Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/ruby-rack@1.6.4-6?distro=trixie
Typedeb
Namespacedebian
Nameruby-rack
Version1.6.4-6
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.1.1-2
Latest_non_vulnerable_version3.2.6-2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-9xy8-h3y1-mubv
vulnerability_id VCID-9xy8-h3y1-mubv
summary 
Cross-site Scripting
There is a possible XSS vulnerability in Rack. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to HTTP or HTTPS and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not be impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00032.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00032.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16471.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16471.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-16471
reference_id
reference_type
scores
0
value 0.00299
scoring_system epss
scoring_elements 0.53283
published_at 2026-04-11T12:55:00Z
1
value 0.00299
scoring_system epss
scoring_elements 0.53232
published_at 2026-04-09T12:55:00Z
2
value 0.00299
scoring_system epss
scoring_elements 0.53238
published_at 2026-04-08T12:55:00Z
3
value 0.00299
scoring_system epss
scoring_elements 0.53185
published_at 2026-04-07T12:55:00Z
4
value 0.00299
scoring_system epss
scoring_elements 0.53217
published_at 2026-04-04T12:55:00Z
5
value 0.00299
scoring_system epss
scoring_elements 0.53193
published_at 2026-04-02T12:55:00Z
6
value 0.00299
scoring_system epss
scoring_elements 0.53169
published_at 2026-04-01T12:55:00Z
7
value 0.00299
scoring_system epss
scoring_elements 0.5329
published_at 2026-04-16T12:55:00Z
8
value 0.00299
scoring_system epss
scoring_elements 0.53252
published_at 2026-04-13T12:55:00Z
9
value 0.00299
scoring_system epss
scoring_elements 0.53296
published_at 2026-04-18T12:55:00Z
10
value 0.00299
scoring_system epss
scoring_elements 0.53269
published_at 2026-04-12T12:55:00Z
11
value 0.00829
scoring_system epss
scoring_elements 0.74558
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-16471
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16471
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16471
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rack/rack
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2018-16471.yml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2018-16471.yml
8
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/GKsAFT924Ag
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/GKsAFT924Ag
9
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o
10
reference_url https://lists.debian.org/debian-lts-announce/2018/11/msg00022.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/11/msg00022.html
11
reference_url https://usn.ubuntu.com/4089-1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4089-1
12
reference_url https://usn.ubuntu.com/4089-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4089-1/
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1646818
reference_id 1646818
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1646818
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913005
reference_id 913005
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913005
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-16471
reference_id CVE-2018-16471
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-16471
16
reference_url https://github.com/advisories/GHSA-5r2p-j47h-mhpg
reference_id GHSA-5r2p-j47h-mhpg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5r2p-j47h-mhpg
fixed_packages
0
url pkg:deb/debian/ruby-rack@1.6.4-6?distro=trixie
purl pkg:deb/debian/ruby-rack@1.6.4-6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@1.6.4-6%3Fdistro=trixie
1
url pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/ruby-rack@2.1.4-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.1.4-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/ruby-rack@2.2.20-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@2.2.20-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie
purl pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/ruby-rack@3.1.18-1?distro=trixie
purl pkg:deb/debian/ruby-rack@3.1.18-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9rpp-9xss-duf6
1
vulnerability VCID-skxv-7he3-xqgc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.1.18-1%3Fdistro=trixie
5
url pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie
purl pkg:deb/debian/ruby-rack@3.2.5-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j61-5e8x-7fbd
1
vulnerability VCID-2p73-rc9t-rudb
2
vulnerability VCID-2qba-a6bp-ryak
3
vulnerability VCID-5twm-pqc2-xyfn
4
vulnerability VCID-dh75-6jyw-1ke2
5
vulnerability VCID-j34j-bgfd-8fez
6
vulnerability VCID-jg77-mm5c-gydu
7
vulnerability VCID-m98a-mcyb-c7fm
8
vulnerability VCID-metf-cghw-p3b5
9
vulnerability VCID-p3dk-p1gb-kkem
10
vulnerability VCID-pbu7-4hdm-s3a6
11
vulnerability VCID-pnz8-yes1-pfc7
12
vulnerability VCID-wvs1-dhwp-ebat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.5-2%3Fdistro=trixie
6
url pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie
purl pkg:deb/debian/ruby-rack@3.2.6-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@3.2.6-2%3Fdistro=trixie
aliases CVE-2018-16471, GHSA-5r2p-j47h-mhpg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9xy8-h3y1-mubv
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-rack@1.6.4-6%3Fdistro=trixie