Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/zsh@5.4.2-r1?arch=armv7&distroversion=v3.21&reponame=main

Type apk

Namespace alpine

Name zsh

Version 5.4.2-r1

Qualifiers

arch	armv7
distroversion	v3.21
reponame	main

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-h2au-1dgd-ubcm

vulnerability_id VCID-h2au-1dgd-ubcm

summary Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1083.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1083.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1083

reference_id

reference_type

scores

value	0.00074
scoring_system	epss
scoring_elements	0.22346
published_at	2026-06-04T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.2243
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1083

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1083
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1083

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1557382
reference_id	1557382
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1557382

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894043
reference_id	894043
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894043

reference_url	https://security.gentoo.org/glsa/201805-10
reference_id	GLSA-201805-10
reference_type
scores
url	https://security.gentoo.org/glsa/201805-10

reference_url	https://access.redhat.com/errata/RHSA-2018:1932
reference_id	RHSA-2018:1932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1932

reference_url	https://access.redhat.com/errata/RHSA-2018:3073
reference_id	RHSA-2018:3073
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3073

reference_url	https://usn.ubuntu.com/3608-1/
reference_id	USN-3608-1
reference_type
scores
url	https://usn.ubuntu.com/3608-1/

fixed_packages

url	pkg:apk/alpine/zsh@5.4.2-r1?arch=armv7&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/zsh@5.4.2-r1?arch=armv7&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zsh@5.4.2-r1%3Farch=armv7&distroversion=v3.21&reponame=main

aliases CVE-2018-1083

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h2au-1dgd-ubcm

url VCID-n1jy-7b9v-6ue7

vulnerability_id VCID-n1jy-7b9v-6ue7

summary zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1071.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1071.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1071

reference_id

reference_type

scores

value	0.00044
scoring_system	epss
scoring_elements	0.13711
published_at	2026-06-04T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13791
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1071

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1071
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1071

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1553531
reference_id	1553531
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1553531

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894044
reference_id	894044
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894044

reference_url

https://security.archlinux.org/AVG-652

reference_id

AVG-652

reference_type

scores

value	Low
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-652

reference_url	https://security.gentoo.org/glsa/201805-10
reference_id	GLSA-201805-10
reference_type
scores
url	https://security.gentoo.org/glsa/201805-10

reference_url	https://access.redhat.com/errata/RHSA-2018:3073
reference_id	RHSA-2018:3073
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3073

reference_url	https://usn.ubuntu.com/3608-1/
reference_id	USN-3608-1
reference_type
scores
url	https://usn.ubuntu.com/3608-1/

fixed_packages

url	pkg:apk/alpine/zsh@5.4.2-r1?arch=armv7&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/zsh@5.4.2-r1?arch=armv7&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zsh@5.4.2-r1%3Farch=armv7&distroversion=v3.21&reponame=main

aliases CVE-2018-1071

risk_score 1.5

exploitability 0.5

weighted_severity 3.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n1jy-7b9v-6ue7

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zsh@5.4.2-r1%3Farch=armv7&distroversion=v3.21&reponame=main

Package Instance