Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/libspring-java@4.3.21-1?distro=trixie
Typedeb
Namespacedebian
Namelibspring-java
Version4.3.21-1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version4.3.30-1
Latest_non_vulnerable_version4.3.30-4
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-pht6-8af8-b3f2
vulnerability_id VCID-pht6-8af8-b3f2
summary Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15756.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15756.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-15756
reference_id
reference_type
scores
0
value 0.18104
scoring_system epss
scoring_elements 0.95192
published_at 2026-04-21T12:55:00Z
1
value 0.18104
scoring_system epss
scoring_elements 0.95191
published_at 2026-04-18T12:55:00Z
2
value 0.18104
scoring_system epss
scoring_elements 0.95187
published_at 2026-04-16T12:55:00Z
3
value 0.18104
scoring_system epss
scoring_elements 0.95179
published_at 2026-04-13T12:55:00Z
4
value 0.18104
scoring_system epss
scoring_elements 0.95177
published_at 2026-04-12T12:55:00Z
5
value 0.18104
scoring_system epss
scoring_elements 0.95176
published_at 2026-04-11T12:55:00Z
6
value 0.18104
scoring_system epss
scoring_elements 0.95166
published_at 2026-04-08T12:55:00Z
7
value 0.18104
scoring_system epss
scoring_elements 0.95158
published_at 2026-04-07T12:55:00Z
8
value 0.18104
scoring_system epss
scoring_elements 0.95156
published_at 2026-04-04T12:55:00Z
9
value 0.18104
scoring_system epss
scoring_elements 0.95154
published_at 2026-04-02T12:55:00Z
10
value 0.18104
scoring_system epss
scoring_elements 0.95144
published_at 2026-04-01T12:55:00Z
11
value 0.18104
scoring_system epss
scoring_elements 0.9517
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-15756
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15756
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15756
3
reference_url https://github.com/spring-projects/spring-framework
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework
4
reference_url https://github.com/spring-projects/spring-framework/commit/044772641d12b9281185f6cf50f8485b8747132
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-framework/commit/044772641d12b9281185f6cf50f8485b8747132
5
reference_url https://github.com/spring-projects/spring-framework/commit/423aa28ed584b4ff6e5bad218c09beef5e91951
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-framework/commit/423aa28ed584b4ff6e5bad218c09beef5e91951
6
reference_url https://github.com/spring-projects/spring-framework/commit/c8e320019ffe7298fc4cbeeb194b2bfd6389b6d
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-framework/commit/c8e320019ffe7298fc4cbeeb194b2bfd6389b6d
7
reference_url https://lists.apache.org/thread.html/339fd112517e4873695b5115b96acdddbfc8f83b10598528d37c7d12@%3Cissues.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/339fd112517e4873695b5115b96acdddbfc8f83b10598528d37c7d12@%3Cissues.activemq.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/77886fec378ee6064debb1efb6b464a4a0173b2ff0d151ed86d3a228@%3Cissues.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/77886fec378ee6064debb1efb6b464a4a0173b2ff0d151ed86d3a228@%3Cissues.activemq.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/7b156ee50ba3ecce87b33c06bf7a749d84ffee55e69bfb5eca88fcc3@%3Cissues.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/7b156ee50ba3ecce87b33c06bf7a749d84ffee55e69bfb5eca88fcc3@%3Cissues.activemq.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/8a1fe70534fc52ff5c9db5ac29c55657f802cbefd7e9d9850c7052bd@%3Cissues.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/8a1fe70534fc52ff5c9db5ac29c55657f802cbefd7e9d9850c7052bd@%3Cissues.activemq.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/a3071e11c6fbd593022074ec1b4693f6d948c2b02cfa4a5d854aed68@%3Cissues.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/a3071e11c6fbd593022074ec1b4693f6d948c2b02cfa4a5d854aed68@%3Cissues.activemq.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/bb354962cb51fff65740d5fb1bc2aac56af577c06244b57c36f98e4d@%3Cissues.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/bb354962cb51fff65740d5fb1bc2aac56af577c06244b57c36f98e4d@%3Cissues.activemq.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/d6a84f52db89804b0ad965f3ea2b24bb880edee29107a1c5069cc3dd@%3Cissues.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/d6a84f52db89804b0ad965f3ea2b24bb880edee29107a1c5069cc3dd@%3Cissues.activemq.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/efaa52b0aa67aae7cbd9e6ef96945387e422d7ce0e65434570a37b1d@%3Cissues.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/efaa52b0aa67aae7cbd9e6ef96945387e422d7ce0e65434570a37b1d@%3Cissues.activemq.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/f8905507a2c94af6b08b72d7be0c4b8c6660e585f00abfafeccc86bc@%3Cissues.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/f8905507a2c94af6b08b72d7be0c4b8c6660e585f00abfafeccc86bc@%3Cissues.activemq.apache.org%3E
16
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html
17
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2020.html
18
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2020.html
19
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2021.html
20
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2020.html
21
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
22
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
23
reference_url https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
24
reference_url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
25
reference_url https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
26
reference_url http://www.securityfocus.com/bid/105703
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/105703
27
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1643043
reference_id 1643043
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1643043
28
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911786
reference_id 911786
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911786
29
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-15756
reference_id CVE-2018-15756
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-15756
30
reference_url https://pivotal.io/security/cve-2018-15756
reference_id CVE-2018-15756
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pivotal.io/security/cve-2018-15756
31
reference_url https://github.com/advisories/GHSA-ffvq-7w96-97p7
reference_id GHSA-ffvq-7w96-97p7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ffvq-7w96-97p7
32
reference_url https://access.redhat.com/errata/RHSA-2020:0983
reference_id RHSA-2020:0983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0983
33
reference_url https://access.redhat.com/errata/RHSA-2020:3133
reference_id RHSA-2020:3133
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3133
fixed_packages
0
url pkg:deb/debian/libspring-java@4.3.21-1?distro=trixie
purl pkg:deb/debian/libspring-java@4.3.21-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.21-1%3Fdistro=trixie
1
url pkg:deb/debian/libspring-java@4.3.30-1?distro=trixie
purl pkg:deb/debian/libspring-java@4.3.30-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.30-1%3Fdistro=trixie
2
url pkg:deb/debian/libspring-java@4.3.30-2?distro=trixie
purl pkg:deb/debian/libspring-java@4.3.30-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.30-2%3Fdistro=trixie
3
url pkg:deb/debian/libspring-java@4.3.30-3?distro=trixie
purl pkg:deb/debian/libspring-java@4.3.30-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.30-3%3Fdistro=trixie
4
url pkg:deb/debian/libspring-java@4.3.30-4?distro=trixie
purl pkg:deb/debian/libspring-java@4.3.30-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.30-4%3Fdistro=trixie
aliases CVE-2018-15756, GHSA-ffvq-7w96-97p7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pht6-8af8-b3f2
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.21-1%3Fdistro=trixie