Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.jboss.web/jbossweb@7.2.2
Typemaven
Namespaceorg.jboss.web
Namejbossweb
Version7.2.2
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-bxg6-fsmd-6qae
vulnerability_id VCID-bxg6-fsmd-6qae
summary The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue
references
0
reference_url http://openwall.com/lists/oss-security/2014/10/24/12
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/10/24/12
1
reference_url http://rhn.redhat.com/errata/RHSA-2013-1193.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1193.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2013-1194.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1194.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2013-1265.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1265.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2185.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2185.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2185
reference_id
reference_type
scores
0
value 0.05286
scoring_system epss
scoring_elements 0.89969
published_at 2026-04-02T12:55:00Z
1
value 0.05286
scoring_system epss
scoring_elements 0.90025
published_at 2026-04-16T12:55:00Z
2
value 0.05286
scoring_system epss
scoring_elements 0.89981
published_at 2026-04-04T12:55:00Z
3
value 0.05286
scoring_system epss
scoring_elements 0.89987
published_at 2026-04-07T12:55:00Z
4
value 0.05286
scoring_system epss
scoring_elements 0.90003
published_at 2026-04-08T12:55:00Z
5
value 0.05286
scoring_system epss
scoring_elements 0.90009
published_at 2026-04-13T12:55:00Z
6
value 0.05286
scoring_system epss
scoring_elements 0.90015
published_at 2026-04-12T12:55:00Z
7
value 0.05286
scoring_system epss
scoring_elements 0.90017
published_at 2026-04-11T12:55:00Z
8
value 0.05286
scoring_system epss
scoring_elements 0.90023
published_at 2026-04-21T12:55:00Z
9
value 0.05286
scoring_system epss
scoring_elements 0.90026
published_at 2026-04-18T12:55:00Z
10
value 0.05286
scoring_system epss
scoring_elements 0.89967
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2185
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2185
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2185
7
reference_url https://github.com/apache/tomcat
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tomcat
8
reference_url https://github.com/apache/tomcat/commit/e246e5fc13307da0a5d3bbf860d64d97be1c40f8
reference_id
reference_type
scores
url https://github.com/apache/tomcat/commit/e246e5fc13307da0a5d3bbf860d64d97be1c40f8
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2185
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-2185
10
reference_url http://www.openwall.com/lists/oss-security/2013/09/05/4
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/09/05/4
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=974813
reference_id 974813
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=974813
12
reference_url https://github.com/advisories/GHSA-v6c7-8qx5-8gmp
reference_id GHSA-v6c7-8qx5-8gmp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v6c7-8qx5-8gmp
13
reference_url https://access.redhat.com/errata/RHSA-2013:1193
reference_id RHSA-2013:1193
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1193
14
reference_url https://access.redhat.com/errata/RHSA-2013:1194
reference_id RHSA-2013:1194
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1194
15
reference_url https://access.redhat.com/errata/RHSA-2013:1265
reference_id RHSA-2013:1265
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1265
fixed_packages
0
url pkg:maven/org.jboss.web/jbossweb@7.2.2
purl pkg:maven/org.jboss.web/jbossweb@7.2.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.web/jbossweb@7.2.2
aliases CVE-2013-2185, GHSA-v6c7-8qx5-8gmp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bxg6-fsmd-6qae
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.web/jbossweb@7.2.2