Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-s4j7-r6m7-tyey
Summary
Jenkins HTML Publisher Plugin does not properly sanitize input
Jenkins HTML Publisher Plugin 1.16 through 1.32 (both inclusive) does not properly sanitize input, allowing attackers with Item/Configure permission to implement cross-site scripting (XSS) attacks and to determine whether a path on the Jenkins controller file system exists.
Aliases
0
alias CVE-2024-28149
1
alias GHSA-8vcg-v7g4-3vr7
Fixed_packages
0
url pkg:maven/org.jenkins-ci.plugins/htmlpublisher@1.32.1
purl pkg:maven/org.jenkins-ci.plugins/htmlpublisher@1.32.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/htmlpublisher@1.32.1
Affected_packages
0
url pkg:maven/org.jenkins-ci.plugins/htmlpublisher@1.16
purl pkg:maven/org.jenkins-ci.plugins/htmlpublisher@1.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-s4j7-r6m7-tyey
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/htmlpublisher@1.16
1
url pkg:rpm/redhat/jenkins@2.440.3.1716387933-3?arch=el8
purl pkg:rpm/redhat/jenkins@2.440.3.1716387933-3?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cnb-4rqk-zbez
1
vulnerability VCID-5qhm-ase5-5qhy
2
vulnerability VCID-6rup-vv6d-eqd8
3
vulnerability VCID-acdw-t3mm-wbhb
4
vulnerability VCID-f8ak-21d8-juff
5
vulnerability VCID-jzn6-bzzf-nugp
6
vulnerability VCID-qnbx-c635-hqer
7
vulnerability VCID-s4j7-r6m7-tyey
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins@2.440.3.1716387933-3%3Farch=el8
2
url pkg:rpm/redhat/jenkins@2.440.3.1716445150-3?arch=el8
purl pkg:rpm/redhat/jenkins@2.440.3.1716445150-3?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cnb-4rqk-zbez
1
vulnerability VCID-5qhm-ase5-5qhy
2
vulnerability VCID-6rup-vv6d-eqd8
3
vulnerability VCID-acdw-t3mm-wbhb
4
vulnerability VCID-f8ak-21d8-juff
5
vulnerability VCID-jzn6-bzzf-nugp
6
vulnerability VCID-qnbx-c635-hqer
7
vulnerability VCID-s4j7-r6m7-tyey
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins@2.440.3.1716445150-3%3Farch=el8
3
url pkg:rpm/redhat/jenkins@2.440.3.1716445200-3?arch=el8
purl pkg:rpm/redhat/jenkins@2.440.3.1716445200-3?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cnb-4rqk-zbez
1
vulnerability VCID-5qhm-ase5-5qhy
2
vulnerability VCID-6rup-vv6d-eqd8
3
vulnerability VCID-acdw-t3mm-wbhb
4
vulnerability VCID-f8ak-21d8-juff
5
vulnerability VCID-jzn6-bzzf-nugp
6
vulnerability VCID-qnbx-c635-hqer
7
vulnerability VCID-s4j7-r6m7-tyey
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins@2.440.3.1716445200-3%3Farch=el8
4
url pkg:rpm/redhat/jenkins@2.440.3.1718879390-3?arch=el8
purl pkg:rpm/redhat/jenkins@2.440.3.1718879390-3?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cnb-4rqk-zbez
1
vulnerability VCID-5qhm-ase5-5qhy
2
vulnerability VCID-6rup-vv6d-eqd8
3
vulnerability VCID-acdw-t3mm-wbhb
4
vulnerability VCID-f8ak-21d8-juff
5
vulnerability VCID-jzn6-bzzf-nugp
6
vulnerability VCID-qnbx-c635-hqer
7
vulnerability VCID-s4j7-r6m7-tyey
8
vulnerability VCID-tsgr-5mwt-jkeh
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins@2.440.3.1718879390-3%3Farch=el8
5
url pkg:rpm/redhat/jenkins-2-plugins@4.12.1716445211-1?arch=el8
purl pkg:rpm/redhat/jenkins-2-plugins@4.12.1716445211-1?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cnb-4rqk-zbez
1
vulnerability VCID-5qhm-ase5-5qhy
2
vulnerability VCID-6rup-vv6d-eqd8
3
vulnerability VCID-acdw-t3mm-wbhb
4
vulnerability VCID-f8ak-21d8-juff
5
vulnerability VCID-jzn6-bzzf-nugp
6
vulnerability VCID-qnbx-c635-hqer
7
vulnerability VCID-s4j7-r6m7-tyey
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.12.1716445211-1%3Farch=el8
6
url pkg:rpm/redhat/jenkins-2-plugins@4.13.1716445207-1?arch=el8
purl pkg:rpm/redhat/jenkins-2-plugins@4.13.1716445207-1?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cnb-4rqk-zbez
1
vulnerability VCID-5qhm-ase5-5qhy
2
vulnerability VCID-6rup-vv6d-eqd8
3
vulnerability VCID-acdw-t3mm-wbhb
4
vulnerability VCID-f8ak-21d8-juff
5
vulnerability VCID-jzn6-bzzf-nugp
6
vulnerability VCID-qnbx-c635-hqer
7
vulnerability VCID-s4j7-r6m7-tyey
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.13.1716445207-1%3Farch=el8
7
url pkg:rpm/redhat/jenkins-2-plugins@4.14.1716388016-1?arch=el8
purl pkg:rpm/redhat/jenkins-2-plugins@4.14.1716388016-1?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cnb-4rqk-zbez
1
vulnerability VCID-5qhm-ase5-5qhy
2
vulnerability VCID-6rup-vv6d-eqd8
3
vulnerability VCID-acdw-t3mm-wbhb
4
vulnerability VCID-f8ak-21d8-juff
5
vulnerability VCID-jzn6-bzzf-nugp
6
vulnerability VCID-qnbx-c635-hqer
7
vulnerability VCID-s4j7-r6m7-tyey
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.14.1716388016-1%3Farch=el8
8
url pkg:rpm/redhat/jenkins-2-plugins@4.15.1718879538-1?arch=el8
purl pkg:rpm/redhat/jenkins-2-plugins@4.15.1718879538-1?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cnb-4rqk-zbez
1
vulnerability VCID-5qhm-ase5-5qhy
2
vulnerability VCID-6rup-vv6d-eqd8
3
vulnerability VCID-acdw-t3mm-wbhb
4
vulnerability VCID-f8ak-21d8-juff
5
vulnerability VCID-jzn6-bzzf-nugp
6
vulnerability VCID-qnbx-c635-hqer
7
vulnerability VCID-s4j7-r6m7-tyey
8
vulnerability VCID-tsgr-5mwt-jkeh
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.15.1718879538-1%3Farch=el8
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28149.json
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28149.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28149
reference_id
reference_type
scores
0
value 0.00133
scoring_system epss
scoring_elements 0.32936
published_at 2026-04-16T12:55:00Z
1
value 0.00133
scoring_system epss
scoring_elements 0.32896
published_at 2026-04-13T12:55:00Z
2
value 0.00133
scoring_system epss
scoring_elements 0.32922
published_at 2026-04-12T12:55:00Z
3
value 0.00133
scoring_system epss
scoring_elements 0.3296
published_at 2026-04-11T12:55:00Z
4
value 0.00133
scoring_system epss
scoring_elements 0.32927
published_at 2026-04-08T12:55:00Z
5
value 0.00133
scoring_system epss
scoring_elements 0.32881
published_at 2026-04-07T12:55:00Z
6
value 0.00133
scoring_system epss
scoring_elements 0.33051
published_at 2026-04-04T12:55:00Z
7
value 0.00133
scoring_system epss
scoring_elements 0.33018
published_at 2026-04-02T12:55:00Z
8
value 0.00133
scoring_system epss
scoring_elements 0.32957
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28149
2
reference_url https://github.com/jenkinsci/htmlpublisher-plugin
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/htmlpublisher-plugin
3
reference_url https://github.com/jenkinsci/htmlpublisher-plugin/commit/8bf2e2297a86ad50f7567fb953b2f8ec18b2891b
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/htmlpublisher-plugin/commit/8bf2e2297a86ad50f7567fb953b2f8ec18b2891b
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-28149
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-28149
5
reference_url https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-07T18:49:19Z/
url https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301
6
reference_url http://www.openwall.com/lists/oss-security/2024/03/06/3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-07T18:49:19Z/
url http://www.openwall.com/lists/oss-security/2024/03/06/3
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2268227
reference_id 2268227
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2268227
8
reference_url https://github.com/advisories/GHSA-8vcg-v7g4-3vr7
reference_id GHSA-8vcg-v7g4-3vr7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8vcg-v7g4-3vr7
9
reference_url https://access.redhat.com/errata/RHSA-2024:3634
reference_id RHSA-2024:3634
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3634
10
reference_url https://access.redhat.com/errata/RHSA-2024:3635
reference_id RHSA-2024:3635
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3635
11
reference_url https://access.redhat.com/errata/RHSA-2024:3636
reference_id RHSA-2024:3636
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3636
12
reference_url https://access.redhat.com/errata/RHSA-2024:4597
reference_id RHSA-2024:4597
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4597
Weaknesses
0
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
3
cwe_id 20
name Improper Input Validation
description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Exploits
Severity_range_score6.5 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-s4j7-r6m7-tyey