Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-7uv9-4vy7-ryd1
Summary
Apache Struts vulnerable to remote command execution (RCE) due to improper input validation
Apache Struts contains a Remote Code Execution when using results with no namespace and it's upper actions have no or wildcard namespace. The same flaw exists when using a url tag with no value, action set,  and it's upper actions have no or wildcard namespace.
Aliases
0
alias CVE-2018-11776
1
alias GHSA-cr6j-3jp9-rw65
Fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.35
purl pkg:maven/org.apache.struts/struts2-core@2.3.35
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.35
1
url pkg:maven/org.apache.struts/struts2-core@2.5.17
purl pkg:maven/org.apache.struts/struts2-core@2.5.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.17
Affected_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.0.4
purl pkg:maven/org.apache.struts/struts2-core@2.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uv9-4vy7-ryd1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.0.4
1
url pkg:maven/org.apache.struts/struts2-core@2.5
purl pkg:maven/org.apache.struts/struts2-core@2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21k4-5a8r-7bd9
1
vulnerability VCID-7uv9-4vy7-ryd1
2
vulnerability VCID-dvxu-9sh6-qbef
3
vulnerability VCID-hrky-nmnv-g3eu
4
vulnerability VCID-mmth-7rgf-aqfa
5
vulnerability VCID-qdsq-8td3-5qa1
6
vulnerability VCID-ybuw-727z-r3eb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5
References
0
reference_url https://cwiki.apache.org/confluence/display/WW/S2-057
reference_id
reference_type
scores
url https://cwiki.apache.org/confluence/display/WW/S2-057
1
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
url https://github.com/apache/struts
2
reference_url https://github.com/apache/struts/commit/6e87474f9ad0549f07dd2c37d50a9ccd0977c6e
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/6e87474f9ad0549f07dd2c37d50a9ccd0977c6e
3
reference_url https://lgtm.com/blog/apache_struts_CVE-2018-11776
reference_id
reference_type
scores
url https://lgtm.com/blog/apache_struts_CVE-2018-11776
4
reference_url https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E
6
reference_url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012
reference_id
reference_type
scores
url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012
7
reference_url https://security.netapp.com/advisory/ntap-20180822-0001
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20180822-0001
8
reference_url https://security.netapp.com/advisory/ntap-20181018-0002
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20181018-0002
9
reference_url https://web.archive.org/web/20180822160726/http://www.securityfocus.com/bid/105125
reference_id
reference_type
scores
url https://web.archive.org/web/20180822160726/http://www.securityfocus.com/bid/105125
10
reference_url https://web.archive.org/web/20200807025819/http://www.securitytracker.com/id/1041888
reference_id
reference_type
scores
url https://web.archive.org/web/20200807025819/http://www.securitytracker.com/id/1041888
11
reference_url https://web.archive.org/web/20201208145803/https://securitytracker.com/id/1041547
reference_id
reference_type
scores
url https://web.archive.org/web/20201208145803/https://securitytracker.com/id/1041547
12
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-11776
reference_id
reference_type
scores
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-11776
13
reference_url https://www.exploit-db.com/exploits/45260
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/45260
14
reference_url https://www.exploit-db.com/exploits/45262
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/45262
15
reference_url https://www.exploit-db.com/exploits/45367
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/45367
16
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpujul2020.html
17
reference_url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
reference_id
reference_type
scores
url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11776
reference_id CVE-2018-11776
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-11776
19
reference_url https://github.com/hook-s3c/CVE-2018-11776-Python-PoC
reference_id CVE-2018-11776-PYTHON-POC
reference_type
scores
url https://github.com/hook-s3c/CVE-2018-11776-Python-PoC
20
reference_url https://github.com/advisories/GHSA-cr6j-3jp9-rw65
reference_id GHSA-cr6j-3jp9-rw65
reference_type
scores
url https://github.com/advisories/GHSA-cr6j-3jp9-rw65
Weaknesses
0
cwe_id 20
name Improper Input Validation
description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-7uv9-4vy7-ryd1