Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-zc1y-ff37-nqat
SummaryApache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request.
Aliases
0
alias CVE-2016-4433
1
alias GHSA-wm8w-qp2f-728q
Fixed_packages
0
url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.29
purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-tgd1-s1yg-9fdt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.29
Affected_packages
0
url pkg:maven/org.apache.struts/struts-master@2.3.20
purl pkg:maven/org.apache.struts/struts-master@2.3.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fwnu-d26u-pufq
1
vulnerability VCID-js22-usgt-8qd9
2
vulnerability VCID-zc1y-ff37-nqat
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts-master@2.3.20
1
url pkg:maven/org.apache.struts/struts-master@2.3.28.1
purl pkg:maven/org.apache.struts/struts-master@2.3.28.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fwnu-d26u-pufq
1
vulnerability VCID-js22-usgt-8qd9
2
vulnerability VCID-zc1y-ff37-nqat
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts-master@2.3.28.1
2
url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.20
purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-js22-usgt-8qd9
1
vulnerability VCID-p9xh-frm5-8ucp
2
vulnerability VCID-tgd1-s1yg-9fdt
3
vulnerability VCID-zc1y-ff37-nqat
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.20
3
url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.20.1
purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.20.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-js22-usgt-8qd9
1
vulnerability VCID-tgd1-s1yg-9fdt
2
vulnerability VCID-zc1y-ff37-nqat
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.20.1
4
url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.20.3
purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.20.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-js22-usgt-8qd9
1
vulnerability VCID-tgd1-s1yg-9fdt
2
vulnerability VCID-zc1y-ff37-nqat
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.20.3
5
url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.24
purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-js22-usgt-8qd9
1
vulnerability VCID-tgd1-s1yg-9fdt
2
vulnerability VCID-zc1y-ff37-nqat
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.24
6
url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.24.1
purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.24.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-js22-usgt-8qd9
1
vulnerability VCID-tgd1-s1yg-9fdt
2
vulnerability VCID-zc1y-ff37-nqat
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.24.1
7
url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.24.3
purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.24.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-js22-usgt-8qd9
1
vulnerability VCID-tgd1-s1yg-9fdt
2
vulnerability VCID-zc1y-ff37-nqat
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.24.3
8
url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.28
purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-js22-usgt-8qd9
1
vulnerability VCID-tgd1-s1yg-9fdt
2
vulnerability VCID-zc1y-ff37-nqat
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.28
9
url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.28.1
purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.28.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-js22-usgt-8qd9
1
vulnerability VCID-tgd1-s1yg-9fdt
2
vulnerability VCID-zc1y-ff37-nqat
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.28.1
References
0
reference_url http://jvndb.jvn.jp/jvndb/JVNDB-2016-000112
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://jvndb.jvn.jp/jvndb/JVNDB-2016-000112
1
reference_url http://jvn.jp/en/jp/JVN45093481/index.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://jvn.jp/en/jp/JVN45093481/index.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4433.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4433.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-4433
reference_id
reference_type
scores
0
value 0.03516
scoring_system epss
scoring_elements 0.87634
published_at 2026-04-13T12:55:00Z
1
value 0.03516
scoring_system epss
scoring_elements 0.87647
published_at 2026-04-21T12:55:00Z
2
value 0.03516
scoring_system epss
scoring_elements 0.87649
published_at 2026-04-16T12:55:00Z
3
value 0.03516
scoring_system epss
scoring_elements 0.87602
published_at 2026-04-04T12:55:00Z
4
value 0.03516
scoring_system epss
scoring_elements 0.87588
published_at 2026-04-02T12:55:00Z
5
value 0.03516
scoring_system epss
scoring_elements 0.87579
published_at 2026-04-01T12:55:00Z
6
value 0.03516
scoring_system epss
scoring_elements 0.8765
published_at 2026-04-18T12:55:00Z
7
value 0.03516
scoring_system epss
scoring_elements 0.87637
published_at 2026-04-12T12:55:00Z
8
value 0.03516
scoring_system epss
scoring_elements 0.87642
published_at 2026-04-11T12:55:00Z
9
value 0.03516
scoring_system epss
scoring_elements 0.8763
published_at 2026-04-09T12:55:00Z
10
value 0.03516
scoring_system epss
scoring_elements 0.87624
published_at 2026-04-08T12:55:00Z
11
value 0.03516
scoring_system epss
scoring_elements 0.87604
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-4433
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1348251
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1348251
5
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
6
reference_url https://github.com/apache/struts/commit/b28b78c062f0bf3c79793a25aab8c9b6c12bce6e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/b28b78c062f0bf3c79793a25aab8c9b6c12bce6e
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-4433
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N
1
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-4433
8
reference_url https://struts.apache.org/docs/s2-039.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://struts.apache.org/docs/s2-039.html
9
reference_url https://web.archive.org/web/20210123144955/http://www.securityfocus.com/bid/91282
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210123144955/http://www.securityfocus.com/bid/91282
10
reference_url http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282
11
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21987854
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg21987854
12
reference_url http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
13
reference_url http://www.securityfocus.com/bid/91282
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/91282
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*
21
reference_url https://github.com/advisories/GHSA-wm8w-qp2f-728q
reference_id GHSA-wm8w-qp2f-728q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wm8w-qp2f-728q
Weaknesses
0
cwe_id 20
name Improper Input Validation
description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
1
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score5.0 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-zc1y-ff37-nqat