{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54385?format=json","vulnerability_id":"VCID-q2mj-rg38-rbes","summary":"Incorrect Permission Assignment for Critical Resource\nEclipse Jersey to and Eclipse Jersey to contains a local information disclosure vulnerability.","aliases":[{"alias":"CVE-2021-28168"},{"alias":"GHSA-c43q-5hpj-4crv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/80393?format=json","purl":"pkg:maven/org.glassfish.jersey.core/jersey-common@2.34","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.glassfish.jersey.core/jersey-common@2.34"},{"url":"http://public2.vulnerablecode.io/api/packages/80394?format=json","purl":"pkg:maven/org.glassfish.jersey.core/jersey-common@3.0.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.glassfish.jersey.core/jersey-common@3.0.2"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/80391?format=json","purl":"pkg:maven/org.glassfish.jersey.core/jersey-common@2.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q2mj-rg38-rbes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.glassfish.jersey.core/jersey-common@2.28"},{"url":"http://public2.vulnerablecode.io/api/packages/302440?format=json","purl":"pkg:maven/org.glassfish.jersey.core/jersey-common@2.29","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q2mj-rg38-rbes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.glassfish.jersey.core/jersey-common@2.29"},{"url":"http://public2.vulnerablecode.io/api/packages/302441?format=json","purl":"pkg:maven/org.glassfish.jersey.core/jersey-common@2.29.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q2mj-rg38-rbes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.glassfish.jersey.core/jersey-common@2.29.1"},{"url":"http://public2.vulnerablecode.io/api/packages/302442?format=json","purl":"pkg:maven/org.glassfish.jersey.core/jersey-common@2.30","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q2mj-rg38-rbes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.glassfish.jersey.core/jersey-common@2.30"},{"url":"http://public2.vulnerablecode.io/api/packages/302443?format=json","purl":"pkg:maven/org.glassfish.jersey.core/jersey-common@2.30.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q2mj-rg38-rbes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.glassfish.jersey.core/jersey-common@2.30.1"},{"url":"http://public2.vulnerablecode.io/api/packages/302444?format=json","purl":"pkg:maven/org.glassfish.jersey.core/jersey-common@2.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q2mj-rg38-rbes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.glassfish.jersey.core/jersey-common@2.31"},{"url":"http://public2.vulnerablecode.io/api/packages/302445?format=json","purl":"pkg:maven/org.glassfish.jersey.core/jersey-common@2.32","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q2mj-rg38-rbes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.glassfish.jersey.core/jersey-common@2.32"},{"url":"http://public2.vulnerablecode.io/api/packages/302446?format=json","purl":"pkg:maven/org.glassfish.jersey.core/jersey-common@2.33","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q2mj-rg38-rbes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.glassfish.jersey.core/jersey-common@2.33"},{"url":"http://public2.vulnerablecode.io/api/packages/80392?format=json","purl":"pkg:maven/org.glassfish.jersey.core/jersey-common@3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q2mj-rg38-rbes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.glassfish.jersey.core/jersey-common@3.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/302447?format=json","purl":"pkg:maven/org.glassfish.jersey.core/jersey-common@3.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q2mj-rg38-rbes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.glassfish.jersey.core/jersey-common@3.0.1"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28168.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28168.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28168","reference_id":"","reference_type":"","scores":[{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40816","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40804","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40835","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40866","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40784","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40861","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28168"},{"reference_url":"https://github.com/eclipse-ee4j/jersey/pull/4712","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/eclipse-ee4j/jersey/pull/4712"},{"reference_url":"https://github.com/eclipse-ee4j/jersey/security/advisories/GHSA-c43q-5hpj-4crv","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/eclipse-ee4j/jersey/security/advisories/GHSA-c43q-5hpj-4crv"},{"reference_url":"https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r280438f7cb4b3b1c9dfda9d7b05fa2a5cfab68618c6afee8169ecdaa@%3Ccommits.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r280438f7cb4b3b1c9dfda9d7b05fa2a5cfab68618c6afee8169ecdaa@%3Ccommits.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r305fb82e5c005143c1e2ec986a19c0a44f42189ab2580344dc955359@%3Cdev.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r305fb82e5c005143c1e2ec986a19c0a44f42189ab2580344dc955359@%3Cdev.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r4066176a7352e021d7a81af460044bde8d57f40e98f8e4a31923af3a@%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r4066176a7352e021d7a81af460044bde8d57f40e98f8e4a31923af3a@%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r42fef440487a04cf5e487a9707ef5119d2dd5b809919f25ef4296fc4@%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r42fef440487a04cf5e487a9707ef5119d2dd5b809919f25ef4296fc4@%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r454f38e85db149869c5a92c993c402260a4f8599bf283f6cfaada972@%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r454f38e85db149869c5a92c993c402260a4f8599bf283f6cfaada972@%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6dadc8fe82071aba841d673ffadf34728bff4357796b1990a66e3af1@%3Ccommits.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6dadc8fe82071aba841d673ffadf34728bff4357796b1990a66e3af1@%3Ccommits.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r96658b899fcdbf04947257d201dc5a0abdbb5fb0a8f4ec0a6c15e70f@%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r96658b899fcdbf04947257d201dc5a0abdbb5fb0a8f4ec0a6c15e70f@%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra2722171d569370a9e15147d9f3f6138ad9a188ee879c0156aa2d73a@%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ra2722171d569370a9e15147d9f3f6138ad9a188ee879c0156aa2d73a@%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra3290fe51b4546fac195724c4187c4cb7fc5809bc596c2f7e97606f4@%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ra3290fe51b4546fac195724c4187c4cb7fc5809bc596c2f7e97606f4@%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra3d7cd37fc794981a885332af2f8df0d873753380ea19935d6d847fc@%3Cdev.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ra3d7cd37fc794981a885332af2f8df0d873753380ea19935d6d847fc@%3Cdev.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rafc3c4cee534f478cbf8acf91e48373e291a21151f030e8132662a7b@%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rafc3c4cee534f478cbf8acf91e48373e291a21151f030e8132662a7b@%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc288874c330b3af9e29a1a114c5e0d24fff7a79eaa341f551535c8c0@%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc288874c330b3af9e29a1a114c5e0d24fff7a79eaa341f551535c8c0@%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc6221670de35b819fe191e7d8f2d17bc000549bd554020cec644b71e@%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc6221670de35b819fe191e7d8f2d17bc000549bd554020cec644b71e@%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd54b42edccc1b993853a9c4943a9b16db763f5e2febf6e64b7d0fe3c@%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd54b42edccc1b993853a9c4943a9b16db763f5e2febf6e64b7d0fe3c@%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdff6939e6c8dd620e20b013d9a35f57d42b3cd19e1d0483d85dfa2fd@%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rdff6939e6c8dd620e20b013d9a35f57d42b3cd19e1d0483d85dfa2fd@%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1953024","reference_id":"1953024","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1953024"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28168","reference_id":"CVE-2021-28168","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28168"},{"reference_url":"https://github.com/advisories/GHSA-c43q-5hpj-4crv","reference_id":"GHSA-c43q-5hpj-4crv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c43q-5hpj-4crv"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3225","reference_id":"RHSA-2021:3225","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3225"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1013","reference_id":"RHSA-2022:1013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1029","reference_id":"RHSA-2022:1029","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1029"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":668,"name":"Exposure of Resource to Wrong Sphere","description":"The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":200,"name":"Exposure of Sensitive Information to an Unauthorized Actor","description":"The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information."},{"cwe_id":378,"name":"Creation of Temporary File With Insecure Permissions","description":"Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack."},{"cwe_id":379,"name":"Creation of Temporary File in Directory with Insecure Permissions","description":"The product creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file."},{"cwe_id":732,"name":"Incorrect Permission Assignment for Critical Resource","description":"The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors."}],"exploits":[],"severity_range_score":"4.0 - 6.9","exploitability":"0.5","weighted_severity":"6.2","risk_score":3.1,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q2mj-rg38-rbes"}