Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.jenkins-ci.main/jenkins-core@2.95
Typemaven
Namespaceorg.jenkins-ci.main
Namejenkins-core
Version2.95
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.107
Latest_non_vulnerable_version2.551
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-ct8a-8yu6-jqdb
vulnerability_id VCID-ct8a-8yu6-jqdb
summary A race condition during Jenkins startup could result in the wrong order of execution of commands during initialization. There is a very short window of time after startup during which Jenkins may no longer show the "Please wait while Jenkins is getting ready to work" message but Cross-Site Request Forgery (CSRF) protection may not yet be effective.
references
0
reference_url https://jenkins.io/security/advisory/2017-12-14/
reference_id
reference_type
scores
url https://jenkins.io/security/advisory/2017-12-14/
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-1000504
reference_id CVE-2017-1000504
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-1000504
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.95
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.95
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.95
aliases CVE-2017-1000504
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ct8a-8yu6-jqdb
1
url VCID-g4wk-zehn-9bc5
vulnerability_id VCID-g4wk-zehn-9bc5
summary 
Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)
A race condition during Jenkins startup could result in the wrong order of execution of commands during initialization. This could in rare cases result in failure to initialize the setup wizard on the first startup. This resulted in multiple security-related settings not being set to their usual strict default.
references
0
reference_url https://jenkins.io/security/advisory/2017-12-14/
reference_id
reference_type
scores
url https://jenkins.io/security/advisory/2017-12-14/
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-1000503
reference_id CVE-2017-1000503
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-1000503
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.95
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.95
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.95
aliases CVE-2017-1000503
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g4wk-zehn-9bc5
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.95