Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-cv6j-98vx-n3ed
Summary
Path Traversal
In the Convention plugin in Apache Struts, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side.
Aliases
0
alias CVE-2016-6795
1
alias GHSA-44hv-jjx7-qfjg
Fixed_packages
0
url pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.31
purl pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.31
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nztp-y8p8-cqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.31
1
url pkg:maven/org.apache.struts/struts2-convention-plugin@2.5.5
purl pkg:maven/org.apache.struts/struts2-convention-plugin@2.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nztp-y8p8-cqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-convention-plugin@2.5.5
2
url pkg:maven/org.apache.struts/struts2-core@2.3.31
purl pkg:maven/org.apache.struts/struts2-core@2.3.31
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uv9-4vy7-ryd1
1
vulnerability VCID-dj42-wym9-nbhv
2
vulnerability VCID-dvxu-9sh6-qbef
3
vulnerability VCID-hrky-nmnv-g3eu
4
vulnerability VCID-mmth-7rgf-aqfa
5
vulnerability VCID-vztu-pap6-37ev
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.31
3
url pkg:maven/org.apache.struts/struts2-core@2.5.5
purl pkg:maven/org.apache.struts/struts2-core@2.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21k4-5a8r-7bd9
1
vulnerability VCID-7uv9-4vy7-ryd1
2
vulnerability VCID-dj42-wym9-nbhv
3
vulnerability VCID-dvxu-9sh6-qbef
4
vulnerability VCID-hrky-nmnv-g3eu
5
vulnerability VCID-mmth-7rgf-aqfa
6
vulnerability VCID-vztu-pap6-37ev
7
vulnerability VCID-ybuw-727z-r3eb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.5
Affected_packages
0
url pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.20.1
purl pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.20.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cv6j-98vx-n3ed
1
vulnerability VCID-nztp-y8p8-cqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.20.1
1
url pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.24
purl pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cv6j-98vx-n3ed
1
vulnerability VCID-nztp-y8p8-cqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.24
2
url pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.24.1
purl pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.24.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cv6j-98vx-n3ed
1
vulnerability VCID-nztp-y8p8-cqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.24.1
3
url pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.28
purl pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cv6j-98vx-n3ed
1
vulnerability VCID-nztp-y8p8-cqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.28
4
url pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.20
purl pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cv6j-98vx-n3ed
1
vulnerability VCID-nztp-y8p8-cqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.20
5
url pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.20.3
purl pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.20.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cv6j-98vx-n3ed
1
vulnerability VCID-nztp-y8p8-cqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.20.3
6
url pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.21
purl pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cv6j-98vx-n3ed
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.21
7
url pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.24.3
purl pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.24.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cv6j-98vx-n3ed
1
vulnerability VCID-nztp-y8p8-cqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.24.3
8
url pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.25
purl pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.25
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cv6j-98vx-n3ed
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.25
9
url pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.28.1
purl pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.28.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cv6j-98vx-n3ed
1
vulnerability VCID-nztp-y8p8-cqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.28.1
10
url pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.29
purl pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cv6j-98vx-n3ed
1
vulnerability VCID-nztp-y8p8-cqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.29
11
url pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.30
purl pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cv6j-98vx-n3ed
1
vulnerability VCID-nztp-y8p8-cqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.30
12
url pkg:maven/org.apache.struts/struts2-core@2.3.0
purl pkg:maven/org.apache.struts/struts2-core@2.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cv6j-98vx-n3ed
1
vulnerability VCID-vztu-pap6-37ev
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.0
13
url pkg:maven/org.apache.struts/struts2-core@2.5.0
purl pkg:maven/org.apache.struts/struts2-core@2.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8cmt-z8g9-duf2
1
vulnerability VCID-cv6j-98vx-n3ed
2
vulnerability VCID-vztu-pap6-37ev
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.0
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-6795
reference_id
reference_type
scores
0
value 0.04732
scoring_system epss
scoring_elements 0.89589
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-6795
1
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
2
reference_url https://github.com/apache/struts/commit/030ffa33543f8953306ed0c0dc815c7fb74d7129
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/030ffa33543f8953306ed0c0dc815c7fb74d7129
3
reference_url https://github.com/apache/struts/commit/8e67b9144aa643769b261e2492cb561e04d016ab
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/8e67b9144aa643769b261e2492cb561e04d016ab
4
reference_url https://github.com/apache/struts/commit/c1869f4989942dd33fa4e189e0ac1f766fb5ac14
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/c1869f4989942dd33fa4e189e0ac1f766fb5ac14
5
reference_url https://security.netapp.com/advisory/ntap-20180629-0003
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20180629-0003
6
reference_url https://security.netapp.com/advisory/ntap-20180629-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20180629-0003/
7
reference_url https://struts.apache.org/docs/s2-042.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://struts.apache.org/docs/s2-042.html
8
reference_url https://web.archive.org/web/20200227214705/http://www.securityfocus.com/bid/93773
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227214705/http://www.securityfocus.com/bid/93773
9
reference_url http://www.securityfocus.com/bid/93773
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/93773
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-6795
reference_id CVE-2016-6795
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-6795
11
reference_url https://github.com/advisories/GHSA-44hv-jjx7-qfjg
reference_id GHSA-44hv-jjx7-qfjg
reference_type
scores
url https://github.com/advisories/GHSA-44hv-jjx7-qfjg
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 22
name Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
description The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
3
cwe_id 352
name Cross-Site Request Forgery (CSRF)
description The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
Exploits
Severity_range_score9.0 - 10.0
Exploitability0.5
Weighted_severity9.0
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-cv6j-98vx-n3ed