Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:alpm/archlinux/drupal@8.5.5-1
Typealpm
Namespacearchlinux
Namedrupal
Version8.5.5-1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version8.5.6-1
Latest_non_vulnerable_version9.2.9-1
Affected_by_vulnerabilities
0
url VCID-bhfu-7788-fbhc
vulnerability_id VCID-bhfu-7788-fbhc
summary 
URL Rewrite vulnerability
An issue in Symfony arises from support for a (legacy) IIS header that lets users override the path in the request URL via the `X-Original-URL` or `X-Rewrite-URL` HTTP request header. These headers are designed for IIS support, but it's not verified that the server is in fact running IIS, which means anybody who can send these requests to an application can trigger this. This affects `\Symfony\Component\HttpFoundation\Request::prepareRequestUri()` where `X-Original-URL` and `X_REWRITE_URL` are both used. The fix drops support for these methods so that they cannot be used as attack vectors such as web cache poisoning.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14773
reference_id
reference_type
scores
0
value 0.16652
scoring_system epss
scoring_elements 0.94921
published_at 2026-04-09T12:55:00Z
1
value 0.16652
scoring_system epss
scoring_elements 0.94938
published_at 2026-04-16T12:55:00Z
2
value 0.16652
scoring_system epss
scoring_elements 0.9493
published_at 2026-04-13T12:55:00Z
3
value 0.16652
scoring_system epss
scoring_elements 0.94928
published_at 2026-04-12T12:55:00Z
4
value 0.16652
scoring_system epss
scoring_elements 0.94926
published_at 2026-04-11T12:55:00Z
5
value 0.16652
scoring_system epss
scoring_elements 0.94895
published_at 2026-04-01T12:55:00Z
6
value 0.16652
scoring_system epss
scoring_elements 0.94904
published_at 2026-04-02T12:55:00Z
7
value 0.16652
scoring_system epss
scoring_elements 0.94906
published_at 2026-04-04T12:55:00Z
8
value 0.16652
scoring_system epss
scoring_elements 0.94908
published_at 2026-04-07T12:55:00Z
9
value 0.16652
scoring_system epss
scoring_elements 0.94917
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14773
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml
11
reference_url https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b
12
reference_url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14773
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-14773
14
reference_url https://seclists.org/bugtraq/2019/May/21
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/May/21
15
reference_url https://www.debian.org/security/2019/dsa-4441
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4441
16
reference_url https://www.drupal.org/SA-CORE-2018-005
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-CORE-2018-005
17
reference_url http://www.securityfocus.com/bid/104943
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/104943
18
reference_url http://www.securitytracker.com/id/1041405
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1041405
19
reference_url https://security.archlinux.org/AVG-744
reference_id AVG-744
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-744
20
reference_url https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
reference_id CVE-2018-14773-REMOVE-SUPPORT-FOR-LEGACY-AND-RISKY-HTTP-HEADERS
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
21
reference_url https://github.com/advisories/GHSA-8wgj-6wx8-h5hq
reference_id GHSA-8wgj-6wx8-h5hq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8wgj-6wx8-h5hq
fixed_packages
0
url pkg:alpm/archlinux/drupal@8.5.6-1
purl pkg:alpm/archlinux/drupal@8.5.6-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/drupal@8.5.6-1
aliases CVE-2018-14773, GHSA-8wgj-6wx8-h5hq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bhfu-7788-fbhc
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/drupal@8.5.5-1