Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/eap7-glassfish-jsf@2.3.5-11.SP3_redhat_00009.1?arch=el7eap
Typerpm
Namespaceredhat
Nameeap7-glassfish-jsf
Version2.3.5-11.SP3_redhat_00009.1
Qualifiers
arch el7eap
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-ud7m-cc54-3qbv
vulnerability_id VCID-ud7m-cc54-3qbv
summary The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14371.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14371.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14371
reference_id
reference_type
scores
0
value 0.02476
scoring_system epss
scoring_elements 0.85302
published_at 2026-04-18T12:55:00Z
1
value 0.02476
scoring_system epss
scoring_elements 0.85221
published_at 2026-04-02T12:55:00Z
2
value 0.02476
scoring_system epss
scoring_elements 0.85239
published_at 2026-04-04T12:55:00Z
3
value 0.02476
scoring_system epss
scoring_elements 0.85241
published_at 2026-04-07T12:55:00Z
4
value 0.02476
scoring_system epss
scoring_elements 0.85263
published_at 2026-04-08T12:55:00Z
5
value 0.02476
scoring_system epss
scoring_elements 0.85271
published_at 2026-04-09T12:55:00Z
6
value 0.02476
scoring_system epss
scoring_elements 0.85286
published_at 2026-04-11T12:55:00Z
7
value 0.02476
scoring_system epss
scoring_elements 0.85284
published_at 2026-04-12T12:55:00Z
8
value 0.02476
scoring_system epss
scoring_elements 0.85281
published_at 2026-04-13T12:55:00Z
9
value 0.02476
scoring_system epss
scoring_elements 0.85301
published_at 2026-04-16T12:55:00Z
10
value 0.02476
scoring_system epss
scoring_elements 0.8521
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14371
2
reference_url https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24
3
reference_url https://github.com/eclipse-ee4j/mojarra/pull/4384
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse-ee4j/mojarra/pull/4384
4
reference_url https://github.com/javaserverfaces/mojarra/issues/4364
reference_id
reference_type
scores
url https://github.com/javaserverfaces/mojarra/issues/4364
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1607709
reference_id 1607709
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1607709
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:mojarra:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:eclipse:mojarra:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:mojarra:*:*:*:*:*:*:*:*
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14371
reference_id CVE-2018-14371
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-14371
8
reference_url https://github.com/advisories/GHSA-43q7-q5vp-3g68
reference_id GHSA-43q7-q5vp-3g68
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-43q7-q5vp-3g68
9
reference_url https://access.redhat.com/errata/RHSA-2020:2062
reference_id RHSA-2020:2062
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2062
10
reference_url https://access.redhat.com/errata/RHSA-2020:2063
reference_id RHSA-2020:2063
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2063
11
reference_url https://access.redhat.com/errata/RHSA-2020:2113
reference_id RHSA-2020:2113
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2113
12
reference_url https://access.redhat.com/errata/RHSA-2020:2511
reference_id RHSA-2020:2511
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2511
13
reference_url https://access.redhat.com/errata/RHSA-2020:2512
reference_id RHSA-2020:2512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2512
14
reference_url https://access.redhat.com/errata/RHSA-2020:2513
reference_id RHSA-2020:2513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2513
15
reference_url https://access.redhat.com/errata/RHSA-2020:2515
reference_id RHSA-2020:2515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2515
16
reference_url https://access.redhat.com/errata/RHSA-2020:3585
reference_id RHSA-2020:3585
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3585
fixed_packages
aliases CVE-2018-14371, GHSA-43q7-q5vp-3g68
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ud7m-cc54-3qbv
1
url VCID-x6xg-map7-abcg
vulnerability_id VCID-x6xg-map7-abcg
summary 
Use of Externally-Controlled Input to Select Classes or Code in Infinispan
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the application.
references
0
reference_url https://access.redhat.com/errata/RHSA-2020:0481
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0481
1
reference_url https://access.redhat.com/errata/RHSA-2020:0727
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0727
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10174.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10174.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10174
reference_id
reference_type
scores
0
value 0.00882
scoring_system epss
scoring_elements 0.75443
published_at 2026-04-18T12:55:00Z
1
value 0.00882
scoring_system epss
scoring_elements 0.75341
published_at 2026-04-01T12:55:00Z
2
value 0.00882
scoring_system epss
scoring_elements 0.75344
published_at 2026-04-02T12:55:00Z
3
value 0.00882
scoring_system epss
scoring_elements 0.75377
published_at 2026-04-04T12:55:00Z
4
value 0.00882
scoring_system epss
scoring_elements 0.75356
published_at 2026-04-07T12:55:00Z
5
value 0.00882
scoring_system epss
scoring_elements 0.75399
published_at 2026-04-08T12:55:00Z
6
value 0.00882
scoring_system epss
scoring_elements 0.75408
published_at 2026-04-09T12:55:00Z
7
value 0.00882
scoring_system epss
scoring_elements 0.75429
published_at 2026-04-11T12:55:00Z
8
value 0.00882
scoring_system epss
scoring_elements 0.75407
published_at 2026-04-12T12:55:00Z
9
value 0.00882
scoring_system epss
scoring_elements 0.75396
published_at 2026-04-13T12:55:00Z
10
value 0.00882
scoring_system epss
scoring_elements 0.75437
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10174
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10174
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10174
5
reference_url https://github.com/infinispan/infinispan
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/infinispan/infinispan
6
reference_url https://github.com/infinispan/infinispan/commit/5dbb05cfaca01a1a66732b82a0f5ba615ccbd214
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/infinispan/infinispan/commit/5dbb05cfaca01a1a66732b82a0f5ba615ccbd214
7
reference_url https://github.com/infinispan/infinispan/commit/7bdc2822ccf79127a488130239c49a5e944e3ca2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/infinispan/infinispan/commit/7bdc2822ccf79127a488130239c49a5e944e3ca2
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10174
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
3
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10174
9
reference_url https://security.netapp.com/advisory/ntap-20220210-0018
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220210-0018
10
reference_url https://security.netapp.com/advisory/ntap-20220210-0018/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220210-0018/
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1703469
reference_id 1703469
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1703469
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:infinispan:infinispan:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:infinispan:infinispan:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:infinispan:infinispan:*:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
reference_id cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
reference_id cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
reference_id cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:fuse:1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:fuse:1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:fuse:1.0:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_data_grid:-:*:*:*:text-only:*:*:*
reference_id cpe:2.3:a:redhat:jboss_data_grid:-:*:*:*:text-only:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_data_grid:-:*:*:*:text-only:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*
reference_id cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:text-only:*:*:*
reference_id cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:text-only:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:text-only:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*
reference_id cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
25
reference_url https://github.com/advisories/GHSA-h47x-2j37-fw5m
reference_id GHSA-h47x-2j37-fw5m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h47x-2j37-fw5m
26
reference_url https://access.redhat.com/errata/RHSA-2020:0983
reference_id RHSA-2020:0983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0983
27
reference_url https://access.redhat.com/errata/RHSA-2020:2062
reference_id RHSA-2020:2062
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2062
28
reference_url https://access.redhat.com/errata/RHSA-2020:2063
reference_id RHSA-2020:2063
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2063
29
reference_url https://access.redhat.com/errata/RHSA-2020:2113
reference_id RHSA-2020:2113
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2113
30
reference_url https://access.redhat.com/errata/RHSA-2020:2333
reference_id RHSA-2020:2333
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2333
31
reference_url https://access.redhat.com/errata/RHSA-2024:5856
reference_id RHSA-2024:5856
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5856
fixed_packages
aliases CVE-2019-10174, GHSA-h47x-2j37-fw5m
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x6xg-map7-abcg
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-glassfish-jsf@2.3.5-11.SP3_redhat_00009.1%3Farch=el7eap