Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-rqbn-6eng-tyhs
SummaryPuppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise 2017.3.x prior to 2017.3.7, Puppet Enterprise 2018.1.x prior to 2018.1.1, Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2, were vulnerable to an attack where an unprivileged user on Windows agents could write custom facts that can escalate privileges on the next puppet run. This was possible through the loading of shared libraries from untrusted paths.
Aliases
0
alias CVE-2018-6513
Fixed_packages
0
url pkg:deb/debian/puppet@0?distro=bullseye
purl pkg:deb/debian/puppet@0?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@0%3Fdistro=bullseye
1
url pkg:deb/debian/puppet@5.5.22-2?distro=bullseye
purl pkg:deb/debian/puppet@5.5.22-2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.22-2%3Fdistro=bullseye
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-6513
reference_id
reference_type
scores
0
value 0.00355
scoring_system epss
scoring_elements 0.57821
published_at 2026-04-21T12:55:00Z
1
value 0.00355
scoring_system epss
scoring_elements 0.57844
published_at 2026-04-18T12:55:00Z
2
value 0.00355
scoring_system epss
scoring_elements 0.57708
published_at 2026-04-01T12:55:00Z
3
value 0.00355
scoring_system epss
scoring_elements 0.57792
published_at 2026-04-02T12:55:00Z
4
value 0.00355
scoring_system epss
scoring_elements 0.57813
published_at 2026-04-04T12:55:00Z
5
value 0.00355
scoring_system epss
scoring_elements 0.57786
published_at 2026-04-07T12:55:00Z
6
value 0.00355
scoring_system epss
scoring_elements 0.57841
published_at 2026-04-08T12:55:00Z
7
value 0.00355
scoring_system epss
scoring_elements 0.57843
published_at 2026-04-09T12:55:00Z
8
value 0.00355
scoring_system epss
scoring_elements 0.57859
published_at 2026-04-11T12:55:00Z
9
value 0.00355
scoring_system epss
scoring_elements 0.57838
published_at 2026-04-12T12:55:00Z
10
value 0.00355
scoring_system epss
scoring_elements 0.57816
published_at 2026-04-13T12:55:00Z
11
value 0.00355
scoring_system epss
scoring_elements 0.57845
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-6513
1
reference_url https://puppet.com/security/cve/CVE-2018-6513
reference_id
reference_type
scores
url https://puppet.com/security/cve/CVE-2018-6513
2
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-6513
reference_id CVE-2018-6513
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2018-6513
Weaknesses
0
cwe_id 426
name Untrusted Search Path
description The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.
Exploits
Severity_range_score6.5 - 8.8
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-rqbn-6eng-tyhs