Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-p84k-d4tc-3fhv

Summary

Path Traversal
A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki which could be used by an attacker to obtain registered users' details.

Aliases

alias	CVE-2019-0225

alias	GHSA-pffw-p2q5-w6vh

Fixed_packages

url pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M3

purl pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5chf-z411-uygk

vulnerability	VCID-5r9e-y7dr-mqd7

vulnerability	VCID-84qw-2dwv-mba7

vulnerability	VCID-8m4d-3t48-8kex

vulnerability	VCID-8p77-dmhf-6kbf

vulnerability	VCID-9wyb-y38j-wkeu

vulnerability	VCID-e1c2-enxb-ubh5

vulnerability	VCID-fwb2-d76t-47dh

vulnerability	VCID-jwtu-3v1h-3be1

vulnerability	VCID-p2c4-2xqh-d7b2

vulnerability	VCID-pq48-q59y-bfhd

vulnerability	VCID-pq7h-qrb3-xqb8

vulnerability	VCID-q546-dm9k-9fdq

vulnerability	VCID-s2x4-8adg-87g9

vulnerability	VCID-spes-x1tu-gfef

vulnerability	VCID-wbfe-sm9a-vkh2

vulnerability	VCID-yss9-abks-xbgz

vulnerability	VCID-z47r-8zww-u7d1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M3

Affected_packages

url pkg:maven/org.apache.jspwiki/jspwiki-war@2.9.0

purl pkg:maven/org.apache.jspwiki/jspwiki-war@2.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5chf-z411-uygk

vulnerability	VCID-8p77-dmhf-6kbf

vulnerability	VCID-9wyb-y38j-wkeu

vulnerability	VCID-hpr3-f4s8-43ae

vulnerability	VCID-jwtu-3v1h-3be1

vulnerability	VCID-p84k-d4tc-3fhv

vulnerability	VCID-pq48-q59y-bfhd

vulnerability	VCID-wbfe-sm9a-vkh2

vulnerability	VCID-z47r-8zww-u7d1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.9.0

url pkg:maven/org.apache.jspwiki/jspwiki-war@2.10.0

purl pkg:maven/org.apache.jspwiki/jspwiki-war@2.10.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5chf-z411-uygk

vulnerability	VCID-5mgc-56s5-kkhz

vulnerability	VCID-5r9e-y7dr-mqd7

vulnerability	VCID-84qw-2dwv-mba7

vulnerability	VCID-8m4d-3t48-8kex

vulnerability	VCID-8p77-dmhf-6kbf

vulnerability	VCID-9wyb-y38j-wkeu

vulnerability	VCID-e1c2-enxb-ubh5

vulnerability	VCID-fwb2-d76t-47dh

vulnerability	VCID-hpr3-f4s8-43ae

vulnerability	VCID-jwtu-3v1h-3be1

vulnerability	VCID-p2c4-2xqh-d7b2

vulnerability	VCID-p84k-d4tc-3fhv

vulnerability	VCID-pq48-q59y-bfhd

vulnerability	VCID-pq7h-qrb3-xqb8

vulnerability	VCID-q546-dm9k-9fdq

vulnerability	VCID-s2x4-8adg-87g9

vulnerability	VCID-spes-x1tu-gfef

vulnerability	VCID-wbfe-sm9a-vkh2

vulnerability	VCID-yss9-abks-xbgz

vulnerability	VCID-z47r-8zww-u7d1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.10.0

url pkg:maven/org.apache.jspwiki/jspwiki-war@2.10.1

purl pkg:maven/org.apache.jspwiki/jspwiki-war@2.10.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5chf-z411-uygk

vulnerability	VCID-5mgc-56s5-kkhz

vulnerability	VCID-5r9e-y7dr-mqd7

vulnerability	VCID-84qw-2dwv-mba7

vulnerability	VCID-8m4d-3t48-8kex

vulnerability	VCID-8p77-dmhf-6kbf

vulnerability	VCID-9wyb-y38j-wkeu

vulnerability	VCID-e1c2-enxb-ubh5

vulnerability	VCID-fwb2-d76t-47dh

vulnerability	VCID-hpr3-f4s8-43ae

vulnerability	VCID-jwtu-3v1h-3be1

vulnerability	VCID-p2c4-2xqh-d7b2

vulnerability	VCID-p84k-d4tc-3fhv

vulnerability	VCID-pq48-q59y-bfhd

vulnerability	VCID-pq7h-qrb3-xqb8

vulnerability	VCID-q546-dm9k-9fdq

vulnerability	VCID-s2x4-8adg-87g9

vulnerability	VCID-spes-x1tu-gfef

vulnerability	VCID-wbfe-sm9a-vkh2

vulnerability	VCID-yss9-abks-xbgz

vulnerability	VCID-z47r-8zww-u7d1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.10.1

url pkg:maven/org.apache.jspwiki/jspwiki-war@2.10.2

purl pkg:maven/org.apache.jspwiki/jspwiki-war@2.10.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5chf-z411-uygk

vulnerability	VCID-5mgc-56s5-kkhz

vulnerability	VCID-5r9e-y7dr-mqd7

vulnerability	VCID-84qw-2dwv-mba7

vulnerability	VCID-8m4d-3t48-8kex

vulnerability	VCID-8p77-dmhf-6kbf

vulnerability	VCID-9wyb-y38j-wkeu

vulnerability	VCID-e1c2-enxb-ubh5

vulnerability	VCID-fwb2-d76t-47dh

vulnerability	VCID-hpr3-f4s8-43ae

vulnerability	VCID-jwtu-3v1h-3be1

vulnerability	VCID-p2c4-2xqh-d7b2

vulnerability	VCID-p84k-d4tc-3fhv

vulnerability	VCID-pq48-q59y-bfhd

vulnerability	VCID-pq7h-qrb3-xqb8

vulnerability	VCID-q546-dm9k-9fdq

vulnerability	VCID-s2x4-8adg-87g9

vulnerability	VCID-spes-x1tu-gfef

vulnerability	VCID-wbfe-sm9a-vkh2

vulnerability	VCID-yss9-abks-xbgz

vulnerability	VCID-z47r-8zww-u7d1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.10.2

url pkg:maven/org.apache.jspwiki/jspwiki-war@2.10.3

purl pkg:maven/org.apache.jspwiki/jspwiki-war@2.10.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5chf-z411-uygk

vulnerability	VCID-5mgc-56s5-kkhz

vulnerability	VCID-5r9e-y7dr-mqd7

vulnerability	VCID-84qw-2dwv-mba7

vulnerability	VCID-8m4d-3t48-8kex

vulnerability	VCID-8p77-dmhf-6kbf

vulnerability	VCID-9wyb-y38j-wkeu

vulnerability	VCID-e1c2-enxb-ubh5

vulnerability	VCID-fwb2-d76t-47dh

vulnerability	VCID-hpr3-f4s8-43ae

vulnerability	VCID-jwtu-3v1h-3be1

vulnerability	VCID-p2c4-2xqh-d7b2

vulnerability	VCID-p84k-d4tc-3fhv

vulnerability	VCID-pq48-q59y-bfhd

vulnerability	VCID-pq7h-qrb3-xqb8

vulnerability	VCID-q546-dm9k-9fdq

vulnerability	VCID-s2x4-8adg-87g9

vulnerability	VCID-spes-x1tu-gfef

vulnerability	VCID-wbfe-sm9a-vkh2

vulnerability	VCID-yss9-abks-xbgz

vulnerability	VCID-z47r-8zww-u7d1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.10.3

url pkg:maven/org.apache.jspwiki/jspwiki-war@2.10.4

purl pkg:maven/org.apache.jspwiki/jspwiki-war@2.10.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5chf-z411-uygk

vulnerability	VCID-5mgc-56s5-kkhz

vulnerability	VCID-5r9e-y7dr-mqd7

vulnerability	VCID-84qw-2dwv-mba7

vulnerability	VCID-8m4d-3t48-8kex

vulnerability	VCID-8p77-dmhf-6kbf

vulnerability	VCID-9wyb-y38j-wkeu

vulnerability	VCID-e1c2-enxb-ubh5

vulnerability	VCID-fwb2-d76t-47dh

vulnerability	VCID-hpr3-f4s8-43ae

vulnerability	VCID-jwtu-3v1h-3be1

vulnerability	VCID-p2c4-2xqh-d7b2

vulnerability	VCID-p84k-d4tc-3fhv

vulnerability	VCID-pq48-q59y-bfhd

vulnerability	VCID-pq7h-qrb3-xqb8

vulnerability	VCID-q546-dm9k-9fdq

vulnerability	VCID-s2x4-8adg-87g9

vulnerability	VCID-spes-x1tu-gfef

vulnerability	VCID-wbfe-sm9a-vkh2

vulnerability	VCID-yss9-abks-xbgz

vulnerability	VCID-z47r-8zww-u7d1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.10.4

url pkg:maven/org.apache.jspwiki/jspwiki-war@2.10.5

purl pkg:maven/org.apache.jspwiki/jspwiki-war@2.10.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5chf-z411-uygk

vulnerability	VCID-5mgc-56s5-kkhz

vulnerability	VCID-5r9e-y7dr-mqd7

vulnerability	VCID-84qw-2dwv-mba7

vulnerability	VCID-8m4d-3t48-8kex

vulnerability	VCID-8p77-dmhf-6kbf

vulnerability	VCID-9wyb-y38j-wkeu

vulnerability	VCID-e1c2-enxb-ubh5

vulnerability	VCID-fwb2-d76t-47dh

vulnerability	VCID-hpr3-f4s8-43ae

vulnerability	VCID-jwtu-3v1h-3be1

vulnerability	VCID-p2c4-2xqh-d7b2

vulnerability	VCID-p84k-d4tc-3fhv

vulnerability	VCID-pq48-q59y-bfhd

vulnerability	VCID-pq7h-qrb3-xqb8

vulnerability	VCID-q546-dm9k-9fdq

vulnerability	VCID-s2x4-8adg-87g9

vulnerability	VCID-spes-x1tu-gfef

vulnerability	VCID-wbfe-sm9a-vkh2

vulnerability	VCID-yss9-abks-xbgz

vulnerability	VCID-z47r-8zww-u7d1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.10.5

url pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M1

purl pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5chf-z411-uygk

vulnerability	VCID-5r9e-y7dr-mqd7

vulnerability	VCID-84qw-2dwv-mba7

vulnerability	VCID-8m4d-3t48-8kex

vulnerability	VCID-8p77-dmhf-6kbf

vulnerability	VCID-9wyb-y38j-wkeu

vulnerability	VCID-e1c2-enxb-ubh5

vulnerability	VCID-fwb2-d76t-47dh

vulnerability	VCID-hpr3-f4s8-43ae

vulnerability	VCID-jwtu-3v1h-3be1

vulnerability	VCID-p2c4-2xqh-d7b2

vulnerability	VCID-p84k-d4tc-3fhv

vulnerability	VCID-pq48-q59y-bfhd

vulnerability	VCID-pq7h-qrb3-xqb8

vulnerability	VCID-q546-dm9k-9fdq

vulnerability	VCID-s2x4-8adg-87g9

vulnerability	VCID-spes-x1tu-gfef

vulnerability	VCID-wbfe-sm9a-vkh2

vulnerability	VCID-yss9-abks-xbgz

vulnerability	VCID-z47r-8zww-u7d1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M1

url pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M2

purl pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5chf-z411-uygk

vulnerability	VCID-5r9e-y7dr-mqd7

vulnerability	VCID-84qw-2dwv-mba7

vulnerability	VCID-8m4d-3t48-8kex

vulnerability	VCID-8p77-dmhf-6kbf

vulnerability	VCID-9wyb-y38j-wkeu

vulnerability	VCID-e1c2-enxb-ubh5

vulnerability	VCID-fwb2-d76t-47dh

vulnerability	VCID-hpr3-f4s8-43ae

vulnerability	VCID-jwtu-3v1h-3be1

vulnerability	VCID-p2c4-2xqh-d7b2

vulnerability	VCID-p84k-d4tc-3fhv

vulnerability	VCID-pq48-q59y-bfhd

vulnerability	VCID-pq7h-qrb3-xqb8

vulnerability	VCID-q546-dm9k-9fdq

vulnerability	VCID-s2x4-8adg-87g9

vulnerability	VCID-spes-x1tu-gfef

vulnerability	VCID-wbfe-sm9a-vkh2

vulnerability	VCID-yss9-abks-xbgz

vulnerability	VCID-z47r-8zww-u7d1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M2

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-0225

reference_id

reference_type

scores

value	0.03398
scoring_system	epss
scoring_elements	0.87617
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-0225

reference_url

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0225

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0225

reference_url

https://lists.apache.org/thread.html/03ddbcb1d6322e04734e65805a147a32bcfdb71b8fc5821fb046ba8d@%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/03ddbcb1d6322e04734e65805a147a32bcfdb71b8fc5821fb046ba8d@%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/4f19fdbd8b9c4caf6137a459d723f4ec60379b033ed69277eb4e0af9@%3Cuser.jspwiki.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/4f19fdbd8b9c4caf6137a459d723f4ec60379b033ed69277eb4e0af9@%3Cuser.jspwiki.apache.org%3E

reference_url

https://lists.apache.org/thread.html/6251c06cb11e0b495066be73856592dbd7ed712487ef283d10972831@%3Cdev.jspwiki.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/6251c06cb11e0b495066be73856592dbd7ed712487ef283d10972831@%3Cdev.jspwiki.apache.org%3E

reference_url

https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16@%3Ccommits.jspwiki.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16@%3Ccommits.jspwiki.apache.org%3E

reference_url

https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1@%3Ccommits.jspwiki.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1@%3Ccommits.jspwiki.apache.org%3E

reference_url

http://www.openwall.com/lists/oss-security/2019/03/26/2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2019/03/26/2

reference_url

http://www.securityfocus.com/bid/107627

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/107627

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-0225

reference_id

CVE-2019-0225

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-0225

reference_url

https://github.com/advisories/GHSA-pffw-p2q5-w6vh

reference_id

GHSA-pffw-p2q5-w6vh

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-pffw-p2q5-w6vh

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	22
name	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
description	The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p84k-d4tc-3fhv

Vulnerability Instance