Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-ba6b-dcwy-qya4

Summary

Improper Restriction of XML External Entity Reference
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.

Aliases

alias	CVE-2020-13692

alias	GHSA-88cc-g835-76rp

Fixed_packages

url	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=aarch64&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=aarch64&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0%3Farch=aarch64&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=armhf&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=armhf&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0%3Farch=armhf&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=armv7&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=armv7&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0%3Farch=armv7&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=ppc64le&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=ppc64le&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0%3Farch=ppc64le&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=s390x&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=s390x&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0%3Farch=s390x&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=x86&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=x86&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0%3Farch=x86&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=x86_64&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=x86_64&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0%3Farch=x86_64&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=aarch64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=aarch64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0%3Farch=aarch64&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=armhf&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=armhf&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0%3Farch=armhf&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=armv7&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=armv7&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0%3Farch=armv7&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=ppc64le&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=ppc64le&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0%3Farch=ppc64le&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=riscv64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=riscv64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0%3Farch=riscv64&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=s390x&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=s390x&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0%3Farch=s390x&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=x86&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=x86&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0%3Farch=x86&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=x86_64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=x86_64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0%3Farch=x86_64&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=aarch64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=aarch64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0%3Farch=aarch64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=armhf&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=armhf&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0%3Farch=armhf&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=armv7&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=armv7&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0%3Farch=armv7&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=loongarch64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=loongarch64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=ppc64le&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=ppc64le&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0%3Farch=ppc64le&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=riscv64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=riscv64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0%3Farch=riscv64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=s390x&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=s390x&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0%3Farch=s390x&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=x86&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=x86&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0%3Farch=x86&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=x86_64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0?arch=x86_64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/java-postgresql-jdbc@42.2.25-r0%3Farch=x86_64&distroversion=v3.22&reponame=community

url	pkg:deb/debian/libpgjava@42.2.12-2?distro=trixie
purl	pkg:deb/debian/libpgjava@42.2.12-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpgjava@42.2.12-2%3Fdistro=trixie

url pkg:deb/debian/libpgjava@42.2.15-1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/libpgjava@42.2.15-1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y6bd-xgvn-jub9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpgjava@42.2.15-1%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/libpgjava@42.5.5-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/libpgjava@42.5.5-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y6bd-xgvn-jub9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpgjava@42.5.5-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/libpgjava@42.7.7-1?distro=trixie

purl pkg:deb/debian/libpgjava@42.7.7-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y6bd-xgvn-jub9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpgjava@42.7.7-1%3Fdistro=trixie

url	pkg:deb/debian/libpgjava@42.7.11-1?distro=trixie
purl	pkg:deb/debian/libpgjava@42.7.11-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpgjava@42.7.11-1%3Fdistro=trixie

url	pkg:maven/org.postgresql/postgresql@42.2.13
purl	pkg:maven/org.postgresql/postgresql@42.2.13
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.postgresql/postgresql@42.2.13

Affected_packages

url pkg:maven/org.postgresql/postgresql@9.4.1212.jre6

purl pkg:maven/org.postgresql/postgresql@9.4.1212.jre6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ba6b-dcwy-qya4

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.postgresql/postgresql@9.4.1212.jre6

url pkg:rpm/redhat/postgresql-jdbc@8.4.704-4?arch=el6_10

purl pkg:rpm/redhat/postgresql-jdbc@8.4.704-4?arch=el6_10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ba6b-dcwy-qya4

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/postgresql-jdbc@8.4.704-4%3Farch=el6_10

url pkg:rpm/redhat/postgresql-jdbc@9.2.1002-8?arch=el7_8

purl pkg:rpm/redhat/postgresql-jdbc@9.2.1002-8?arch=el7_8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ba6b-dcwy-qya4

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/postgresql-jdbc@9.2.1002-8%3Farch=el7_8

url pkg:rpm/redhat/postgresql-jdbc@42.2.3-3?arch=el8_2

purl pkg:rpm/redhat/postgresql-jdbc@42.2.3-3?arch=el8_2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ba6b-dcwy-qya4

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/postgresql-jdbc@42.2.3-3%3Farch=el8_2

url pkg:rpm/redhat/postgresql-jdbc@42.2.3-3?arch=el8_0

purl pkg:rpm/redhat/postgresql-jdbc@42.2.3-3?arch=el8_0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ba6b-dcwy-qya4

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/postgresql-jdbc@42.2.3-3%3Farch=el8_0

url pkg:rpm/redhat/postgresql-jdbc@42.2.3-3?arch=el8_1

purl pkg:rpm/redhat/postgresql-jdbc@42.2.3-3?arch=el8_1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ba6b-dcwy-qya4

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/postgresql-jdbc@42.2.3-3%3Farch=el8_1

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13692.json

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13692.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13692

reference_id

reference_type

scores

value	0.07801
scoring_system	epss
scoring_elements	0.92119
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13692

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13692
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13692

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65

reference_url

https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13

reference_url

https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb@%3Ccommits.camel.apache.org%3E

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb@%3Ccommits.camel.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e@%3Ccommits.camel.apache.org%3E

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e@%3Ccommits.camel.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0@%3Ccommits.camel.apache.org%3E

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0@%3Ccommits.camel.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a@%3Ccommits.camel.apache.org%3E

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a@%3Ccommits.camel.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f@%3Cnotifications.netbeans.apache.org%3E

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f@%3Cnotifications.netbeans.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e@%3Ccommits.camel.apache.org%3E

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e@%3Ccommits.camel.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0@%3Ccommits.camel.apache.org%3E

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0@%3Ccommits.camel.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977@%3Cnotifications.netbeans.apache.org%3E

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977@%3Cnotifications.netbeans.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae@%3Ccommits.camel.apache.org%3E

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae@%3Ccommits.camel.apache.org%3E

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/

reference_url

https://security.netapp.com/advisory/ntap-20200619-0005

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200619-0005

reference_url	https://security.netapp.com/advisory/ntap-20200619-0005/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20200619-0005/

reference_url

https://www.debian.org/security/2022/dsa-5196

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2022/dsa-5196

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1852985
reference_id	1852985
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1852985

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962828
reference_id	962828
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962828

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-13692

reference_id

CVE-2020-13692

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-13692

reference_url

https://github.com/advisories/GHSA-88cc-g835-76rp

reference_id

GHSA-88cc-g835-76rp

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-88cc-g835-76rp

reference_url	https://access.redhat.com/errata/RHSA-2020:3005
reference_id	RHSA-2020:3005
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3005

reference_url	https://access.redhat.com/errata/RHSA-2020:3176
reference_id	RHSA-2020:3176
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3176

reference_url	https://access.redhat.com/errata/RHSA-2020:3209
reference_id	RHSA-2020:3209
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3209

reference_url	https://access.redhat.com/errata/RHSA-2020:3248
reference_id	RHSA-2020:3248
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3248

reference_url	https://access.redhat.com/errata/RHSA-2020:3283
reference_id	RHSA-2020:3283
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3283

reference_url	https://access.redhat.com/errata/RHSA-2020:3284
reference_id	RHSA-2020:3284
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3284

reference_url	https://access.redhat.com/errata/RHSA-2020:3285
reference_id	RHSA-2020:3285
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3285

reference_url	https://access.redhat.com/errata/RHSA-2020:3286
reference_id	RHSA-2020:3286
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3286

reference_url	https://access.redhat.com/errata/RHSA-2020:3675
reference_id	RHSA-2020:3675
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3675

reference_url	https://access.redhat.com/errata/RHSA-2020:3678
reference_id	RHSA-2020:3678
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3678

reference_url	https://access.redhat.com/errata/RHSA-2020:5568
reference_id	RHSA-2020:5568
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5568

reference_url	https://access.redhat.com/errata/RHSA-2021:0110
reference_id	RHSA-2021:0110
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0110

reference_url	https://usn.ubuntu.com/USN-5238-1/
reference_id	USN-USN-5238-1
reference_type
scores
url	https://usn.ubuntu.com/USN-5238-1/

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	611
name	Improper Restriction of XML External Entity Reference
description	The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 5.6 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ba6b-dcwy-qya4

Vulnerability Instance