Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.struts/struts2-core@2.3.28.1
Typemaven
Namespaceorg.apache.struts
Namestruts2-core
Version2.3.28.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.3.31
Latest_non_vulnerable_version7.1.1
Affected_by_vulnerabilities
0
url VCID-dvxu-9sh6-qbef
vulnerability_id VCID-dvxu-9sh6-qbef
summary 
Improper Input Validation
Using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.
references
0
reference_url https://struts.apache.org/docs/s2-053.html
reference_id
reference_type
scores
url https://struts.apache.org/docs/s2-053.html
1
reference_url http://www.securityfocus.com/bid/100829
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/100829
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12611
reference_id CVE-2017-12611
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-12611
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.34
purl pkg:maven/org.apache.struts/struts2-core@2.3.34
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.34
1
url pkg:maven/org.apache.struts/struts2-core@2.5.12
purl pkg:maven/org.apache.struts/struts2-core@2.5.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hrky-nmnv-g3eu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.12
aliases CVE-2017-12611
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dvxu-9sh6-qbef
1
url VCID-hrky-nmnv-g3eu
vulnerability_id VCID-hrky-nmnv-g3eu
summary 
Improper Input Validation
If an application allows entering a URL in a form field and built-in `URLValidator` is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.
references
0
reference_url https://struts.apache.org/docs/s2-050.html
reference_id
reference_type
scores
url https://struts.apache.org/docs/s2-050.html
1
reference_url http://www.securityfocus.com/bid/100612
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/100612
2
reference_url http://www.securitytracker.com/id/1039261
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1039261
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-9804
reference_id CVE-2017-9804
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-9804
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.34
purl pkg:maven/org.apache.struts/struts2-core@2.3.34
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.34
1
url pkg:maven/org.apache.struts/struts2-core@2.5.13
purl pkg:maven/org.apache.struts/struts2-core@2.5.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.13
aliases CVE-2017-9804
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hrky-nmnv-g3eu
2
url VCID-mmth-7rgf-aqfa
vulnerability_id VCID-mmth-7rgf-aqfa
summary 
Uncontrolled Resource Consumption
When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack.
references
0
reference_url http://struts.apache.org/docs/s2-049.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-049.html
1
reference_url http://www.securityfocus.com/bid/99562
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/99562
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-9787
reference_id CVE-2017-9787
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-9787
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.33
purl pkg:maven/org.apache.struts/struts2-core@2.3.33
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dvxu-9sh6-qbef
1
vulnerability VCID-hrky-nmnv-g3eu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.33
1
url pkg:maven/org.apache.struts/struts2-core@2.5.12
purl pkg:maven/org.apache.struts/struts2-core@2.5.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hrky-nmnv-g3eu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.12
aliases CVE-2017-9787
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mmth-7rgf-aqfa
3
url VCID-qdsq-8td3-5qa1
vulnerability_id VCID-qdsq-8td3-5qa1
summary 
Improper Input Validation
The `URLValidator` class in Apache Struts 2 allows remote attackers to cause a denial of service via a `null` value for a URL field.
references
0
reference_url http://jvndb.jvn.jp/jvndb/JVNDB-2016-000114
reference_id
reference_type
scores
url http://jvndb.jvn.jp/jvndb/JVNDB-2016-000114
1
reference_url http://jvn.jp/en/jp/JVN12352818/index.html
reference_id
reference_type
scores
url http://jvn.jp/en/jp/JVN12352818/index.html
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1348253
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1348253
3
reference_url https://struts.apache.org/docs/s2-041.html
reference_id
reference_type
scores
url https://struts.apache.org/docs/s2-041.html
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-4465
reference_id CVE-2016-4465
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-4465
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.29
purl pkg:maven/org.apache.struts/struts2-core@2.3.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dvxu-9sh6-qbef
1
vulnerability VCID-hrky-nmnv-g3eu
2
vulnerability VCID-mmth-7rgf-aqfa
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.29
1
url pkg:maven/org.apache.struts/struts2-core@2.5.1
purl pkg:maven/org.apache.struts/struts2-core@2.5.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.1
aliases CVE-2016-4465
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qdsq-8td3-5qa1
Fixing_vulnerabilities
0
url VCID-1cxn-qv1w-2kh7
vulnerability_id VCID-1cxn-qv1w-2kh7
summary 
Improper Input Validation
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.
references
0
reference_url https://github.com/apache/struts/commit/6bd694b7980494c12d49ca1bf39f12aec3e03e2f
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/6bd694b7980494c12d49ca1bf39f12aec3e03e2f
1
reference_url http://struts.apache.org/docs/s2-033.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-033.html
2
reference_url https://web.archive.org/web/20160616082237/http://www.securitytracker.com/id/1036017
reference_id
reference_type
scores
url https://web.archive.org/web/20160616082237/http://www.securitytracker.com/id/1036017
3
reference_url https://web.archive.org/web/20160728170709/http://www.securityfocus.com/bid/90960
reference_id
reference_type
scores
url https://web.archive.org/web/20160728170709/http://www.securityfocus.com/bid/90960
4
reference_url https://www.exploit-db.com/exploits/39919/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/39919/
5
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21987854
reference_id
reference_type
scores
url http://www-01.ibm.com/support/docview.wss?uid=swg21987854
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-3087
reference_id CVE-2016-3087
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-3087
7
reference_url https://github.com/advisories/GHSA-mmj6-cjj4-hpr5
reference_id GHSA-mmj6-cjj4-hpr5
reference_type
scores
url https://github.com/advisories/GHSA-mmj6-cjj4-hpr5
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.20.3
purl pkg:maven/org.apache.struts/struts2-core@2.3.20.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mmth-7rgf-aqfa
1
vulnerability VCID-qdsq-8td3-5qa1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.3
1
url pkg:maven/org.apache.struts/struts2-core@2.3.24.3
purl pkg:maven/org.apache.struts/struts2-core@2.3.24.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dvxu-9sh6-qbef
1
vulnerability VCID-hrky-nmnv-g3eu
2
vulnerability VCID-mmth-7rgf-aqfa
3
vulnerability VCID-qdsq-8td3-5qa1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3
2
url pkg:maven/org.apache.struts/struts2-core@2.3.28.1
purl pkg:maven/org.apache.struts/struts2-core@2.3.28.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dvxu-9sh6-qbef
1
vulnerability VCID-hrky-nmnv-g3eu
2
vulnerability VCID-mmth-7rgf-aqfa
3
vulnerability VCID-qdsq-8td3-5qa1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28.1
aliases CVE-2016-3087, GHSA-mmj6-cjj4-hpr5
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1cxn-qv1w-2kh7
1
url VCID-z1jy-4da2-tyhk
vulnerability_id VCID-z1jy-4da2-tyhk
summary 
Improper Input Validation
`XSLTResult` in Apache Struts allows remote attackers to execute arbitrary code via the stylesheet location parameter.
references
0
reference_url http://struts.apache.org/docs/s2-031.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-031.html
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-3082
reference_id CVE-2016-3082
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-3082
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.20.3
purl pkg:maven/org.apache.struts/struts2-core@2.3.20.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mmth-7rgf-aqfa
1
vulnerability VCID-qdsq-8td3-5qa1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.3
1
url pkg:maven/org.apache.struts/struts2-core@2.3.24.3
purl pkg:maven/org.apache.struts/struts2-core@2.3.24.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dvxu-9sh6-qbef
1
vulnerability VCID-hrky-nmnv-g3eu
2
vulnerability VCID-mmth-7rgf-aqfa
3
vulnerability VCID-qdsq-8td3-5qa1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3
2
url pkg:maven/org.apache.struts/struts2-core@2.3.28.1
purl pkg:maven/org.apache.struts/struts2-core@2.3.28.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dvxu-9sh6-qbef
1
vulnerability VCID-hrky-nmnv-g3eu
2
vulnerability VCID-mmth-7rgf-aqfa
3
vulnerability VCID-qdsq-8td3-5qa1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28.1
aliases CVE-2016-3082
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z1jy-4da2-tyhk
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28.1