Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.springframework/spring-core@4.2.0
Typemaven
Namespaceorg.springframework
Namespring-core
Version4.2.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.2.24.RELEASE
Latest_non_vulnerable_version6.2.11
Affected_by_vulnerabilities
0
url VCID-ec6g-dnjb-vycb
vulnerability_id VCID-ec6g-dnjb-vycb
summary Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-5211
reference_id
reference_type
scores
0
value 0.01918
scoring_system epss
scoring_elements 0.83266
published_at 2026-04-01T12:55:00Z
1
value 0.01918
scoring_system epss
scoring_elements 0.83373
published_at 2026-04-21T12:55:00Z
2
value 0.01918
scoring_system epss
scoring_elements 0.83371
published_at 2026-04-18T12:55:00Z
3
value 0.01918
scoring_system epss
scoring_elements 0.8337
published_at 2026-04-16T12:55:00Z
4
value 0.01918
scoring_system epss
scoring_elements 0.83335
published_at 2026-04-13T12:55:00Z
5
value 0.01918
scoring_system epss
scoring_elements 0.83339
published_at 2026-04-12T12:55:00Z
6
value 0.01918
scoring_system epss
scoring_elements 0.83345
published_at 2026-04-11T12:55:00Z
7
value 0.01918
scoring_system epss
scoring_elements 0.8333
published_at 2026-04-09T12:55:00Z
8
value 0.01918
scoring_system epss
scoring_elements 0.83321
published_at 2026-04-08T12:55:00Z
9
value 0.01918
scoring_system epss
scoring_elements 0.83297
published_at 2026-04-07T12:55:00Z
10
value 0.01918
scoring_system epss
scoring_elements 0.83283
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-5211
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5211
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5211
2
reference_url https://github.com/spring-projects/spring-framework
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework
3
reference_url https://github.com/spring-projects/spring-framework/commit/03f547eb9868f48f44d59b56067d4ac4740672c3
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/03f547eb9868f48f44d59b56067d4ac4740672c3
4
reference_url https://github.com/spring-projects/spring-framework/commit/2bd1daa75ee0b8ec33608ca6ab065ef3e1815543
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/2bd1daa75ee0b8ec33608ca6ab065ef3e1815543
5
reference_url https://github.com/spring-projects/spring-framework/commit/a95c3d820dbc4c3ae752f1b3ee22ee860b162402
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/a95c3d820dbc4c3ae752f1b3ee22ee860b162402
6
reference_url https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html
7
reference_url https://www.trustwave.com/Resources/SpiderLabs-Blog/Reflected-File-Download---A-New-Web-Attack-Vector
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.trustwave.com/Resources/SpiderLabs-Blog/Reflected-File-Download---A-New-Web-Attack-Vector
8
reference_url https://www.trustwave.com/Resources/SpiderLabs-Blog/Reflected-File-Download---A-New-Web-Attack-Vector/
reference_id
reference_type
scores
url https://www.trustwave.com/Resources/SpiderLabs-Blog/Reflected-File-Download---A-New-Web-Attack-Vector/
9
reference_url http://pivotal.io/security/cve-2015-5211
reference_id CVE-2015-5211
reference_type
scores
url http://pivotal.io/security/cve-2015-5211
10
reference_url https://access.redhat.com/security/cve/cve-2015-5211
reference_id CVE-2015-5211
reference_type
scores
url https://access.redhat.com/security/cve/cve-2015-5211
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5211
reference_id CVE-2015-5211
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-5211
12
reference_url https://pivotal.io/security/cve-2015-5211
reference_id CVE-2015-5211
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pivotal.io/security/cve-2015-5211
13
reference_url https://github.com/advisories/GHSA-pgf9-h69p-pcgf
reference_id GHSA-pgf9-h69p-pcgf
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-pgf9-h69p-pcgf
14
reference_url https://usn.ubuntu.com/USN-4774-1/
reference_id USN-USN-4774-1
reference_type
scores
url https://usn.ubuntu.com/USN-4774-1/
fixed_packages
0
url pkg:maven/org.springframework/spring-core@4.2.2
purl pkg:maven/org.springframework/spring-core@4.2.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.2.2
aliases CVE-2015-5211, GHSA-pgf9-h69p-pcgf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ec6g-dnjb-vycb
1
url VCID-f3g5-hamr-6yar
vulnerability_id VCID-f3g5-hamr-6yar
summary 
Insufficient Entropy in PRNG
Spring Security contain an insecure randomness vulnerability when using `SecureRandomFactoryBean#setSeed` to configure a `SecureRandom` instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3795.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3795.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-3795
reference_id
reference_type
scores
0
value 0.00548
scoring_system epss
scoring_elements 0.67939
published_at 2026-04-21T12:55:00Z
1
value 0.00548
scoring_system epss
scoring_elements 0.67869
published_at 2026-04-07T12:55:00Z
2
value 0.00548
scoring_system epss
scoring_elements 0.67957
published_at 2026-04-11T12:55:00Z
3
value 0.00548
scoring_system epss
scoring_elements 0.67933
published_at 2026-04-09T12:55:00Z
4
value 0.00548
scoring_system epss
scoring_elements 0.6787
published_at 2026-04-02T12:55:00Z
5
value 0.00548
scoring_system epss
scoring_elements 0.67888
published_at 2026-04-04T12:55:00Z
6
value 0.00548
scoring_system epss
scoring_elements 0.6792
published_at 2026-04-08T12:55:00Z
7
value 0.00548
scoring_system epss
scoring_elements 0.67959
published_at 2026-04-18T12:55:00Z
8
value 0.00548
scoring_system epss
scoring_elements 0.67945
published_at 2026-04-16T12:55:00Z
9
value 0.00548
scoring_system epss
scoring_elements 0.67908
published_at 2026-04-13T12:55:00Z
10
value 0.00548
scoring_system epss
scoring_elements 0.67944
published_at 2026-04-12T12:55:00Z
11
value 0.00548
scoring_system epss
scoring_elements 0.67846
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-3795
2
reference_url https://github.com/advisories/GHSA-v2r2-7qm7-jj6v
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-v2r2-7qm7-jj6v
3
reference_url https://lists.debian.org/debian-lts-announce/2019/05/msg00026.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/05/msg00026.html
4
reference_url http://www.securityfocus.com/bid/107802
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/107802
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1696616
reference_id 1696616
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1696616
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3795
reference_id CVE-2019-3795
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value 3.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-3795
9
reference_url https://pivotal.io/security/cve-2019-3795
reference_id CVE-2019-3795
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pivotal.io/security/cve-2019-3795
fixed_packages
0
url pkg:maven/org.springframework/spring-core@4.3.0.RELEASE
purl pkg:maven/org.springframework/spring-core@4.3.0.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3rev-eg6f-tkb7
1
vulnerability VCID-6ysx-5wcw-f7b5
2
vulnerability VCID-c74k-e1me-pfb2
3
vulnerability VCID-cyjt-4vjn-mbc7
4
vulnerability VCID-dfs4-emmn-f3eb
5
vulnerability VCID-j3wr-npbv-8qcw
6
vulnerability VCID-k17s-ttg2-ubgj
7
vulnerability VCID-mqnn-spsw-8fg5
8
vulnerability VCID-pb7f-yasx-17ag
9
vulnerability VCID-qpxj-fzta-v7bs
10
vulnerability VCID-w6br-v2gm-j7gr
11
vulnerability VCID-y3uz-etva-sufh
12
vulnerability VCID-z3th-j593-m7bg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.3.0.RELEASE
1
url pkg:maven/org.springframework/spring-core@5.0.12.RELEASE
purl pkg:maven/org.springframework/spring-core@5.0.12.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6ysx-5wcw-f7b5
1
vulnerability VCID-c74k-e1me-pfb2
2
vulnerability VCID-cyjt-4vjn-mbc7
3
vulnerability VCID-k17s-ttg2-ubgj
4
vulnerability VCID-w6br-v2gm-j7gr
5
vulnerability VCID-y3uz-etva-sufh
6
vulnerability VCID-z3th-j593-m7bg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.0.12.RELEASE
2
url pkg:maven/org.springframework/spring-core@5.0.13.RELEASE
purl pkg:maven/org.springframework/spring-core@5.0.13.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6ysx-5wcw-f7b5
1
vulnerability VCID-c74k-e1me-pfb2
2
vulnerability VCID-cyjt-4vjn-mbc7
3
vulnerability VCID-k17s-ttg2-ubgj
4
vulnerability VCID-w6br-v2gm-j7gr
5
vulnerability VCID-y3uz-etva-sufh
6
vulnerability VCID-z3th-j593-m7bg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.0.13.RELEASE
3
url pkg:maven/org.springframework/spring-core@5.1.5.RELEASE
purl pkg:maven/org.springframework/spring-core@5.1.5.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6ysx-5wcw-f7b5
1
vulnerability VCID-c74k-e1me-pfb2
2
vulnerability VCID-cyjt-4vjn-mbc7
3
vulnerability VCID-k17s-ttg2-ubgj
4
vulnerability VCID-w6br-v2gm-j7gr
5
vulnerability VCID-y3uz-etva-sufh
6
vulnerability VCID-z3th-j593-m7bg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.1.5.RELEASE
4
url pkg:maven/org.springframework/spring-core@5.1.6.RELEASE
purl pkg:maven/org.springframework/spring-core@5.1.6.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6ysx-5wcw-f7b5
1
vulnerability VCID-c74k-e1me-pfb2
2
vulnerability VCID-cyjt-4vjn-mbc7
3
vulnerability VCID-k17s-ttg2-ubgj
4
vulnerability VCID-w6br-v2gm-j7gr
5
vulnerability VCID-y3uz-etva-sufh
6
vulnerability VCID-z3th-j593-m7bg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.1.6.RELEASE
aliases CVE-2019-3795, GHSA-v2r2-7qm7-jj6v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f3g5-hamr-6yar
2
url VCID-j3wr-npbv-8qcw
vulnerability_id VCID-j3wr-npbv-8qcw
summary An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
references
0
reference_url https://access.redhat.com/errata/RHSA-2017:3115
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:3115
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9878.json
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9878.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-9878
reference_id
reference_type
scores
0
value 0.03689
scoring_system epss
scoring_elements 0.87936
published_at 2026-04-12T12:55:00Z
1
value 0.03689
scoring_system epss
scoring_elements 0.87943
published_at 2026-04-11T12:55:00Z
2
value 0.04927
scoring_system epss
scoring_elements 0.8958
published_at 2026-04-01T12:55:00Z
3
value 0.04927
scoring_system epss
scoring_elements 0.89619
published_at 2026-04-09T12:55:00Z
4
value 0.04927
scoring_system epss
scoring_elements 0.89613
published_at 2026-04-08T12:55:00Z
5
value 0.04927
scoring_system epss
scoring_elements 0.89597
published_at 2026-04-07T12:55:00Z
6
value 0.04927
scoring_system epss
scoring_elements 0.89596
published_at 2026-04-04T12:55:00Z
7
value 0.04927
scoring_system epss
scoring_elements 0.89583
published_at 2026-04-02T12:55:00Z
8
value 0.05056
scoring_system epss
scoring_elements 0.89794
published_at 2026-04-18T12:55:00Z
9
value 0.05056
scoring_system epss
scoring_elements 0.89788
published_at 2026-04-21T12:55:00Z
10
value 0.05629
scoring_system epss
scoring_elements 0.90343
published_at 2026-04-13T12:55:00Z
11
value 0.05629
scoring_system epss
scoring_elements 0.90359
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-9878
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9878
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9878
4
reference_url https://github.com/spring-projects/spring-framework
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework
5
reference_url https://github.com/spring-projects/spring-framework/commit/43bf008fbcd0d7945e2fcd5e30039bc4d74c7a98
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/43bf008fbcd0d7945e2fcd5e30039bc4d74c7a98
6
reference_url https://github.com/spring-projects/spring-framework/commit/a7dc48534ea501525f11369d369178a60c2f47d0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/a7dc48534ea501525f11369d369178a60c2f47d0
7
reference_url https://github.com/spring-projects/spring-framework/commit/e2d6e709c3c65a4951eb096843ee75d5200cfcad
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/e2d6e709c3c65a4951eb096843ee75d5200cfcad
8
reference_url https://github.com/spring-projects/spring-framework/issues/19513
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/issues/19513
9
reference_url https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html
10
reference_url https://security.netapp.com/advisory/ntap-20180419-0002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20180419-0002
11
reference_url https://security.netapp.com/advisory/ntap-20180419-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20180419-0002/
12
reference_url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
13
reference_url http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
14
reference_url http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
15
reference_url http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
16
reference_url http://www.securityfocus.com/bid/95072
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/95072
17
reference_url http://www.securitytracker.com/id/1040698
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1040698
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1408164
reference_id 1408164
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1408164
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849167
reference_id 849167
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849167
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-9878
reference_id CVE-2016-9878
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-9878
21
reference_url https://pivotal.io/security/cve-2016-9878
reference_id CVE-2016-9878
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pivotal.io/security/cve-2016-9878
22
reference_url https://github.com/advisories/GHSA-2m8h-fgr8-2q9w
reference_id GHSA-2m8h-fgr8-2q9w
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-2m8h-fgr8-2q9w
23
reference_url https://usn.ubuntu.com/USN-4774-1/
reference_id USN-USN-4774-1
reference_type
scores
url https://usn.ubuntu.com/USN-4774-1/
fixed_packages
0
url pkg:maven/org.springframework/spring-core@4.2.9
purl pkg:maven/org.springframework/spring-core@4.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.2.9
1
url pkg:maven/org.springframework/spring-core@4.2.9.RELEASE
purl pkg:maven/org.springframework/spring-core@4.2.9.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3rev-eg6f-tkb7
1
vulnerability VCID-6ysx-5wcw-f7b5
2
vulnerability VCID-c74k-e1me-pfb2
3
vulnerability VCID-cyjt-4vjn-mbc7
4
vulnerability VCID-dfs4-emmn-f3eb
5
vulnerability VCID-f3g5-hamr-6yar
6
vulnerability VCID-k17s-ttg2-ubgj
7
vulnerability VCID-pb7f-yasx-17ag
8
vulnerability VCID-pz7c-p4ze-kfhc
9
vulnerability VCID-w6br-v2gm-j7gr
10
vulnerability VCID-z3th-j593-m7bg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.2.9.RELEASE
2
url pkg:maven/org.springframework/spring-core@4.3.5
purl pkg:maven/org.springframework/spring-core@4.3.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.3.5
3
url pkg:maven/org.springframework/spring-core@4.3.5.RELEASE
purl pkg:maven/org.springframework/spring-core@4.3.5.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3rev-eg6f-tkb7
1
vulnerability VCID-6ysx-5wcw-f7b5
2
vulnerability VCID-c74k-e1me-pfb2
3
vulnerability VCID-cyjt-4vjn-mbc7
4
vulnerability VCID-k17s-ttg2-ubgj
5
vulnerability VCID-pb7f-yasx-17ag
6
vulnerability VCID-qpxj-fzta-v7bs
7
vulnerability VCID-w6br-v2gm-j7gr
8
vulnerability VCID-y3uz-etva-sufh
9
vulnerability VCID-z3th-j593-m7bg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.3.5.RELEASE
aliases CVE-2016-9878, GHSA-2m8h-fgr8-2q9w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j3wr-npbv-8qcw
3
url VCID-pz7c-p4ze-kfhc
vulnerability_id VCID-pz7c-p4ze-kfhc
summary 
PlaintextPasswordEncoder authenticates encoded passwords that are null
Spring Security supports plain text passwords using `PlaintextPasswordEncoder`. a malicious user (or attacker) can authenticate using a password of `null`.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11272.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11272.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-11272
reference_id
reference_type
scores
0
value 0.00407
scoring_system epss
scoring_elements 0.61181
published_at 2026-04-21T12:55:00Z
1
value 0.00407
scoring_system epss
scoring_elements 0.6115
published_at 2026-04-08T12:55:00Z
2
value 0.00407
scoring_system epss
scoring_elements 0.61165
published_at 2026-04-09T12:55:00Z
3
value 0.00407
scoring_system epss
scoring_elements 0.61186
published_at 2026-04-11T12:55:00Z
4
value 0.00407
scoring_system epss
scoring_elements 0.61173
published_at 2026-04-12T12:55:00Z
5
value 0.00407
scoring_system epss
scoring_elements 0.61154
published_at 2026-04-13T12:55:00Z
6
value 0.00407
scoring_system epss
scoring_elements 0.61194
published_at 2026-04-16T12:55:00Z
7
value 0.00407
scoring_system epss
scoring_elements 0.612
published_at 2026-04-18T12:55:00Z
8
value 0.00407
scoring_system epss
scoring_elements 0.61031
published_at 2026-04-01T12:55:00Z
9
value 0.00407
scoring_system epss
scoring_elements 0.61108
published_at 2026-04-02T12:55:00Z
10
value 0.00407
scoring_system epss
scoring_elements 0.61136
published_at 2026-04-04T12:55:00Z
11
value 0.00407
scoring_system epss
scoring_elements 0.61102
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-11272
2
reference_url https://lists.debian.org/debian-lts-announce/2019/07/msg00008.html
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/07/msg00008.html
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1728993
reference_id 1728993
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1728993
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-11272
reference_id CVE-2019-11272
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-11272
5
reference_url https://pivotal.io/security/cve-2019-11272
reference_id CVE-2019-11272
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pivotal.io/security/cve-2019-11272
6
reference_url https://github.com/advisories/GHSA-v33x-prhc-gph5
reference_id GHSA-v33x-prhc-gph5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v33x-prhc-gph5
7
reference_url https://access.redhat.com/errata/RHSA-2020:0983
reference_id RHSA-2020:0983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0983
fixed_packages
0
url pkg:maven/org.springframework/spring-core@4.3.0.RELEASE
purl pkg:maven/org.springframework/spring-core@4.3.0.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3rev-eg6f-tkb7
1
vulnerability VCID-6ysx-5wcw-f7b5
2
vulnerability VCID-c74k-e1me-pfb2
3
vulnerability VCID-cyjt-4vjn-mbc7
4
vulnerability VCID-dfs4-emmn-f3eb
5
vulnerability VCID-j3wr-npbv-8qcw
6
vulnerability VCID-k17s-ttg2-ubgj
7
vulnerability VCID-mqnn-spsw-8fg5
8
vulnerability VCID-pb7f-yasx-17ag
9
vulnerability VCID-qpxj-fzta-v7bs
10
vulnerability VCID-w6br-v2gm-j7gr
11
vulnerability VCID-y3uz-etva-sufh
12
vulnerability VCID-z3th-j593-m7bg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.3.0.RELEASE
aliases CVE-2019-11272, GHSA-v33x-prhc-gph5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pz7c-p4ze-kfhc
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.2.0