Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-4sj2-j914-9yfb
SummarySpring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
Aliases
0
alias CVE-2018-1270
1
alias GHSA-p5hg-3xm3-gcjg
Fixed_packages
0
url pkg:deb/debian/libspring-java@4.3.19-1?distro=trixie
purl pkg:deb/debian/libspring-java@4.3.19-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.19-1%3Fdistro=trixie
1
url pkg:deb/debian/libspring-java@4.3.22-4
purl pkg:deb/debian/libspring-java@4.3.22-4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.22-4
2
url pkg:deb/debian/libspring-java@4.3.30-1?distro=trixie
purl pkg:deb/debian/libspring-java@4.3.30-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.30-1%3Fdistro=trixie
3
url pkg:deb/debian/libspring-java@4.3.30-2?distro=trixie
purl pkg:deb/debian/libspring-java@4.3.30-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.30-2%3Fdistro=trixie
4
url pkg:deb/debian/libspring-java@4.3.30-3?distro=trixie
purl pkg:deb/debian/libspring-java@4.3.30-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.30-3%3Fdistro=trixie
5
url pkg:deb/debian/libspring-java@4.3.30-4?distro=trixie
purl pkg:deb/debian/libspring-java@4.3.30-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.30-4%3Fdistro=trixie
6
url pkg:maven/org.springframework/spring-messaging@4.3.16.RELEASE
purl pkg:maven/org.springframework/spring-messaging@4.3.16.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bpme-zq57-4uh7
1
vulnerability VCID-k17s-ttg2-ubgj
2
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-messaging@4.3.16.RELEASE
7
url pkg:maven/org.springframework/spring-messaging@5.0.5.RELEASE
purl pkg:maven/org.springframework/spring-messaging@5.0.5.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bpme-zq57-4uh7
1
vulnerability VCID-k17s-ttg2-ubgj
2
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-messaging@5.0.5.RELEASE
Affected_packages
0
url pkg:deb/debian/libspring-java@3.0.6.RELEASE-6%2Bdeb7u3
purl pkg:deb/debian/libspring-java@3.0.6.RELEASE-6%2Bdeb7u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2nff-p7we-tuax
1
vulnerability VCID-4sj2-j914-9yfb
2
vulnerability VCID-53gt-nbgk-hyc2
3
vulnerability VCID-9v66-xp9z-8kea
4
vulnerability VCID-ajex-5x84-8ygb
5
vulnerability VCID-asmf-3c71-gqcb
6
vulnerability VCID-bpme-zq57-4uh7
7
vulnerability VCID-dfs4-emmn-f3eb
8
vulnerability VCID-e7xv-sdvz-g7e4
9
vulnerability VCID-ec6g-dnjb-vycb
10
vulnerability VCID-eer8-apxc-2ue6
11
vulnerability VCID-j3wr-npbv-8qcw
12
vulnerability VCID-kpma-e8rd-b7c8
13
vulnerability VCID-mqnn-spsw-8fg5
14
vulnerability VCID-mvx7-2y3s-fbbb
15
vulnerability VCID-pb7f-yasx-17ag
16
vulnerability VCID-pht6-8af8-b3f2
17
vulnerability VCID-qpxj-fzta-v7bs
18
vulnerability VCID-r384-aque-vqcw
19
vulnerability VCID-tu1q-zbk1-hbdm
20
vulnerability VCID-vkf8-5z5m-wqc7
21
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@3.0.6.RELEASE-6%252Bdeb7u3
1
url pkg:deb/debian/libspring-java@3.0.6.RELEASE-17
purl pkg:deb/debian/libspring-java@3.0.6.RELEASE-17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2nff-p7we-tuax
1
vulnerability VCID-4sj2-j914-9yfb
2
vulnerability VCID-53gt-nbgk-hyc2
3
vulnerability VCID-9v66-xp9z-8kea
4
vulnerability VCID-bpme-zq57-4uh7
5
vulnerability VCID-dfs4-emmn-f3eb
6
vulnerability VCID-ec6g-dnjb-vycb
7
vulnerability VCID-j3wr-npbv-8qcw
8
vulnerability VCID-kpma-e8rd-b7c8
9
vulnerability VCID-mqnn-spsw-8fg5
10
vulnerability VCID-pb7f-yasx-17ag
11
vulnerability VCID-pht6-8af8-b3f2
12
vulnerability VCID-qpxj-fzta-v7bs
13
vulnerability VCID-tu1q-zbk1-hbdm
14
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@3.0.6.RELEASE-17
2
url pkg:deb/debian/libspring-java@4.3.5-1
purl pkg:deb/debian/libspring-java@4.3.5-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4sj2-j914-9yfb
1
vulnerability VCID-bpme-zq57-4uh7
2
vulnerability VCID-mqnn-spsw-8fg5
3
vulnerability VCID-pb7f-yasx-17ag
4
vulnerability VCID-pht6-8af8-b3f2
5
vulnerability VCID-qpxj-fzta-v7bs
6
vulnerability VCID-tu1q-zbk1-hbdm
7
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.5-1
3
url pkg:maven/org.springframework/spring-messaging@5.0.0.RELEASE
purl pkg:maven/org.springframework/spring-messaging@5.0.0.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3rev-eg6f-tkb7
1
vulnerability VCID-4sj2-j914-9yfb
2
vulnerability VCID-bpme-zq57-4uh7
3
vulnerability VCID-k17s-ttg2-ubgj
4
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-messaging@5.0.0.RELEASE
References
0
reference_url https://access.redhat.com/errata/RHSA-2018:2939
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2939
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1270.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1270.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1270
reference_id
reference_type
scores
0
value 0.89954
scoring_system epss
scoring_elements 0.99577
published_at 2026-04-08T12:55:00Z
1
value 0.89954
scoring_system epss
scoring_elements 0.99576
published_at 2026-04-07T12:55:00Z
2
value 0.89954
scoring_system epss
scoring_elements 0.99574
published_at 2026-04-02T12:55:00Z
3
value 0.89954
scoring_system epss
scoring_elements 0.99575
published_at 2026-04-04T12:55:00Z
4
value 0.89954
scoring_system epss
scoring_elements 0.99579
published_at 2026-04-18T12:55:00Z
5
value 0.89954
scoring_system epss
scoring_elements 0.99578
published_at 2026-04-13T12:55:00Z
6
value 0.90041
scoring_system epss
scoring_elements 0.99585
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1270
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1270
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1270
4
reference_url https://github.com/spring-projects/spring-framework
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework
5
reference_url https://github.com/spring-projects/spring-framework/commit/0009806debb578e884f6dc98bd1f2dc668020021
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/0009806debb578e884f6dc98bd1f2dc668020021
6
reference_url https://github.com/spring-projects/spring-framework/commit/1db7e02de3eb0c011ee6681f5a12eb9d166fea8
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-framework/commit/1db7e02de3eb0c011ee6681f5a12eb9d166fea8
7
reference_url https://github.com/spring-projects/spring-framework/commit/d3acf45ea4db51fa5c4cbd0bc0e7b6d9ef805e6
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-framework/commit/d3acf45ea4db51fa5c4cbd0bc0e7b6d9ef805e6
8
reference_url https://github.com/spring-projects/spring-framework/commit/e0de9126ed8cf25cf141d3e66420da94e350708
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-framework/commit/e0de9126ed8cf25cf141d3e66420da94e350708
9
reference_url https://github.com/spring-projects/spring-framework/commit/e0de9126ed8cf25cf141d3e66420da94e350708a
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/e0de9126ed8cf25cf141d3e66420da94e350708a
10
reference_url https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe@%3Cissues.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe@%3Cissues.activemq.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1@%3Cissues.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1@%3Cissues.activemq.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c@%3Cissues.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c@%3Cissues.activemq.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3Cissues.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3Cissues.activemq.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
15
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html
16
reference_url https://web.archive.org/web/20200227125035/https://www.securityfocus.com/bid/103696
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227125035/https://www.securityfocus.com/bid/103696
17
reference_url https://www.exploit-db.com/exploits/44796
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/44796
18
reference_url https://www.exploit-db.com/exploits/44796/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/44796/
19
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2020.html
20
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
21
reference_url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
22
reference_url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
23
reference_url http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
24
reference_url http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
25
reference_url http://www.securityfocus.com/bid/103696
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/103696
26
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1564405
reference_id 1564405
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1564405
27
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895114
reference_id 895114
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895114
28
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1270
reference_id CVE-2018-1270
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1270
29
reference_url https://pivotal.io/security/cve-2018-1270
reference_id CVE-2018-1270
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://pivotal.io/security/cve-2018-1270
30
reference_url https://github.com/advisories/GHSA-p5hg-3xm3-gcjg
reference_id GHSA-p5hg-3xm3-gcjg
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p5hg-3xm3-gcjg
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 78
name Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
description The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
3
cwe_id 94
name Improper Control of Generation of Code ('Code Injection')
description The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
4
cwe_id 358
name Improperly Implemented Security Check for Standard
description The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.
5
cwe_id 20
name Improper Input Validation
description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Exploits
Severity_range_score9.0 - 10.0
Exploitability2.0
Weighted_severity9.0
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-4sj2-j914-9yfb