Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-46c6-rxp8-83eh
Summary
Improper Input Validation
In Apache Kafka it is possible to manually craft a Produce request which bypasses transaction/idempotent ACL validation.
Aliases
0
alias CVE-2018-17196
1
alias GHSA-47w3-66wq-cpxg
Fixed_packages
0
url pkg:maven/org.apache.kafka/kafka@2.1.1
purl pkg:maven/org.apache.kafka/kafka@2.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-54g2-u5g6-x7gr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka@2.1.1
Affected_packages
0
url pkg:maven/org.apache.kafka/kafka@0.11.0.0
purl pkg:maven/org.apache.kafka/kafka@0.11.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-46c6-rxp8-83eh
1
vulnerability VCID-ydc4-by57-bkbm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka@0.11.0.0
1
url pkg:maven/org.apache.kafka/kafka@2.1.0
purl pkg:maven/org.apache.kafka/kafka@2.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-46c6-rxp8-83eh
1
vulnerability VCID-54g2-u5g6-x7gr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka@2.1.0
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17196.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17196.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-17196
reference_id
reference_type
scores
0
value 0.00373
scoring_system epss
scoring_elements 0.5906
published_at 2026-04-26T12:55:00Z
1
value 0.00381
scoring_system epss
scoring_elements 0.59537
published_at 2026-04-12T12:55:00Z
2
value 0.00381
scoring_system epss
scoring_elements 0.59513
published_at 2026-04-24T12:55:00Z
3
value 0.00381
scoring_system epss
scoring_elements 0.59539
published_at 2026-04-21T12:55:00Z
4
value 0.00381
scoring_system epss
scoring_elements 0.59559
published_at 2026-04-18T12:55:00Z
5
value 0.00381
scoring_system epss
scoring_elements 0.59552
published_at 2026-04-16T12:55:00Z
6
value 0.00381
scoring_system epss
scoring_elements 0.59518
published_at 2026-04-13T12:55:00Z
7
value 0.00381
scoring_system epss
scoring_elements 0.59407
published_at 2026-04-01T12:55:00Z
8
value 0.00381
scoring_system epss
scoring_elements 0.59479
published_at 2026-04-02T12:55:00Z
9
value 0.00381
scoring_system epss
scoring_elements 0.59504
published_at 2026-04-04T12:55:00Z
10
value 0.00381
scoring_system epss
scoring_elements 0.59471
published_at 2026-04-07T12:55:00Z
11
value 0.00381
scoring_system epss
scoring_elements 0.59522
published_at 2026-04-08T12:55:00Z
12
value 0.00381
scoring_system epss
scoring_elements 0.59534
published_at 2026-04-09T12:55:00Z
13
value 0.00381
scoring_system epss
scoring_elements 0.59553
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-17196
2
reference_url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
3
reference_url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/d1581fb6464c9bec8a72575c01f5097d68e2fbb230aff24622622a58@%3Ccommits.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/d1581fb6464c9bec8a72575c01f5097d68e2fbb230aff24622622a58@%3Ccommits.kafka.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r8890b8f18f1de821595792b58b968a89692a255bc20d86d395270740@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8890b8f18f1de821595792b58b968a89692a255bc20d86d395270740@%3Ccommits.druid.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/rc27d424d0bdeaf31081c3e246db3c66e882243ae3f342dfa845e0261@%3Ccommits.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc27d424d0bdeaf31081c3e246db3c66e882243ae3f342dfa845e0261@%3Ccommits.kafka.apache.org%3E
8
reference_url https://www.mail-archive.com/dev@kafka.apache.org/msg99277.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.mail-archive.com/dev@kafka.apache.org/msg99277.html
9
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2020.html
10
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
11
reference_url http://www.securityfocus.com/bid/109139
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/109139
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1732309
reference_id 1732309
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1732309
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-17196
reference_id CVE-2018-17196
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-17196
14
reference_url https://github.com/advisories/GHSA-47w3-66wq-cpxg
reference_id GHSA-47w3-66wq-cpxg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-47w3-66wq-cpxg
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 20
name Improper Input Validation
description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Exploits
Severity_range_score7.0 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-46c6-rxp8-83eh