Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.springframework/spring-core@4.3.14

Type maven

Namespace org.springframework

Name spring-core

Version 4.3.14

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 4.3.15

Latest_non_vulnerable_version 6.2.11

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-h4kj-zdr8-wbdr

vulnerability_id VCID-h4kj-zdr8-wbdr

summary

Improper Input Validation
Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for `getPathInfo()` and some do not. Spring Security uses the value returned by `getPathInfo()` as part of the process of mapping requests to security constraints. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed.

references

reference_url

https://access.redhat.com/errata/RHSA-2018:2405

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:2405

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1199.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1199.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1199

reference_id

reference_type

scores

value	0.00846
scoring_system	epss
scoring_elements	0.75179
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1199

reference_url

https://github.com/advisories/GHSA-v596-fwhq-8x48

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-v596-fwhq-8x48

reference_url

https://github.com/spring-projects/spring-framework/commit/554662ebab87af97ba25d0c9f5449c7acda8df9c

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/554662ebab87af97ba25d0c9f5449c7acda8df9c

reference_url

https://github.com/spring-projects/spring-framework/commit/73a81f98d40eb6f5faa91aceb868db53fae2a94b

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/73a81f98d40eb6f5faa91aceb868db53fae2a94b

reference_url

https://github.com/spring-projects/spring-framework/commit/e6e6b8f4adcad99d133de97fcfac5ae5dd14153c

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-framework/commit/e6e6b8f4adcad99d133de97fcfac5ae5dd14153c

reference_url

https://github.com/spring-projects/spring-security/commit/0eef5b4b425ab42b9fa0fde1a3f36a37b92558f

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-security/commit/0eef5b4b425ab42b9fa0fde1a3f36a37b92558f

reference_url

https://github.com/spring-projects/spring-security/commit/65da28e4bf62f58fb130ba727cbbd621b44a36d

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-security/commit/65da28e4bf62f58fb130ba727cbbd621b44a36d

reference_url

https://github.com/spring-projects/spring-security/commit/cb8041ba67635edafcc934498ef82707157fd22

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-security/commit/cb8041ba67635edafcc934498ef82707157fd22

reference_url

https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe@%3Cissues.activemq.apache.org%3E

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe@%3Cissues.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c@%3Cissues.activemq.apache.org%3E

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c@%3Cissues.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3Cissues.activemq.apache.org%3E

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3Cissues.activemq.apache.org%3E

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1540030
reference_id	1540030
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1540030

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890001
reference_id	890001
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890001

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1199

reference_id

CVE-2018-1199

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1199

reference_url

https://pivotal.io/security/cve-2018-1199

reference_id

CVE-2018-1199

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://pivotal.io/security/cve-2018-1199

fixed_packages

url pkg:maven/org.springframework/spring-core@4.3.13.RELEASE

purl pkg:maven/org.springframework/spring-core@4.3.13.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2327-21sr-mfgx

vulnerability	VCID-72ga-q9u7-sfav

vulnerability	VCID-fra1-reqm-kfdb

vulnerability	VCID-h4kj-zdr8-wbdr

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.3.13.RELEASE

url	pkg:maven/org.springframework/spring-core@4.3.14
purl	pkg:maven/org.springframework/spring-core@4.3.14
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.3.14

url pkg:maven/org.springframework/spring-core@4.3.14.RELEASE

purl pkg:maven/org.springframework/spring-core@4.3.14.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2327-21sr-mfgx

vulnerability	VCID-72ga-q9u7-sfav

vulnerability	VCID-fra1-reqm-kfdb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.3.14.RELEASE

url pkg:maven/org.springframework/spring-core@5.0.2.RELEASE

purl pkg:maven/org.springframework/spring-core@5.0.2.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2327-21sr-mfgx

vulnerability	VCID-3p1k-4ges-1fev

vulnerability	VCID-72ga-q9u7-sfav

vulnerability	VCID-fra1-reqm-kfdb

vulnerability	VCID-h4kj-zdr8-wbdr

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.0.2.RELEASE

url	pkg:maven/org.springframework/spring-core@5.0.3
purl	pkg:maven/org.springframework/spring-core@5.0.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.0.3

url pkg:maven/org.springframework/spring-core@5.0.3.RELEASE

purl pkg:maven/org.springframework/spring-core@5.0.3.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2327-21sr-mfgx

vulnerability	VCID-3p1k-4ges-1fev

vulnerability	VCID-72ga-q9u7-sfav

vulnerability	VCID-fra1-reqm-kfdb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.0.3.RELEASE

aliases CVE-2018-1199, GHSA-v596-fwhq-8x48

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h4kj-zdr8-wbdr

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.3.14

Package Instance