Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M3
Typemaven
Namespaceorg.apache.jspwiki
Namejspwiki-war
Version2.11.0.M3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.11.0.M4
Latest_non_vulnerable_version2.12.0
Affected_by_vulnerabilities
0
url VCID-7ckf-bdvx-qkh9
vulnerability_id VCID-7ckf-bdvx-qkh9
summary 
Cross-site Scripting
A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki which could lead to session hijacking. Initial reporting indicated `ReferredPagesPlugin`, but further analysis showed that multiple plugins were vulnerable.
references
0
reference_url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10078
reference_id
reference_type
scores
url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10078
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10078
reference_id CVE-2019-10078
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-10078
2
reference_url https://github.com/advisories/GHSA-hp5r-mhgp-56c9
reference_id GHSA-hp5r-mhgp-56c9
reference_type
scores
url https://github.com/advisories/GHSA-hp5r-mhgp-56c9
fixed_packages
0
url pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M4
purl pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M4
aliases CVE-2019-10078, GHSA-hp5r-mhgp-56c9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ckf-bdvx-qkh9
1
url VCID-s4g3-2p5v-v3dn
vulnerability_id VCID-s4g3-2p5v-v3dn
summary 
Cross-site Scripting
A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki, which could lead to session hijacking.
references
0
reference_url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10077
reference_id
reference_type
scores
url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10077
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10077
reference_id CVE-2019-10077
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-10077
2
reference_url https://github.com/advisories/GHSA-cj6j-32rg-45r2
reference_id GHSA-cj6j-32rg-45r2
reference_type
scores
url https://github.com/advisories/GHSA-cj6j-32rg-45r2
fixed_packages
0
url pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M4
purl pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M4
aliases CVE-2019-10077, GHSA-cj6j-32rg-45r2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s4g3-2p5v-v3dn
Fixing_vulnerabilities
0
url VCID-qgwr-kdx8-83f3
vulnerability_id VCID-qgwr-kdx8-83f3
summary 
Path Traversal
A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki which could be used by an attacker to obtain registered users' details.
references
0
reference_url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0225
reference_id
reference_type
scores
url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0225
1
reference_url http://www.securityfocus.com/bid/107627
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/107627
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-0225
reference_id CVE-2019-0225
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-0225
fixed_packages
0
url pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M3
purl pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7ckf-bdvx-qkh9
1
vulnerability VCID-s4g3-2p5v-v3dn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M3
aliases CVE-2019-0225
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qgwr-kdx8-83f3
1
url VCID-v4jt-qkhw-pqbg
vulnerability_id VCID-v4jt-qkhw-pqbg
summary 
Cross-site Scripting
In Apache JSPWiki, a carefully crafted URL could execute javascript on another user's session. No information could be saved on the server or jspwiki database, nor would an attacker be able to execute js on someone else's browser; only on its own browser.
references
0
reference_url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0224
reference_id
reference_type
scores
url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0224
1
reference_url https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16@%3Ccommits.jspwiki.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16@%3Ccommits.jspwiki.apache.org%3E
2
reference_url https://lists.apache.org/thread.html/b4b4992a93d899050c1117a07c3c7fc9a175ec0672ab97065228de67@%3Cdev.jspwiki.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/b4b4992a93d899050c1117a07c3c7fc9a175ec0672ab97065228de67@%3Cdev.jspwiki.apache.org%3E
3
reference_url https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1@%3Ccommits.jspwiki.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1@%3Ccommits.jspwiki.apache.org%3E
4
reference_url http://www.securityfocus.com/bid/107631
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/107631
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-0224
reference_id CVE-2019-0224
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-0224
6
reference_url https://github.com/advisories/GHSA-fmpq-w5q6-9vf9
reference_id GHSA-fmpq-w5q6-9vf9
reference_type
scores
url https://github.com/advisories/GHSA-fmpq-w5q6-9vf9
fixed_packages
0
url pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M3
purl pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7ckf-bdvx-qkh9
1
vulnerability VCID-s4g3-2p5v-v3dn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M3
aliases CVE-2019-0224, GHSA-fmpq-w5q6-9vf9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v4jt-qkhw-pqbg
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M3