Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-d5ku-8mny-tfed

Summary

Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The instance part in SASL auth ID is optional and if it's missing, like 'eve@EXAMPLE.COM', the authorization check will be skipped. As a result an arbitrary endpoint could join the cluster and begin propagating counterfeit changes to the leader, essentially giving it complete read-write access to the data tree. Quorum Peer authentication is not enabled by default.

Users are recommended to upgrade to version 3.9.1, 3.8.3, 3.7.2, which fixes the issue.

Alternately ensure the ensemble election/quorum communication is protected by a firewall as this will mitigate the issue.

See the documentation for more details on correct cluster administration.

Aliases

alias	CVE-2023-44981

alias	GHSA-7286-pgfv-vxvh

Fixed_packages

url pkg:deb/debian/zookeeper@3.4.13-6%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/zookeeper@3.4.13-6%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1t8x-dmby-ubep

vulnerability	VCID-6789-5wwx-qqch

vulnerability	VCID-w64v-sgpz-7fhj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zookeeper@3.4.13-6%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/zookeeper@3.4.13-6%2Bdeb11u1

purl pkg:deb/debian/zookeeper@3.4.13-6%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1t8x-dmby-ubep

vulnerability	VCID-6789-5wwx-qqch

vulnerability	VCID-w64v-sgpz-7fhj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zookeeper@3.4.13-6%252Bdeb11u1

url	pkg:deb/debian/zookeeper@3.8.0-11%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/zookeeper@3.8.0-11%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zookeeper@3.8.0-11%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/zookeeper@3.8.0-11%2Bdeb12u2?distro=trixie

purl pkg:deb/debian/zookeeper@3.8.0-11%2Bdeb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1t8x-dmby-ubep

vulnerability	VCID-6789-5wwx-qqch

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zookeeper@3.8.0-11%252Bdeb12u2%3Fdistro=trixie

url	pkg:deb/debian/zookeeper@3.9.1-1?distro=trixie
purl	pkg:deb/debian/zookeeper@3.9.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zookeeper@3.9.1-1%3Fdistro=trixie

url pkg:deb/debian/zookeeper@3.9.3-1%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/zookeeper@3.9.3-1%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1t8x-dmby-ubep

vulnerability	VCID-6789-5wwx-qqch

vulnerability	VCID-hbdm-1ts5-f7ad

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zookeeper@3.9.3-1%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/zookeeper@3.9.5-1?distro=trixie
purl	pkg:deb/debian/zookeeper@3.9.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zookeeper@3.9.5-1%3Fdistro=trixie

url pkg:maven/org.apache.zookeeper/zookeeper@3.7.2

purl pkg:maven/org.apache.zookeeper/zookeeper@3.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-w64v-sgpz-7fhj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.7.2

url pkg:maven/org.apache.zookeeper/zookeeper@3.8.3

purl pkg:maven/org.apache.zookeeper/zookeeper@3.8.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6789-5wwx-qqch

vulnerability	VCID-w64v-sgpz-7fhj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.8.3

url pkg:maven/org.apache.zookeeper/zookeeper@3.9.1

purl pkg:maven/org.apache.zookeeper/zookeeper@3.9.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6789-5wwx-qqch

vulnerability	VCID-ex8w-efvg-2qgv

vulnerability	VCID-hbdm-1ts5-f7ad

vulnerability	VCID-w64v-sgpz-7fhj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.9.1

Affected_packages

url pkg:deb/debian/zookeeper@3.3.5%2Bdfsg1-2

purl pkg:deb/debian/zookeeper@3.3.5%2Bdfsg1-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a3pn-rybm-6kdy

vulnerability	VCID-d5ku-8mny-tfed

vulnerability	VCID-e41j-4y91-7kd8

vulnerability	VCID-wme5-ec4u-jqd8

vulnerability	VCID-xfzk-mnyd-zqcf

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zookeeper@3.3.5%252Bdfsg1-2

url pkg:deb/debian/zookeeper@3.4.5%2Bdfsg-2

purl pkg:deb/debian/zookeeper@3.4.5%2Bdfsg-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a3pn-rybm-6kdy

vulnerability	VCID-d5ku-8mny-tfed

vulnerability	VCID-e41j-4y91-7kd8

vulnerability	VCID-wme5-ec4u-jqd8

vulnerability	VCID-xfzk-mnyd-zqcf

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zookeeper@3.4.5%252Bdfsg-2

url pkg:deb/debian/zookeeper@3.4.9-3%2Bdeb8u1

purl pkg:deb/debian/zookeeper@3.4.9-3%2Bdeb8u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a3pn-rybm-6kdy

vulnerability	VCID-d5ku-8mny-tfed

vulnerability	VCID-e41j-4y91-7kd8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zookeeper@3.4.9-3%252Bdeb8u1

url pkg:deb/debian/zookeeper@3.4.9-3%2Bdeb9u2

purl pkg:deb/debian/zookeeper@3.4.9-3%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a3pn-rybm-6kdy

vulnerability	VCID-d5ku-8mny-tfed

vulnerability	VCID-e41j-4y91-7kd8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zookeeper@3.4.9-3%252Bdeb9u2

url pkg:deb/debian/zookeeper@3.4.13-2

purl pkg:deb/debian/zookeeper@3.4.13-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d5ku-8mny-tfed

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zookeeper@3.4.13-2

url pkg:maven/org.apache.zookeeper/zookeeper@3.3.0

purl pkg:maven/org.apache.zookeeper/zookeeper@3.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a3pn-rybm-6kdy

vulnerability	VCID-d5ku-8mny-tfed

vulnerability	VCID-e41j-4y91-7kd8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.3.0

url pkg:maven/org.apache.zookeeper/zookeeper@3.3.1

purl pkg:maven/org.apache.zookeeper/zookeeper@3.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a3pn-rybm-6kdy

vulnerability	VCID-d5ku-8mny-tfed

vulnerability	VCID-e41j-4y91-7kd8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.3.1

url pkg:maven/org.apache.zookeeper/zookeeper@3.3.2

purl pkg:maven/org.apache.zookeeper/zookeeper@3.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a3pn-rybm-6kdy

vulnerability	VCID-d5ku-8mny-tfed

vulnerability	VCID-e41j-4y91-7kd8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.3.2

url pkg:maven/org.apache.zookeeper/zookeeper@3.3.3

purl pkg:maven/org.apache.zookeeper/zookeeper@3.3.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a3pn-rybm-6kdy

vulnerability	VCID-d5ku-8mny-tfed

vulnerability	VCID-e41j-4y91-7kd8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.3.3

url pkg:maven/org.apache.zookeeper/zookeeper@3.3.4

purl pkg:maven/org.apache.zookeeper/zookeeper@3.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a3pn-rybm-6kdy

vulnerability	VCID-d5ku-8mny-tfed

vulnerability	VCID-e41j-4y91-7kd8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.3.4

url pkg:maven/org.apache.zookeeper/zookeeper@3.3.5

purl pkg:maven/org.apache.zookeeper/zookeeper@3.3.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a3pn-rybm-6kdy

vulnerability	VCID-d5ku-8mny-tfed

vulnerability	VCID-e41j-4y91-7kd8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.3.5

url pkg:maven/org.apache.zookeeper/zookeeper@3.3.6

purl pkg:maven/org.apache.zookeeper/zookeeper@3.3.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a3pn-rybm-6kdy

vulnerability	VCID-d5ku-8mny-tfed

vulnerability	VCID-e41j-4y91-7kd8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.3.6

url pkg:maven/org.apache.zookeeper/zookeeper@3.4.0

purl pkg:maven/org.apache.zookeeper/zookeeper@3.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a3pn-rybm-6kdy

vulnerability	VCID-d5ku-8mny-tfed

vulnerability	VCID-e41j-4y91-7kd8

vulnerability	VCID-wme5-ec4u-jqd8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.4.0

url pkg:maven/org.apache.zookeeper/zookeeper@3.4.1

purl pkg:maven/org.apache.zookeeper/zookeeper@3.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a3pn-rybm-6kdy

vulnerability	VCID-d5ku-8mny-tfed

vulnerability	VCID-e41j-4y91-7kd8

vulnerability	VCID-wme5-ec4u-jqd8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.4.1

url pkg:maven/org.apache.zookeeper/zookeeper@3.4.2

purl pkg:maven/org.apache.zookeeper/zookeeper@3.4.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a3pn-rybm-6kdy

vulnerability	VCID-d5ku-8mny-tfed

vulnerability	VCID-e41j-4y91-7kd8

vulnerability	VCID-wme5-ec4u-jqd8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.4.2

url pkg:maven/org.apache.zookeeper/zookeeper@3.4.3

purl pkg:maven/org.apache.zookeeper/zookeeper@3.4.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a3pn-rybm-6kdy

vulnerability	VCID-d5ku-8mny-tfed

vulnerability	VCID-e41j-4y91-7kd8

vulnerability	VCID-wme5-ec4u-jqd8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.4.3

url pkg:maven/org.apache.zookeeper/zookeeper@3.4.4

purl pkg:maven/org.apache.zookeeper/zookeeper@3.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a3pn-rybm-6kdy

vulnerability	VCID-d5ku-8mny-tfed

vulnerability	VCID-e41j-4y91-7kd8

vulnerability	VCID-wme5-ec4u-jqd8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.4.4

url pkg:maven/org.apache.zookeeper/zookeeper@3.4.5

purl pkg:maven/org.apache.zookeeper/zookeeper@3.4.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a3pn-rybm-6kdy

vulnerability	VCID-d5ku-8mny-tfed

vulnerability	VCID-e41j-4y91-7kd8

vulnerability	VCID-wme5-ec4u-jqd8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.4.5

url pkg:maven/org.apache.zookeeper/zookeeper@3.4.6

purl pkg:maven/org.apache.zookeeper/zookeeper@3.4.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a3pn-rybm-6kdy

vulnerability	VCID-d5ku-8mny-tfed

vulnerability	VCID-e41j-4y91-7kd8

vulnerability	VCID-wme5-ec4u-jqd8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.4.6

url pkg:maven/org.apache.zookeeper/zookeeper@3.4.7

purl pkg:maven/org.apache.zookeeper/zookeeper@3.4.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a3pn-rybm-6kdy

vulnerability	VCID-d5ku-8mny-tfed

vulnerability	VCID-e41j-4y91-7kd8

vulnerability	VCID-wme5-ec4u-jqd8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.4.7

url pkg:maven/org.apache.zookeeper/zookeeper@3.4.8

purl pkg:maven/org.apache.zookeeper/zookeeper@3.4.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a3pn-rybm-6kdy

vulnerability	VCID-d5ku-8mny-tfed

vulnerability	VCID-e41j-4y91-7kd8

vulnerability	VCID-wme5-ec4u-jqd8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.4.8

url pkg:maven/org.apache.zookeeper/zookeeper@3.4.9

purl pkg:maven/org.apache.zookeeper/zookeeper@3.4.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a3pn-rybm-6kdy

vulnerability	VCID-d5ku-8mny-tfed

vulnerability	VCID-e41j-4y91-7kd8

vulnerability	VCID-wme5-ec4u-jqd8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.4.9

url pkg:maven/org.apache.zookeeper/zookeeper@3.4.10

purl pkg:maven/org.apache.zookeeper/zookeeper@3.4.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d5ku-8mny-tfed

vulnerability	VCID-e41j-4y91-7kd8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.4.10

url pkg:maven/org.apache.zookeeper/zookeeper@3.4.11

purl pkg:maven/org.apache.zookeeper/zookeeper@3.4.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d5ku-8mny-tfed

vulnerability	VCID-e41j-4y91-7kd8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.4.11

url pkg:maven/org.apache.zookeeper/zookeeper@3.4.12

purl pkg:maven/org.apache.zookeeper/zookeeper@3.4.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d5ku-8mny-tfed

vulnerability	VCID-e41j-4y91-7kd8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.4.12

url pkg:maven/org.apache.zookeeper/zookeeper@3.4.13

purl pkg:maven/org.apache.zookeeper/zookeeper@3.4.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d5ku-8mny-tfed

vulnerability	VCID-e41j-4y91-7kd8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.4.13

url pkg:maven/org.apache.zookeeper/zookeeper@3.4.14

purl pkg:maven/org.apache.zookeeper/zookeeper@3.4.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d5ku-8mny-tfed

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.4.14

url pkg:maven/org.apache.zookeeper/zookeeper@3.5.0-alpha

purl pkg:maven/org.apache.zookeeper/zookeeper@3.5.0-alpha

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a3pn-rybm-6kdy

vulnerability	VCID-d5ku-8mny-tfed

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.5.0-alpha

url pkg:maven/org.apache.zookeeper/zookeeper@3.5.1-alpha

purl pkg:maven/org.apache.zookeeper/zookeeper@3.5.1-alpha

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a3pn-rybm-6kdy

vulnerability	VCID-d5ku-8mny-tfed

vulnerability	VCID-e41j-4y91-7kd8

vulnerability	VCID-wme5-ec4u-jqd8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.5.1-alpha

url pkg:maven/org.apache.zookeeper/zookeeper@3.5.2-alpha

purl pkg:maven/org.apache.zookeeper/zookeeper@3.5.2-alpha

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a3pn-rybm-6kdy

vulnerability	VCID-d5ku-8mny-tfed

vulnerability	VCID-e41j-4y91-7kd8

vulnerability	VCID-wme5-ec4u-jqd8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.5.2-alpha

url pkg:maven/org.apache.zookeeper/zookeeper@3.5.3-beta

purl pkg:maven/org.apache.zookeeper/zookeeper@3.5.3-beta

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a3pn-rybm-6kdy

vulnerability	VCID-d5ku-8mny-tfed

vulnerability	VCID-e41j-4y91-7kd8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.5.3-beta

url pkg:maven/org.apache.zookeeper/zookeeper@3.5.4-beta

purl pkg:maven/org.apache.zookeeper/zookeeper@3.5.4-beta

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d5ku-8mny-tfed

vulnerability	VCID-e41j-4y91-7kd8

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.5.4-beta

url pkg:maven/org.apache.zookeeper/zookeeper@3.5.5

purl pkg:maven/org.apache.zookeeper/zookeeper@3.5.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d5ku-8mny-tfed

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.5.5

url pkg:maven/org.apache.zookeeper/zookeeper@3.5.6

purl pkg:maven/org.apache.zookeeper/zookeeper@3.5.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d5ku-8mny-tfed

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.5.6

url pkg:maven/org.apache.zookeeper/zookeeper@3.5.7

purl pkg:maven/org.apache.zookeeper/zookeeper@3.5.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d5ku-8mny-tfed

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.5.7

url pkg:maven/org.apache.zookeeper/zookeeper@3.5.8

purl pkg:maven/org.apache.zookeeper/zookeeper@3.5.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d5ku-8mny-tfed

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.5.8

url pkg:maven/org.apache.zookeeper/zookeeper@3.5.9

purl pkg:maven/org.apache.zookeeper/zookeeper@3.5.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d5ku-8mny-tfed

vulnerability	VCID-g3ff-brt6-vkeh

vulnerability	VCID-ug8h-p8kf-t7e1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.5.9

url pkg:maven/org.apache.zookeeper/zookeeper@3.5.10

purl pkg:maven/org.apache.zookeeper/zookeeper@3.5.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d5ku-8mny-tfed

vulnerability	VCID-hzxz-sqmu-s7e1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.5.10

url pkg:maven/org.apache.zookeeper/zookeeper@3.6.0

purl pkg:maven/org.apache.zookeeper/zookeeper@3.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d5ku-8mny-tfed

vulnerability	VCID-w64v-sgpz-7fhj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.6.0

url pkg:maven/org.apache.zookeeper/zookeeper@3.6.1

purl pkg:maven/org.apache.zookeeper/zookeeper@3.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d5ku-8mny-tfed

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.6.1

url pkg:maven/org.apache.zookeeper/zookeeper@3.6.2

purl pkg:maven/org.apache.zookeeper/zookeeper@3.6.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d5ku-8mny-tfed

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.6.2

url pkg:maven/org.apache.zookeeper/zookeeper@3.6.3

purl pkg:maven/org.apache.zookeeper/zookeeper@3.6.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d5ku-8mny-tfed

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.6.3

url pkg:maven/org.apache.zookeeper/zookeeper@3.6.4

purl pkg:maven/org.apache.zookeeper/zookeeper@3.6.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d5ku-8mny-tfed

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.6.4

url pkg:maven/org.apache.zookeeper/zookeeper@3.7.0

purl pkg:maven/org.apache.zookeeper/zookeeper@3.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d5ku-8mny-tfed

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.7.0

url pkg:maven/org.apache.zookeeper/zookeeper@3.7.1

purl pkg:maven/org.apache.zookeeper/zookeeper@3.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d5ku-8mny-tfed

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.7.1

url pkg:maven/org.apache.zookeeper/zookeeper@3.8.0

purl pkg:maven/org.apache.zookeeper/zookeeper@3.8.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1t8x-dmby-ubep

vulnerability	VCID-6789-5wwx-qqch

vulnerability	VCID-d5ku-8mny-tfed

vulnerability	VCID-w64v-sgpz-7fhj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.8.0

url pkg:maven/org.apache.zookeeper/zookeeper@3.8.1

purl pkg:maven/org.apache.zookeeper/zookeeper@3.8.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6789-5wwx-qqch

vulnerability	VCID-d5ku-8mny-tfed

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.8.1

url pkg:maven/org.apache.zookeeper/zookeeper@3.8.2

purl pkg:maven/org.apache.zookeeper/zookeeper@3.8.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6789-5wwx-qqch

vulnerability	VCID-d5ku-8mny-tfed

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.8.2

url pkg:maven/org.apache.zookeeper/zookeeper@3.9.0

purl pkg:maven/org.apache.zookeeper/zookeeper@3.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1t8x-dmby-ubep

vulnerability	VCID-6789-5wwx-qqch

vulnerability	VCID-d5ku-8mny-tfed

vulnerability	VCID-ex8w-efvg-2qgv

vulnerability	VCID-hbdm-1ts5-f7ad

vulnerability	VCID-w64v-sgpz-7fhj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.zookeeper/zookeeper@3.9.0

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44981.json

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44981.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-44981

reference_id

reference_type

scores

value	0.00025
scoring_system	epss
scoring_elements	0.07087
published_at	2026-05-15T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.07081
published_at	2026-05-14T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.07062
published_at	2026-05-12T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.07048
published_at	2026-05-11T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.07065
published_at	2026-05-09T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06987
published_at	2026-05-07T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06834
published_at	2026-05-05T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06797
published_at	2026-04-29T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06821
published_at	2026-04-26T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06802
published_at	2026-04-24T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06795
published_at	2026-04-21T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06639
published_at	2026-04-18T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06647
published_at	2026-04-16T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06712
published_at	2026-04-13T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.0672
published_at	2026-04-12T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06727
published_at	2026-04-09T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06726
published_at	2026-04-11T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07392
published_at	2026-04-02T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07437
published_at	2026-04-04T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07418
published_at	2026-04-07T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07474
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-44981

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44981
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44981

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/zookeeper

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/zookeeper

reference_url

https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:01Z/

url

https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b

reference_url

https://lists.debian.org/debian-lts-announce/2023/10/msg00029.html

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:01Z/

url

https://lists.debian.org/debian-lts-announce/2023/10/msg00029.html

reference_url

https://security.netapp.com/advisory/ntap-20240621-0007

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240621-0007

reference_url

https://www.debian.org/security/2023/dsa-5544

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:01Z/

url

https://www.debian.org/security/2023/dsa-5544

reference_url

http://www.openwall.com/lists/oss-security/2023/10/11/4

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:01Z/

url

http://www.openwall.com/lists/oss-security/2023/10/11/4

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054224
reference_id	1054224
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054224

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2243436
reference_id	2243436
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2243436

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-44981

reference_id

CVE-2023-44981

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-44981

reference_url

https://github.com/advisories/GHSA-7286-pgfv-vxvh

reference_id

GHSA-7286-pgfv-vxvh

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7286-pgfv-vxvh

reference_url

https://security.netapp.com/advisory/ntap-20240621-0007/

reference_id

ntap-20240621-0007

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:01Z/

url

https://security.netapp.com/advisory/ntap-20240621-0007/

reference_url	https://access.redhat.com/errata/RHSA-2023:7678
reference_id	RHSA-2023:7678
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7678

reference_url	https://access.redhat.com/errata/RHSA-2024:0705
reference_id	RHSA-2024:0705
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0705

reference_url	https://access.redhat.com/errata/RHSA-2024:0903
reference_id	RHSA-2024:0903
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0903

reference_url	https://usn.ubuntu.com/6559-1/
reference_id	USN-6559-1
reference_type
scores
url	https://usn.ubuntu.com/6559-1/

Weaknesses

cwe_id	639
name	Authorization Bypass Through User-Controlled Key
description	The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 6.5 - 10.0

Exploitability 0.5

Weighted_severity 9.0

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d5ku-8mny-tfed

Vulnerability Instance