Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.struts/struts2-core@2.5
Typemaven
Namespaceorg.apache.struts
Namestruts2-core
Version2.5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.5.1
Latest_non_vulnerable_version7.1.1
Affected_by_vulnerabilities
0
url VCID-21k4-5a8r-7bd9
vulnerability_id VCID-21k4-5a8r-7bd9
summary 
Improper Input Validation
If an application allows to enter an URL in a form field and built-in `URLValidator` is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.
references
0
reference_url http://struts.apache.org/docs/s2-047.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-047.html
1
reference_url http://www.securityfocus.com/bid/99563
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/99563
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7672
reference_id CVE-2017-7672
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-7672
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.5.12
purl pkg:maven/org.apache.struts/struts2-core@2.5.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hrky-nmnv-g3eu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.12
aliases CVE-2017-7672
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-21k4-5a8r-7bd9
1
url VCID-7uv9-4vy7-ryd1
vulnerability_id VCID-7uv9-4vy7-ryd1
summary 
Apache Struts vulnerable to remote command execution (RCE) due to improper input validation
Apache Struts contains a Remote Code Execution when using results with no namespace and it's upper actions have no or wildcard namespace. The same flaw exists when using a url tag with no value, action set,  and it's upper actions have no or wildcard namespace.
references
0
reference_url https://cwiki.apache.org/confluence/display/WW/S2-057
reference_id
reference_type
scores
url https://cwiki.apache.org/confluence/display/WW/S2-057
1
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
url https://github.com/apache/struts
2
reference_url https://github.com/apache/struts/commit/6e87474f9ad0549f07dd2c37d50a9ccd0977c6e
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/6e87474f9ad0549f07dd2c37d50a9ccd0977c6e
3
reference_url https://lgtm.com/blog/apache_struts_CVE-2018-11776
reference_id
reference_type
scores
url https://lgtm.com/blog/apache_struts_CVE-2018-11776
4
reference_url https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E
6
reference_url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012
reference_id
reference_type
scores
url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012
7
reference_url https://security.netapp.com/advisory/ntap-20180822-0001
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20180822-0001
8
reference_url https://security.netapp.com/advisory/ntap-20181018-0002
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20181018-0002
9
reference_url https://web.archive.org/web/20180822160726/http://www.securityfocus.com/bid/105125
reference_id
reference_type
scores
url https://web.archive.org/web/20180822160726/http://www.securityfocus.com/bid/105125
10
reference_url https://web.archive.org/web/20200807025819/http://www.securitytracker.com/id/1041888
reference_id
reference_type
scores
url https://web.archive.org/web/20200807025819/http://www.securitytracker.com/id/1041888
11
reference_url https://web.archive.org/web/20201208145803/https://securitytracker.com/id/1041547
reference_id
reference_type
scores
url https://web.archive.org/web/20201208145803/https://securitytracker.com/id/1041547
12
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-11776
reference_id
reference_type
scores
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-11776
13
reference_url https://www.exploit-db.com/exploits/45260
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/45260
14
reference_url https://www.exploit-db.com/exploits/45262
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/45262
15
reference_url https://www.exploit-db.com/exploits/45367
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/45367
16
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpujul2020.html
17
reference_url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
reference_id
reference_type
scores
url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11776
reference_id CVE-2018-11776
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-11776
19
reference_url https://github.com/hook-s3c/CVE-2018-11776-Python-PoC
reference_id CVE-2018-11776-PYTHON-POC
reference_type
scores
url https://github.com/hook-s3c/CVE-2018-11776-Python-PoC
20
reference_url https://github.com/advisories/GHSA-cr6j-3jp9-rw65
reference_id GHSA-cr6j-3jp9-rw65
reference_type
scores
url https://github.com/advisories/GHSA-cr6j-3jp9-rw65
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.5.17
purl pkg:maven/org.apache.struts/struts2-core@2.5.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.17
aliases CVE-2018-11776, GHSA-cr6j-3jp9-rw65
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7uv9-4vy7-ryd1
2
url VCID-dvxu-9sh6-qbef
vulnerability_id VCID-dvxu-9sh6-qbef
summary 
Improper Input Validation
Using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.
references
0
reference_url https://struts.apache.org/docs/s2-053.html
reference_id
reference_type
scores
url https://struts.apache.org/docs/s2-053.html
1
reference_url http://www.securityfocus.com/bid/100829
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/100829
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12611
reference_id CVE-2017-12611
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-12611
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.5.12
purl pkg:maven/org.apache.struts/struts2-core@2.5.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hrky-nmnv-g3eu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.12
aliases CVE-2017-12611
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dvxu-9sh6-qbef
3
url VCID-hrky-nmnv-g3eu
vulnerability_id VCID-hrky-nmnv-g3eu
summary 
Improper Input Validation
If an application allows entering a URL in a form field and built-in `URLValidator` is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.
references
0
reference_url https://struts.apache.org/docs/s2-050.html
reference_id
reference_type
scores
url https://struts.apache.org/docs/s2-050.html
1
reference_url http://www.securityfocus.com/bid/100612
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/100612
2
reference_url http://www.securitytracker.com/id/1039261
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1039261
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-9804
reference_id CVE-2017-9804
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-9804
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.5.13
purl pkg:maven/org.apache.struts/struts2-core@2.5.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.13
aliases CVE-2017-9804
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hrky-nmnv-g3eu
4
url VCID-mmth-7rgf-aqfa
vulnerability_id VCID-mmth-7rgf-aqfa
summary 
Uncontrolled Resource Consumption
When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack.
references
0
reference_url http://struts.apache.org/docs/s2-049.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-049.html
1
reference_url http://www.securityfocus.com/bid/99562
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/99562
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-9787
reference_id CVE-2017-9787
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-9787
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.5.12
purl pkg:maven/org.apache.struts/struts2-core@2.5.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hrky-nmnv-g3eu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.12
aliases CVE-2017-9787
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mmth-7rgf-aqfa
5
url VCID-qdsq-8td3-5qa1
vulnerability_id VCID-qdsq-8td3-5qa1
summary 
Improper Input Validation
The `URLValidator` class in Apache Struts 2 allows remote attackers to cause a denial of service via a `null` value for a URL field.
references
0
reference_url http://jvndb.jvn.jp/jvndb/JVNDB-2016-000114
reference_id
reference_type
scores
url http://jvndb.jvn.jp/jvndb/JVNDB-2016-000114
1
reference_url http://jvn.jp/en/jp/JVN12352818/index.html
reference_id
reference_type
scores
url http://jvn.jp/en/jp/JVN12352818/index.html
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1348253
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1348253
3
reference_url https://struts.apache.org/docs/s2-041.html
reference_id
reference_type
scores
url https://struts.apache.org/docs/s2-041.html
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-4465
reference_id CVE-2016-4465
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-4465
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.5.1
purl pkg:maven/org.apache.struts/struts2-core@2.5.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.1
aliases CVE-2016-4465
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qdsq-8td3-5qa1
6
url VCID-ybuw-727z-r3eb
vulnerability_id VCID-ybuw-727z-r3eb
summary 
Improper Input Validation
In Apache Struts, if an application allows entering a URL in a form field and the built-in `URLValidator` is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.
references
0
reference_url https://struts.apache.org/docs/s2-044.html
reference_id
reference_type
scores
url https://struts.apache.org/docs/s2-044.html
1
reference_url http://www.securityfocus.com/bid/94657
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/94657
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-8738
reference_id CVE-2016-8738
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-8738
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.5.8
purl pkg:maven/org.apache.struts/struts2-core@2.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21k4-5a8r-7bd9
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.8
aliases CVE-2016-8738
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ybuw-727z-r3eb
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5