Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.karaf/apache-karaf@4.0.8
Typemaven
Namespaceorg.apache.karaf
Nameapache-karaf
Version4.0.8
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.2.3
Latest_non_vulnerable_version4.3.6
Affected_by_vulnerabilities
0
url VCID-gq9d-gg4k-ebhd
vulnerability_id VCID-gq9d-gg4k-ebhd
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11786
reference_id
reference_type
scores
0
value 0.00755
scoring_system epss
scoring_elements 0.73551
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11786
1
reference_url https://github.com/apache/karaf/commit/24fb477ea886e8f294dedbad98d2a2c4cb2a44f9
reference_id
reference_type
scores
url https://github.com/apache/karaf/commit/24fb477ea886e8f294dedbad98d2a2c4cb2a44f9
2
reference_url https://issues.apache.org/jira/browse/KARAF-5427
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/KARAF-5427
3
reference_url https://lists.apache.org/thread.html/5b7ac762c6bbe77ac5d9389f093fc6dbf196c36d788e3d7629e6c1d9@%3Cdev.karaf.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/5b7ac762c6bbe77ac5d9389f093fc6dbf196c36d788e3d7629e6c1d9@%3Cdev.karaf.apache.org%3E
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11786
reference_id CVE-2018-11786
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11786
5
reference_url http://karaf.apache.org/security/cve-2018-11786.txt
reference_id CVE-2018-11786.TXT
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://karaf.apache.org/security/cve-2018-11786.txt
6
reference_url https://github.com/advisories/GHSA-9448-c9wq-jg9v
reference_id GHSA-9448-c9wq-jg9v
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-9448-c9wq-jg9v
fixed_packages
0
url pkg:maven/org.apache.karaf/apache-karaf@4.2.0
purl pkg:maven/org.apache.karaf/apache-karaf@4.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vs7q-k273-4bcb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.karaf/apache-karaf@4.2.0
aliases CVE-2018-11786, GHSA-9448-c9wq-jg9v
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gq9d-gg4k-ebhd
1
url VCID-hf1y-5953-bkhc
vulnerability_id VCID-hf1y-5953-bkhc
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11787
reference_id
reference_type
scores
0
value 0.00661
scoring_system epss
scoring_elements 0.71487
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11787
1
reference_url https://github.com/apache/karaf/commit/434e52502528e91e20d2f87cec7732f1e6e554c
reference_id
reference_type
scores
url https://github.com/apache/karaf/commit/434e52502528e91e20d2f87cec7732f1e6e554c
2
reference_url https://github.com/apache/karaf/commit/cfa213ad680ded70b70bf0c648891a06386ef63
reference_id
reference_type
scores
url https://github.com/apache/karaf/commit/cfa213ad680ded70b70bf0c648891a06386ef63
3
reference_url https://issues.apache.org/jira/browse/KARAF-4993
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/KARAF-4993
4
reference_url https://lists.apache.org/thread.html/d9ba4c3104ba32225646879a057b75b54430f349c246c85469037d3c@%3Cdev.karaf.apache.org%3E
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/d9ba4c3104ba32225646879a057b75b54430f349c246c85469037d3c@%3Cdev.karaf.apache.org%3E
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11787
reference_id CVE-2018-11787
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11787
6
reference_url http://karaf.apache.org/security/cve-2018-11787.txt
reference_id CVE-2018-11787.TXT
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://karaf.apache.org/security/cve-2018-11787.txt
7
reference_url https://github.com/advisories/GHSA-cq9c-55r7-455x
reference_id GHSA-cq9c-55r7-455x
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-cq9c-55r7-455x
fixed_packages
0
url pkg:maven/org.apache.karaf/apache-karaf@4.0.9
purl pkg:maven/org.apache.karaf/apache-karaf@4.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gq9d-gg4k-ebhd
1
vulnerability VCID-vs7q-k273-4bcb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.karaf/apache-karaf@4.0.9
1
url pkg:maven/org.apache.karaf/apache-karaf@4.1.1
purl pkg:maven/org.apache.karaf/apache-karaf@4.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gq9d-gg4k-ebhd
1
vulnerability VCID-vs7q-k273-4bcb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.karaf/apache-karaf@4.1.1
aliases CVE-2018-11787, GHSA-cq9c-55r7-455x
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hf1y-5953-bkhc
2
url VCID-vs7q-k273-4bcb
vulnerability_id VCID-vs7q-k273-4bcb
summary 
Path Traversal
Apache Karaf kar deployer reads `.kar` archives and extracts the paths from the `repository/` and `resources/` entries in the zip file. It then writes out the content of these paths to the Karaf repo and resources directories. However, it does not do any validation on the paths in the zip file. This means that a malicious user could craft a .kar file with `..` directory names and break out of the directories to write arbitrary content to the filesystem.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-0191
reference_id
reference_type
scores
0
value 0.03628
scoring_system epss
scoring_elements 0.8802
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-0191
1
reference_url https://lists.apache.org/thread.html/6856aa7ed7dd805eaf65d0e5e95027dda3b2307aacd1ab4a838c5cd1@%3Cuser.karaf.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/6856aa7ed7dd805eaf65d0e5e95027dda3b2307aacd1ab4a838c5cd1@%3Cuser.karaf.apache.org%3E
2
reference_url https://lists.apache.org/thread.html/cef9a2d4b547625e5214684283ac5c59c9d9740e092e777dc3f85070@%3Ccommits.karaf.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/cef9a2d4b547625e5214684283ac5c59c9d9740e092e777dc3f85070@%3Ccommits.karaf.apache.org%3E
3
reference_url http://www.securityfocus.com/bid/107462
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/107462
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-0191
reference_id CVE-2019-0191
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-0191
5
reference_url https://github.com/advisories/GHSA-869j-5855-hjpm
reference_id GHSA-869j-5855-hjpm
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-869j-5855-hjpm
fixed_packages
0
url pkg:maven/org.apache.karaf/apache-karaf@4.2.3
purl pkg:maven/org.apache.karaf/apache-karaf@4.2.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.karaf/apache-karaf@4.2.3
aliases CVE-2019-0191, GHSA-869j-5855-hjpm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vs7q-k273-4bcb
Fixing_vulnerabilities
0
url VCID-3ej5-j7eg-2ffc
vulnerability_id VCID-3ej5-j7eg-2ffc
summary 
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. However, it did not encoding usernames properly and hence was vulnerable to LDAP injection attacks leading to a denial of service.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:1322
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1322
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-8750
reference_id
reference_type
scores
0
value 0.0151
scoring_system epss
scoring_elements 0.81497
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-8750
2
reference_url http://www.securityfocus.com/bid/103098
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/103098
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-8750
reference_id CVE-2016-8750
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-8750
4
reference_url https://karaf.apache.org/security/cve-2016-8750.txt
reference_id CVE-2016-8750.TXT
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://karaf.apache.org/security/cve-2016-8750.txt
5
reference_url https://github.com/advisories/GHSA-chj8-5xgw-wcvj
reference_id GHSA-chj8-5xgw-wcvj
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-chj8-5xgw-wcvj
fixed_packages
0
url pkg:maven/org.apache.karaf/apache-karaf@4.0.8
purl pkg:maven/org.apache.karaf/apache-karaf@4.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gq9d-gg4k-ebhd
1
vulnerability VCID-hf1y-5953-bkhc
2
vulnerability VCID-vs7q-k273-4bcb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.karaf/apache-karaf@4.0.8
aliases CVE-2016-8750, GHSA-chj8-5xgw-wcvj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3ej5-j7eg-2ffc
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.karaf/apache-karaf@4.0.8