Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.spark/spark-core@0
Typemaven
Namespaceorg.apache.spark
Namespark-core
Version0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.3.2
Latest_non_vulnerable_version3.4.0
Affected_by_vulnerabilities
0
url VCID-as3y-ffvw-rube
vulnerability_id VCID-as3y-ffvw-rube
summary 
Improper Authentication
In all versions of Apache Spark, the standalone resource manager accepts code to execute on a `master` host, that then runs that code on `worker` hosts. The master itself does not, by design, execute user code. A specially-crafted request to the master can, however, cause the master to execute code too. Note that this does not affect standalone clusters with authentication enabled. While the master host typically has less outbound access to other resources than a worker, the execution of code on the master is nevertheless unexpected.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-17190
reference_id
reference_type
scores
0
value 0.0121
scoring_system epss
scoring_elements 0.78945
published_at 2026-04-02T12:55:00Z
1
value 0.0121
scoring_system epss
scoring_elements 0.7901
published_at 2026-04-21T12:55:00Z
2
value 0.0121
scoring_system epss
scoring_elements 0.79014
published_at 2026-04-16T12:55:00Z
3
value 0.0121
scoring_system epss
scoring_elements 0.78986
published_at 2026-04-13T12:55:00Z
4
value 0.0121
scoring_system epss
scoring_elements 0.78939
published_at 2026-04-01T12:55:00Z
5
value 0.0121
scoring_system epss
scoring_elements 0.78996
published_at 2026-04-12T12:55:00Z
6
value 0.0121
scoring_system epss
scoring_elements 0.79011
published_at 2026-04-18T12:55:00Z
7
value 0.0121
scoring_system epss
scoring_elements 0.78987
published_at 2026-04-09T12:55:00Z
8
value 0.0121
scoring_system epss
scoring_elements 0.78981
published_at 2026-04-08T12:55:00Z
9
value 0.0121
scoring_system epss
scoring_elements 0.78956
published_at 2026-04-07T12:55:00Z
10
value 0.0121
scoring_system epss
scoring_elements 0.78972
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-17190
1
reference_url https://lists.apache.org/thread.html/341c3187f15cdb0d353261d2bfecf2324d56cb7db1339bfc7b30f6e5@%3Cdev.spark.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/341c3187f15cdb0d353261d2bfecf2324d56cb7db1339bfc7b30f6e5@%3Cdev.spark.apache.org%3E
2
reference_url https://security.gentoo.org/glsa/201903-21
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201903-21
3
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2020.html
4
reference_url http://www.securityfocus.com/bid/105976
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/105976
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-17190
reference_id CVE-2018-17190
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-17190
6
reference_url https://github.com/advisories/GHSA-phg2-9c5g-m4q7
reference_id GHSA-phg2-9c5g-m4q7
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-phg2-9c5g-m4q7
fixed_packages
aliases CVE-2018-17190, GHSA-phg2-9c5g-m4q7
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-as3y-ffvw-rube
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core@0