Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-mqcm-hd3y-cka5

Summary

Aliases

alias	CVE-2018-1199

alias	GHSA-v596-fwhq-8x48

Fixed_packages

url	pkg:maven/org.springframework/spring-core@4.3.14
purl	pkg:maven/org.springframework/spring-core@4.3.14
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.3.14

url	pkg:maven/org.springframework/spring-core@5.0.3
purl	pkg:maven/org.springframework/spring-core@5.0.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.0.3

url	pkg:maven/org.springframework.security/spring-security-core@4.1.5
purl	pkg:maven/org.springframework.security/spring-security-core@4.1.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.1.5

url	pkg:maven/org.springframework.security/spring-security-core@4.1.5.RELEASE
purl	pkg:maven/org.springframework.security/spring-security-core@4.1.5.RELEASE
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.1.5.RELEASE

url	pkg:maven/org.springframework.security/spring-security-core@4.2.4
purl	pkg:maven/org.springframework.security/spring-security-core@4.2.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.2.4

url	pkg:maven/org.springframework.security/spring-security-core@4.2.4.RELEASE
purl	pkg:maven/org.springframework.security/spring-security-core@4.2.4.RELEASE
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.2.4.RELEASE

url	pkg:maven/org.springframework.security/spring-security-core@5.0.1
purl	pkg:maven/org.springframework.security/spring-security-core@5.0.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.0.1

url	pkg:maven/org.springframework.security/spring-security-core@5.0.1.RELEASE
purl	pkg:maven/org.springframework.security/spring-security-core@5.0.1.RELEASE
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.0.1.RELEASE

Affected_packages

url pkg:maven/org.springframework/spring-core@4.3.0

purl pkg:maven/org.springframework/spring-core@4.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dr9b-x5uc-4kc7

vulnerability	VCID-mqcm-hd3y-cka5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.3.0

url pkg:maven/org.springframework/spring-core@4.3.13

purl pkg:maven/org.springframework/spring-core@4.3.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-mqcm-hd3y-cka5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.3.13

url pkg:maven/org.springframework/spring-core@5.0.0

purl pkg:maven/org.springframework/spring-core@5.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3ru4-wc5w-dkfc

vulnerability	VCID-m19t-7ga6-7fes

vulnerability	VCID-mqcm-hd3y-cka5

vulnerability	VCID-q4a6-q8e8-4bdx

vulnerability	VCID-rg5c-bu77-bkha

vulnerability	VCID-yp5s-v1fw-tybv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.0.0

url pkg:maven/org.springframework/spring-core@5.0.2

purl pkg:maven/org.springframework/spring-core@5.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-mqcm-hd3y-cka5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.0.2

url pkg:maven/org.springframework.security/spring-security-core@4.1.0

purl pkg:maven/org.springframework.security/spring-security-core@4.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-mqcm-hd3y-cka5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.1.0

url pkg:maven/org.springframework.security/spring-security-core@4.1.0.RELEASE

purl pkg:maven/org.springframework.security/spring-security-core@4.1.0.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-mqcm-hd3y-cka5

vulnerability	VCID-z75k-8ntp-bqh9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.1.0.RELEASE

url pkg:maven/org.springframework.security/spring-security-core@4.1.4.RELEASE

purl pkg:maven/org.springframework.security/spring-security-core@4.1.4.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-mqcm-hd3y-cka5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.1.4.RELEASE

url pkg:maven/org.springframework.security/spring-security-core@4.2.0

purl pkg:maven/org.springframework.security/spring-security-core@4.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-mqcm-hd3y-cka5

vulnerability	VCID-rg5c-bu77-bkha

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.2.0

url pkg:maven/org.springframework.security/spring-security-core@4.2.0.RELEASE

purl pkg:maven/org.springframework.security/spring-security-core@4.2.0.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-mqcm-hd3y-cka5

vulnerability	VCID-p649-29wu-syh9

vulnerability	VCID-rg5c-bu77-bkha

vulnerability	VCID-yv65-r27g-qkdv

vulnerability	VCID-z6n9-bp24-vkgh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.2.0.RELEASE

url pkg:maven/org.springframework.security/spring-security-core@4.2.3.RELEASE

purl pkg:maven/org.springframework.security/spring-security-core@4.2.3.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-mqcm-hd3y-cka5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.2.3.RELEASE

url pkg:maven/org.springframework.security/spring-security-core@5.0.0

purl pkg:maven/org.springframework.security/spring-security-core@5.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jfxp-d5zq-3kez

vulnerability	VCID-mqcm-hd3y-cka5

vulnerability	VCID-rg5c-bu77-bkha

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.0.0

url pkg:maven/org.springframework.security/spring-security-core@5.0.0.RELEASE

purl pkg:maven/org.springframework.security/spring-security-core@5.0.0.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-mqcm-hd3y-cka5

vulnerability	VCID-rg5c-bu77-bkha

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.0.0.RELEASE

References

reference_url	https://access.redhat.com/errata/RHSA-2018:2405
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:2405

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1199

reference_id

reference_type

scores

value	0.00846
scoring_system	epss
scoring_elements	0.75134
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1199

reference_url	https://github.com/spring-projects/spring-framework/commit/554662ebab87af97ba25d0c9f5449c7acda8df9c
reference_id
reference_type
scores
url	https://github.com/spring-projects/spring-framework/commit/554662ebab87af97ba25d0c9f5449c7acda8df9c

reference_url	https://github.com/spring-projects/spring-framework/commit/73a81f98d40eb6f5faa91aceb868db53fae2a94b
reference_id
reference_type
scores
url	https://github.com/spring-projects/spring-framework/commit/73a81f98d40eb6f5faa91aceb868db53fae2a94b

reference_url	https://github.com/spring-projects/spring-framework/commit/e6e6b8f4adcad99d133de97fcfac5ae5dd14153c
reference_id
reference_type
scores
url	https://github.com/spring-projects/spring-framework/commit/e6e6b8f4adcad99d133de97fcfac5ae5dd14153c

reference_url	https://github.com/spring-projects/spring-security/commit/0eef5b4b425ab42b9fa0fde1a3f36a37b92558f
reference_id
reference_type
scores
url	https://github.com/spring-projects/spring-security/commit/0eef5b4b425ab42b9fa0fde1a3f36a37b92558f

reference_url	https://github.com/spring-projects/spring-security/commit/65da28e4bf62f58fb130ba727cbbd621b44a36d
reference_id
reference_type
scores
url	https://github.com/spring-projects/spring-security/commit/65da28e4bf62f58fb130ba727cbbd621b44a36d

reference_url	https://github.com/spring-projects/spring-security/commit/cb8041ba67635edafcc934498ef82707157fd22
reference_id
reference_type
scores
url	https://github.com/spring-projects/spring-security/commit/cb8041ba67635edafcc934498ef82707157fd22

reference_url	https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe@%3Cissues.activemq.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe@%3Cissues.activemq.apache.org%3E

reference_url	https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c@%3Cissues.activemq.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c@%3Cissues.activemq.apache.org%3E

reference_url	https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3Cissues.activemq.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3Cissues.activemq.apache.org%3E

reference_url	https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpujul2020.html

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-1199
reference_id	CVE-2018-1199
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-1199

reference_url	https://pivotal.io/security/cve-2018-1199
reference_id	CVE-2018-1199
reference_type
scores
url	https://pivotal.io/security/cve-2018-1199

reference_url

https://github.com/advisories/GHSA-v596-fwhq-8x48

reference_id

GHSA-v596-fwhq-8x48

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v596-fwhq-8x48

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	20
name	Improper Input Validation
description	The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mqcm-hd3y-cka5

Vulnerability Instance