Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/atomic-openshift@3.7.72-1.git.0.925b9cd?arch=el7
Typerpm
Namespaceredhat
Nameatomic-openshift
Version3.7.72-1.git.0.925b9cd
Qualifiers
arch el7
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-3m8h-88sb-f7hk
vulnerability_id VCID-3m8h-88sb-f7hk
summary 
Privilege Escalation in Kubernetes
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:3537
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3537
1
reference_url https://access.redhat.com/errata/RHSA-2018:3549
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3549
2
reference_url https://access.redhat.com/errata/RHSA-2018:3551
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3551
3
reference_url https://access.redhat.com/errata/RHSA-2018:3598
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3598
4
reference_url https://access.redhat.com/errata/RHSA-2018:3624
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3624
5
reference_url https://access.redhat.com/errata/RHSA-2018:3742
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3742
6
reference_url https://access.redhat.com/errata/RHSA-2018:3752
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3752
7
reference_url https://access.redhat.com/errata/RHSA-2018:3754
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3754
8
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1002105.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1002105.json
9
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1002105
reference_id
reference_type
scores
0
value 0.90349
scoring_system epss
scoring_elements 0.99605
published_at 2026-04-24T12:55:00Z
1
value 0.90698
scoring_system epss
scoring_elements 0.99622
published_at 2026-04-16T12:55:00Z
2
value 0.90698
scoring_system epss
scoring_elements 0.99619
published_at 2026-04-02T12:55:00Z
3
value 0.90698
scoring_system epss
scoring_elements 0.9962
published_at 2026-04-07T12:55:00Z
4
value 0.90698
scoring_system epss
scoring_elements 0.99621
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1002105
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1002105
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1002105
11
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
12
reference_url https://github.com/evict/poc_CVE-2018-1002105
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/evict/poc_CVE-2018-1002105
13
reference_url https://github.com/kubernetes/kubernetes/commit/2257c1ecbe3c0cf71dd50b82752ae189c94ec905
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/commit/2257c1ecbe3c0cf71dd50b82752ae189c94ec905
14
reference_url https://github.com/kubernetes/kubernetes/issues/71411
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/issues/71411
15
reference_url https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88
16
reference_url https://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1002105
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1002105
18
reference_url https://security.netapp.com/advisory/ntap-20190416-0001
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190416-0001
19
reference_url https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do
20
reference_url https://www.exploit-db.com/exploits/46052
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/46052
21
reference_url https://www.exploit-db.com/exploits/46053
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/46053
22
reference_url https://www.openwall.com/lists/oss-security/2019/06/28/2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2019/06/28/2
23
reference_url https://www.openwall.com/lists/oss-security/2019/07/06/3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2019/07/06/3
24
reference_url https://www.openwall.com/lists/oss-security/2019/07/06/4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2019/07/06/4
25
reference_url https://www.securityfocus.com/bid/106068
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.securityfocus.com/bid/106068
26
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1648138
reference_id 1648138
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1648138
27
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915828
reference_id 915828
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915828
28
reference_url https://github.com/evict/poc_CVE-2018-1002105/blob/ed5da79aadad0049d11f89fcb9ed65f987a331a1/unauth_poc.py
reference_id CVE-2018-1002105
reference_type exploit
scores
url https://github.com/evict/poc_CVE-2018-1002105/blob/ed5da79aadad0049d11f89fcb9ed65f987a331a1/unauth_poc.py
29
reference_url https://github.com/evict/poc_CVE-2018-1002105/blob/f704f2e593fbb686b4a5799dc13e8bfcec13f3c3/poc.py
reference_id CVE-2018-1002105
reference_type exploit
scores
url https://github.com/evict/poc_CVE-2018-1002105/blob/f704f2e593fbb686b4a5799dc13e8bfcec13f3c3/poc.py
30
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/46052.py
reference_id CVE-2018-1002105
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/46052.py
31
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/46053.py
reference_id CVE-2018-1002105
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/46053.py
fixed_packages
aliases CVE-2018-1002105, GHSA-579h-mv94-g4gp
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3m8h-88sb-f7hk
1
url VCID-aqg1-k7hr-2fga
vulnerability_id VCID-aqg1-k7hr-2fga
summary 
JSON-Patch Out-of-bounds Write vulnerability
An out of bound write can occur when patching an Openshift object using the `oc patch` functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management.
references
0
reference_url https://access.redhat.com/errata/RHBA-2018:2652
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2018:2652
1
reference_url https://access.redhat.com/errata/RHSA-2018:2654
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2654
2
reference_url https://access.redhat.com/errata/RHSA-2018:2709
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2709
3
reference_url https://access.redhat.com/errata/RHSA-2018:2906
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2906
4
reference_url https://access.redhat.com/errata/RHSA-2018:2908
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2908
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14632.json
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14632.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14632
reference_id
reference_type
scores
0
value 0.0051
scoring_system epss
scoring_elements 0.66447
published_at 2026-04-11T12:55:00Z
1
value 0.0051
scoring_system epss
scoring_elements 0.66434
published_at 2026-04-12T12:55:00Z
2
value 0.0051
scoring_system epss
scoring_elements 0.66404
published_at 2026-04-13T12:55:00Z
3
value 0.0051
scoring_system epss
scoring_elements 0.6644
published_at 2026-04-16T12:55:00Z
4
value 0.0051
scoring_system epss
scoring_elements 0.66457
published_at 2026-04-18T12:55:00Z
5
value 0.0051
scoring_system epss
scoring_elements 0.66442
published_at 2026-04-21T12:55:00Z
6
value 0.0051
scoring_system epss
scoring_elements 0.66465
published_at 2026-04-24T12:55:00Z
7
value 0.0051
scoring_system epss
scoring_elements 0.6633
published_at 2026-04-01T12:55:00Z
8
value 0.0051
scoring_system epss
scoring_elements 0.66427
published_at 2026-04-09T12:55:00Z
9
value 0.0051
scoring_system epss
scoring_elements 0.66413
published_at 2026-04-08T12:55:00Z
10
value 0.0051
scoring_system epss
scoring_elements 0.66365
published_at 2026-04-07T12:55:00Z
11
value 0.0051
scoring_system epss
scoring_elements 0.66395
published_at 2026-04-04T12:55:00Z
12
value 0.0051
scoring_system epss
scoring_elements 0.66369
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14632
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14632
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14632
8
reference_url https://github.com/evanphx/json-patch
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/evanphx/json-patch
9
reference_url https://github.com/evanphx/json-patch/commit/4c9aadca8f89e349c999f04e28199e96e81aba03
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/evanphx/json-patch/commit/4c9aadca8f89e349c999f04e28199e96e81aba03
10
reference_url https://github.com/evanphx/json-patch/commit/4c9aadca8f89e349c999f04e28199e96e81aba03#diff-65c563bba473be9d94ce4d033f74810e
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/evanphx/json-patch/commit/4c9aadca8f89e349c999f04e28199e96e81aba03#diff-65c563bba473be9d94ce4d033f74810e
11
reference_url https://github.com/evanphx/json-patch/pull/57
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/evanphx/json-patch/pull/57
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14632
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-14632
13
reference_url https://pkg.go.dev/vuln/GO-2021-0076
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2021-0076
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1625885
reference_id 1625885
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1625885
fixed_packages
aliases CVE-2018-14632, GHSA-gxhv-3hwf-wjp9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aqg1-k7hr-2fga
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift@3.7.72-1.git.0.925b9cd%3Farch=el7