Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.spark/spark-core_2.11@2.2.0
Typemaven
Namespaceorg.apache.spark
Namespark-core_2.11
Version2.2.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.2.2
Latest_non_vulnerable_version2.3.1
Affected_by_vulnerabilities
0
url VCID-hx6d-5966-dbgx
vulnerability_id VCID-hx6d-5966-dbgx
summary 
Information Exposure
In Apache Spark it is possible for a malicious user to construct a URL pointing to a Spark cluster UI job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to execute and expose information from the user view of the Spark UI. While some browsers like recent versions of Chrome and Safari are able to block this type of attack, current versions of Firefox (and possibly others) do not.
references
0
reference_url https://lists.apache.org/thread.html/5f241d2cda21cbcb3b63e46e474cf5f50cce66927f08399f4fab0aba@%3Cdev.spark.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/5f241d2cda21cbcb3b63e46e474cf5f50cce66927f08399f4fab0aba@%3Cdev.spark.apache.org%3E
1
reference_url https://spark.apache.org/security.html#CVE-2018-8024
reference_id
reference_type
scores
url https://spark.apache.org/security.html#CVE-2018-8024
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-8024
reference_id CVE-2018-8024
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-8024
3
reference_url https://github.com/advisories/GHSA-8cw6-5qvp-q3wj
reference_id GHSA-8cw6-5qvp-q3wj
reference_type
scores
url https://github.com/advisories/GHSA-8cw6-5qvp-q3wj
fixed_packages
0
url pkg:maven/org.apache.spark/spark-core_2.11@2.2.2
purl pkg:maven/org.apache.spark/spark-core_2.11@2.2.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@2.2.2
1
url pkg:maven/org.apache.spark/spark-core_2.11@2.3.1
purl pkg:maven/org.apache.spark/spark-core_2.11@2.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@2.3.1
aliases CVE-2018-8024, GHSA-8cw6-5qvp-q3wj
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hx6d-5966-dbgx
Fixing_vulnerabilities
0
url VCID-hwy7-n4uz-ffa1
vulnerability_id VCID-hwy7-n4uz-ffa1
summary 
Cross-site Scripting
It is possible for an attacker to take advantage of a user's trust in the server to trick them into visiting a link that points to a shared Spark cluster and submits data including MHTML to the Spark master, or history server. This data, which could contain a script, would then be reflected back to the user and could be evaluated and executed by MS Windows-based clients. It is not an attack on Spark itself, but on the user, who may then execute the script inadvertently when viewing elements of the Spark web UIs.
references
0
reference_url http://www.securityfocus.com/bid/99603
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/99603
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7678
reference_id CVE-2017-7678
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-7678
2
reference_url https://github.com/advisories/GHSA-r34r-f84j-5x4x
reference_id GHSA-r34r-f84j-5x4x
reference_type
scores
url https://github.com/advisories/GHSA-r34r-f84j-5x4x
fixed_packages
0
url pkg:maven/org.apache.spark/spark-core_2.11@2.2.0
purl pkg:maven/org.apache.spark/spark-core_2.11@2.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hx6d-5966-dbgx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@2.2.0
aliases CVE-2017-7678, GHSA-r34r-f84j-5x4x
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hwy7-n4uz-ffa1
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@2.2.0