Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-5qtg-djvn-97ht
SummaryIn Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.
Aliases
0
alias CVE-2016-8738
1
alias GHSA-86vq-8qhc-5rqw
Fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.5.8
purl pkg:maven/org.apache.struts/struts2-core@2.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3yq7-n972-j7dh
1
vulnerability VCID-579w-2k2v-efa2
2
vulnerability VCID-79j9-v8gz-rfax
3
vulnerability VCID-7c97-nj5a-hqb8
4
vulnerability VCID-87fh-rvvb-6ubq
5
vulnerability VCID-95ts-vpk6-uubg
6
vulnerability VCID-b7zy-qhz9-tuar
7
vulnerability VCID-bgbt-j1n9-6yg5
8
vulnerability VCID-cm62-bsdz-yye2
9
vulnerability VCID-dk2f-14xj-9bf8
10
vulnerability VCID-gfxq-vtry-bqgg
11
vulnerability VCID-hgj2-vqzn-gyeb
12
vulnerability VCID-mdde-pa5h-w7g4
13
vulnerability VCID-tgd1-s1yg-9fdt
14
vulnerability VCID-y4qu-21c9-6fav
15
vulnerability VCID-y5uq-a6dx-3yd4
16
vulnerability VCID-zkg1-bed6-bbfv
17
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.8
1
url pkg:maven/org.apache.struts/struts2-core@2.5.13
purl pkg:maven/org.apache.struts/struts2-core@2.5.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3yq7-n972-j7dh
1
vulnerability VCID-79j9-v8gz-rfax
2
vulnerability VCID-87fh-rvvb-6ubq
3
vulnerability VCID-95ts-vpk6-uubg
4
vulnerability VCID-b7zy-qhz9-tuar
5
vulnerability VCID-bgbt-j1n9-6yg5
6
vulnerability VCID-cm62-bsdz-yye2
7
vulnerability VCID-dk2f-14xj-9bf8
8
vulnerability VCID-gfxq-vtry-bqgg
9
vulnerability VCID-hgj2-vqzn-gyeb
10
vulnerability VCID-tgd1-s1yg-9fdt
11
vulnerability VCID-y5uq-a6dx-3yd4
12
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.13
Affected_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.5.0
purl pkg:maven/org.apache.struts/struts2-core@2.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-579w-2k2v-efa2
1
vulnerability VCID-5qtg-djvn-97ht
2
vulnerability VCID-74ab-1p1c-4qbd
3
vulnerability VCID-7c97-nj5a-hqb8
4
vulnerability VCID-j8jv-hzsy-nyec
5
vulnerability VCID-mdde-pa5h-w7g4
6
vulnerability VCID-sf53-bgb2-7ue2
7
vulnerability VCID-tgd1-s1yg-9fdt
8
vulnerability VCID-y4qu-21c9-6fav
9
vulnerability VCID-zkg1-bed6-bbfv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.0
1
url pkg:maven/org.apache.struts/struts2-core@2.5
purl pkg:maven/org.apache.struts/struts2-core@2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3yq7-n972-j7dh
1
vulnerability VCID-579w-2k2v-efa2
2
vulnerability VCID-5qtg-djvn-97ht
3
vulnerability VCID-74ab-1p1c-4qbd
4
vulnerability VCID-79j9-v8gz-rfax
5
vulnerability VCID-7c97-nj5a-hqb8
6
vulnerability VCID-87fh-rvvb-6ubq
7
vulnerability VCID-95ts-vpk6-uubg
8
vulnerability VCID-b7zy-qhz9-tuar
9
vulnerability VCID-bgbt-j1n9-6yg5
10
vulnerability VCID-cm62-bsdz-yye2
11
vulnerability VCID-dk2f-14xj-9bf8
12
vulnerability VCID-gfxq-vtry-bqgg
13
vulnerability VCID-hgj2-vqzn-gyeb
14
vulnerability VCID-mdde-pa5h-w7g4
15
vulnerability VCID-sf53-bgb2-7ue2
16
vulnerability VCID-tgd1-s1yg-9fdt
17
vulnerability VCID-y4qu-21c9-6fav
18
vulnerability VCID-y5uq-a6dx-3yd4
19
vulnerability VCID-ygbu-vb2t-jqhx
20
vulnerability VCID-zkg1-bed6-bbfv
21
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5
2
url pkg:maven/org.apache.struts/struts2-core@2.5.1
purl pkg:maven/org.apache.struts/struts2-core@2.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3yq7-n972-j7dh
1
vulnerability VCID-579w-2k2v-efa2
2
vulnerability VCID-5qtg-djvn-97ht
3
vulnerability VCID-74ab-1p1c-4qbd
4
vulnerability VCID-79j9-v8gz-rfax
5
vulnerability VCID-7c97-nj5a-hqb8
6
vulnerability VCID-87fh-rvvb-6ubq
7
vulnerability VCID-95ts-vpk6-uubg
8
vulnerability VCID-b7zy-qhz9-tuar
9
vulnerability VCID-bgbt-j1n9-6yg5
10
vulnerability VCID-cm62-bsdz-yye2
11
vulnerability VCID-dk2f-14xj-9bf8
12
vulnerability VCID-gfxq-vtry-bqgg
13
vulnerability VCID-hgj2-vqzn-gyeb
14
vulnerability VCID-mdde-pa5h-w7g4
15
vulnerability VCID-tgd1-s1yg-9fdt
16
vulnerability VCID-y4qu-21c9-6fav
17
vulnerability VCID-y5uq-a6dx-3yd4
18
vulnerability VCID-zkg1-bed6-bbfv
19
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.1
3
url pkg:maven/org.apache.struts/struts2-core@2.5.2
purl pkg:maven/org.apache.struts/struts2-core@2.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3yq7-n972-j7dh
1
vulnerability VCID-579w-2k2v-efa2
2
vulnerability VCID-5qtg-djvn-97ht
3
vulnerability VCID-74ab-1p1c-4qbd
4
vulnerability VCID-79j9-v8gz-rfax
5
vulnerability VCID-7c97-nj5a-hqb8
6
vulnerability VCID-87fh-rvvb-6ubq
7
vulnerability VCID-95ts-vpk6-uubg
8
vulnerability VCID-b7zy-qhz9-tuar
9
vulnerability VCID-bgbt-j1n9-6yg5
10
vulnerability VCID-cm62-bsdz-yye2
11
vulnerability VCID-dk2f-14xj-9bf8
12
vulnerability VCID-gfxq-vtry-bqgg
13
vulnerability VCID-hgj2-vqzn-gyeb
14
vulnerability VCID-mdde-pa5h-w7g4
15
vulnerability VCID-tgd1-s1yg-9fdt
16
vulnerability VCID-y4qu-21c9-6fav
17
vulnerability VCID-y5uq-a6dx-3yd4
18
vulnerability VCID-zkg1-bed6-bbfv
19
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.2
4
url pkg:maven/org.apache.struts/struts2-core@2.5.5
purl pkg:maven/org.apache.struts/struts2-core@2.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3yq7-n972-j7dh
1
vulnerability VCID-579w-2k2v-efa2
2
vulnerability VCID-5qtg-djvn-97ht
3
vulnerability VCID-79j9-v8gz-rfax
4
vulnerability VCID-7c97-nj5a-hqb8
5
vulnerability VCID-87fh-rvvb-6ubq
6
vulnerability VCID-95ts-vpk6-uubg
7
vulnerability VCID-b7zy-qhz9-tuar
8
vulnerability VCID-bgbt-j1n9-6yg5
9
vulnerability VCID-cm62-bsdz-yye2
10
vulnerability VCID-dk2f-14xj-9bf8
11
vulnerability VCID-gfxq-vtry-bqgg
12
vulnerability VCID-hgj2-vqzn-gyeb
13
vulnerability VCID-mdde-pa5h-w7g4
14
vulnerability VCID-tgd1-s1yg-9fdt
15
vulnerability VCID-y4qu-21c9-6fav
16
vulnerability VCID-y5uq-a6dx-3yd4
17
vulnerability VCID-zkg1-bed6-bbfv
18
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.5
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-8738
reference_id
reference_type
scores
0
value 0.01107
scoring_system epss
scoring_elements 0.78063
published_at 2026-04-02T12:55:00Z
1
value 0.01107
scoring_system epss
scoring_elements 0.78075
published_at 2026-04-07T12:55:00Z
2
value 0.01107
scoring_system epss
scoring_elements 0.78093
published_at 2026-04-04T12:55:00Z
3
value 0.01107
scoring_system epss
scoring_elements 0.78137
published_at 2026-04-21T12:55:00Z
4
value 0.01107
scoring_system epss
scoring_elements 0.78144
published_at 2026-04-18T12:55:00Z
5
value 0.01107
scoring_system epss
scoring_elements 0.78145
published_at 2026-04-16T12:55:00Z
6
value 0.01107
scoring_system epss
scoring_elements 0.7811
published_at 2026-04-13T12:55:00Z
7
value 0.01107
scoring_system epss
scoring_elements 0.78113
published_at 2026-04-12T12:55:00Z
8
value 0.01107
scoring_system epss
scoring_elements 0.78131
published_at 2026-04-11T12:55:00Z
9
value 0.01107
scoring_system epss
scoring_elements 0.78105
published_at 2026-04-09T12:55:00Z
10
value 0.01107
scoring_system epss
scoring_elements 0.78101
published_at 2026-04-08T12:55:00Z
11
value 0.01107
scoring_system epss
scoring_elements 0.78055
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-8738
1
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
2
reference_url https://github.com/apache/struts/commit/554b9dddb0fbd1e581ef577dd62a7c22955ad0f6
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/554b9dddb0fbd1e581ef577dd62a7c22955ad0f6
3
reference_url https://security.netapp.com/advisory/ntap-20180629-0003
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20180629-0003
4
reference_url https://security.netapp.com/advisory/ntap-20180629-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20180629-0003/
5
reference_url https://struts.apache.org/docs/s2-044.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://struts.apache.org/docs/s2-044.html
6
reference_url http://www.securityfocus.com/bid/94657
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/94657
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-8738
reference_id CVE-2016-8738
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:N/A:P
1
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-8738
14
reference_url https://github.com/advisories/GHSA-86vq-8qhc-5rqw
reference_id GHSA-86vq-8qhc-5rqw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-86vq-8qhc-5rqw
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 20
name Improper Input Validation
description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-5qtg-djvn-97ht