Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-fnh5-jm4p-6yc8

Summary

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2014-3665 jenkins: remote code execution from slaves (SECURITY-144)

Aliases

alias	CVE-2014-3665

alias	GHSA-66cr-6whx-732p

Fixed_packages

url	pkg:maven/org.jenkins-ci.main/jenkins-core@1.587
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@1.587
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.587

Affected_packages

url pkg:rpm/redhat/jenkins@1.565.3-1?arch=el6op

purl pkg:rpm/redhat/jenkins@1.565.3-1?arch=el6op

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1r79-ts6t-hufh

vulnerability	VCID-1zas-w8w2-4ydr

vulnerability	VCID-28y2-gqhb-k7ak

vulnerability	VCID-2vbv-gzfv-83ae

vulnerability	VCID-4hfu-spf7-a3hw

vulnerability	VCID-52sp-kv9t-gye3

vulnerability	VCID-5ey2-dm5w-y7a6

vulnerability	VCID-6avm-s2zj-5qex

vulnerability	VCID-6qdw-fvzm-4kdx

vulnerability	VCID-7p5d-b885-sycx

vulnerability	VCID-bkyy-edpd-m3cy

vulnerability	VCID-bn9w-mr5k-ufen

vulnerability	VCID-c43n-xyfr-aqbe

vulnerability	VCID-ds2c-vfv9-1yhf

vulnerability	VCID-fnh5-jm4p-6yc8

vulnerability	VCID-hvd6-bj7t-q7fj

vulnerability	VCID-napq-s84t-dfct

vulnerability	VCID-nwz6-6gd9-gyac

vulnerability	VCID-r79s-gp2g-13b7

vulnerability	VCID-u21t-wbdr-auez

vulnerability	VCID-u321-xdwe-gfdp

vulnerability	VCID-vznw-vuay-7bcg

vulnerability	VCID-w6we-64uv-d3h7

vulnerability	VCID-y95w-2r5s-gufd

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins@1.565.3-1%3Farch=el6op

url pkg:rpm/redhat/jenkins-plugin-openshift@0.6.40.1-0?arch=el6op

purl pkg:rpm/redhat/jenkins-plugin-openshift@0.6.40.1-0?arch=el6op

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1r79-ts6t-hufh

vulnerability	VCID-1zas-w8w2-4ydr

vulnerability	VCID-28y2-gqhb-k7ak

vulnerability	VCID-2vbv-gzfv-83ae

vulnerability	VCID-4hfu-spf7-a3hw

vulnerability	VCID-52sp-kv9t-gye3

vulnerability	VCID-5ey2-dm5w-y7a6

vulnerability	VCID-6avm-s2zj-5qex

vulnerability	VCID-6qdw-fvzm-4kdx

vulnerability	VCID-7p5d-b885-sycx

vulnerability	VCID-bkyy-edpd-m3cy

vulnerability	VCID-bn9w-mr5k-ufen

vulnerability	VCID-c43n-xyfr-aqbe

vulnerability	VCID-ds2c-vfv9-1yhf

vulnerability	VCID-fnh5-jm4p-6yc8

vulnerability	VCID-hvd6-bj7t-q7fj

vulnerability	VCID-napq-s84t-dfct

vulnerability	VCID-nwz6-6gd9-gyac

vulnerability	VCID-r79s-gp2g-13b7

vulnerability	VCID-u21t-wbdr-auez

vulnerability	VCID-u321-xdwe-gfdp

vulnerability	VCID-vznw-vuay-7bcg

vulnerability	VCID-w6we-64uv-d3h7

vulnerability	VCID-y95w-2r5s-gufd

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-plugin-openshift@0.6.40.1-0%3Farch=el6op

url pkg:rpm/redhat/openshift-origin-cartridge-jenkins@1.20.3.5-1?arch=el6op

purl pkg:rpm/redhat/openshift-origin-cartridge-jenkins@1.20.3.5-1?arch=el6op

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1zas-w8w2-4ydr

vulnerability	VCID-28y2-gqhb-k7ak

vulnerability	VCID-2vbv-gzfv-83ae

vulnerability	VCID-4hfu-spf7-a3hw

vulnerability	VCID-52sp-kv9t-gye3

vulnerability	VCID-6avm-s2zj-5qex

vulnerability	VCID-6qdw-fvzm-4kdx

vulnerability	VCID-7p5d-b885-sycx

vulnerability	VCID-bkyy-edpd-m3cy

vulnerability	VCID-bn9w-mr5k-ufen

vulnerability	VCID-c43n-xyfr-aqbe

vulnerability	VCID-ds2c-vfv9-1yhf

vulnerability	VCID-fnh5-jm4p-6yc8

vulnerability	VCID-hvd6-bj7t-q7fj

vulnerability	VCID-napq-s84t-dfct

vulnerability	VCID-nwz6-6gd9-gyac

vulnerability	VCID-r79s-gp2g-13b7

vulnerability	VCID-u21t-wbdr-auez

vulnerability	VCID-u321-xdwe-gfdp

vulnerability	VCID-vznw-vuay-7bcg

vulnerability	VCID-w6we-64uv-d3h7

vulnerability	VCID-y95w-2r5s-gufd

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-origin-cartridge-jenkins@1.20.3.5-1%3Farch=el6op

References

reference_url

https://access.redhat.com/errata/RHBA-2014:1630

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHBA-2014:1630

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3665.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3665.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3665

reference_id

reference_type

scores

value	0.00353
scoring_system	epss
scoring_elements	0.57699
published_at	2026-04-21T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57719
published_at	2026-04-09T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57734
published_at	2026-04-11T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57713
published_at	2026-04-12T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57694
published_at	2026-04-13T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57723
published_at	2026-04-16T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.5772
published_at	2026-04-18T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.5758
published_at	2026-04-01T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57665
published_at	2026-04-02T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57686
published_at	2026-04-04T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57661
published_at	2026-04-07T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57716
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3665

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1147767

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1147767

reference_url

https://wiki.jenkins-ci.org/display/JENKINS/Slave+To+Master+Access+Control

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://wiki.jenkins-ci.org/display/JENKINS/Slave+To+Master+Access+Control

reference_url

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-30

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-30

reference_url	https://www.cloudbees.com/jenkins-security-advisory-2014-10-30
reference_id
reference_type
scores
url	https://www.cloudbees.com/jenkins-security-advisory-2014-10-30

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins::::::::
reference_id	cpe:2.3:a:jenkins:jenkins::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:::::lts:::*
reference_id	cpe:2.3:a:jenkins:jenkins:::::lts:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:jenkins:::::lts:::*

reference_url

https://access.redhat.com/security/cve/CVE-2014-3665

reference_id

CVE-2014-3665

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2014-3665

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-3665

reference_id

CVE-2014-3665

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-3665

reference_url

https://github.com/advisories/GHSA-66cr-6whx-732p

reference_id

GHSA-66cr-6whx-732p

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-66cr-6whx-732p

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	264
name	Permissions, Privileges, and Access Controls
description	Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

cwe_id	78
name	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
description	The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	250
name	Execution with Unnecessary Privileges
description	The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fnh5-jm4p-6yc8

Vulnerability Instance