
value 0.0128
scoring_system epss
scoring_elements 0.79601
published_at 2026-04-11T12:55:00Z
11
value 0.0128
scoring_system epss
scoring_elements 0.79534
published_at 2026-04-02T12:55:00Z
12
value 0.0128
scoring_system epss
scoring_elements 0.79557
published_at 2026-04-04T12:55:00Z
13
value 0.0128
scoring_system epss
scoring_elements 0.79543
published_at 2026-04-07T12:55:00Z
14
value 0.0128
scoring_system epss
scoring_elements 0.79572
published_at 2026-04-08T12:55:00Z
15
value 0.0128
scoring_system epss
scoring_elements 0.79579
published_at 2026-04-09T12:55:00Z
16
value 0.0128
scoring_system epss
scoring_elements 0.79585
published_at 2026-04-12T12:55:00Z
17
value 0.0128
scoring_system epss
scoring_elements 0.79577
published_at 2026-04-13T12:55:00Z
18
value 0.0128
scoring_system epss
scoring_elements 0.79606
published_at 2026-04-16T12:55:00Z
19
value 0.0128
scoring_system epss
scoring_elements 0.79605
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-26520
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21724
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21724
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26520
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26520
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/pgjdbc/pgjdbc
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pgjdbc/pgjdbc
6
reference_url https://github.com/pgjdbc/pgjdbc/pull/2454/commits/017b929977b4f85795f9ad2fa5de6e80978b8ccc
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pgjdbc/pgjdbc/pull/2454/commits/017b929977b4f85795f9ad2fa5de6e80978b8ccc
7
reference_url https://jdbc.postgresql.org/documentation/changelog.html#version_42.3.3
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://jdbc.postgresql.org/documentation/changelog.html#version_42.3.3
8
reference_url https://jdbc.postgresql.org/documentation/head/tomcat.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://jdbc.postgresql.org/documentation/head/tomcat.html
9
reference_url https://www.debian.org/security/2022/dsa-5196
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5196
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2064007
reference_id 2064007
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2064007
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-26520
reference_id CVE-2022-26520
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-26520
12
reference_url https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-673j-qm5f-xpv8
reference_id GHSA-673j-qm5f-xpv8
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-673j-qm5f-xpv8
13
reference_url https://github.com/advisories/GHSA-727h-hrw8-jg8q
reference_id GHSA-727h-hrw8-jg8q
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-727h-hrw8-jg8q
14
reference_url https://access.redhat.com/errata/RHSA-2022:5532
reference_id RHSA-2022:5532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5532
15
reference_url https://access.redhat.com/errata/RHSA-2022:6835
reference_id RHSA-2022:6835
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6835
fixed_packages
0
url pkg:deb/debian/libpgjava@42.2.15-1%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/libpgjava@42.2.15-1%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hada-xkcc-8fch
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpgjava@42.2.15-1%252Bdeb11u1%3Fdistro=trixie
1
url pkg:deb/debian/libpgjava@42.3.3-1?distro=trixie
purl pkg:deb/debian/libpgjava@42.3.3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpgjava@42.3.3-1%3Fdistro=trixie
2
url pkg:deb/debian/libpgjava@42.5.5-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/libpgjava@42.5.5-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hada-xkcc-8fch
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpgjava@42.5.5-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/libpgjava@42.7.7-1?distro=trixie
purl pkg:deb/debian/libpgjava@42.7.7-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hada-xkcc-8fch
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpgjava@42.7.7-1%3Fdistro=trixie
4
url pkg:deb/debian/libpgjava@42.7.10-1?distro=trixie
purl pkg:deb/debian/libpgjava@42.7.10-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hada-xkcc-8fch
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpgjava@42.7.10-1%3Fdistro=trixie
5
url pkg:deb/debian/libpgjava@42.7.11-1?distro=trixie
purl pkg:deb/debian/libpgjava@42.7.11-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpgjava@42.7.11-1%3Fdistro=trixie
aliases CVE-2022-26520, GHSA-727h-hrw8-jg8q
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hpc5-vtmd-gub5
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/libpgjava@42.3.3-1%3Fdistro=trixie