Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-zkg1-bed6-bbfv
SummaryIf an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12.
Aliases
0
alias CVE-2017-7672
1
alias GHSA-9gp7-jvm2-r4mx
Fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.5.12
purl pkg:maven/org.apache.struts/struts2-core@2.5.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3yq7-n972-j7dh
1
vulnerability VCID-79j9-v8gz-rfax
2
vulnerability VCID-87fh-rvvb-6ubq
3
vulnerability VCID-95ts-vpk6-uubg
4
vulnerability VCID-b7zy-qhz9-tuar
5
vulnerability VCID-bgbt-j1n9-6yg5
6
vulnerability VCID-cm62-bsdz-yye2
7
vulnerability VCID-dk2f-14xj-9bf8
8
vulnerability VCID-gfxq-vtry-bqgg
9
vulnerability VCID-hgj2-vqzn-gyeb
10
vulnerability VCID-mdde-pa5h-w7g4
11
vulnerability VCID-tgd1-s1yg-9fdt
12
vulnerability VCID-y5uq-a6dx-3yd4
13
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.12
Affected_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.5.0
purl pkg:maven/org.apache.struts/struts2-core@2.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-579w-2k2v-efa2
1
vulnerability VCID-5qtg-djvn-97ht
2
vulnerability VCID-74ab-1p1c-4qbd
3
vulnerability VCID-7c97-nj5a-hqb8
4
vulnerability VCID-j8jv-hzsy-nyec
5
vulnerability VCID-mdde-pa5h-w7g4
6
vulnerability VCID-sf53-bgb2-7ue2
7
vulnerability VCID-tgd1-s1yg-9fdt
8
vulnerability VCID-y4qu-21c9-6fav
9
vulnerability VCID-zkg1-bed6-bbfv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.0
1
url pkg:maven/org.apache.struts/struts2-core@2.5
purl pkg:maven/org.apache.struts/struts2-core@2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3yq7-n972-j7dh
1
vulnerability VCID-579w-2k2v-efa2
2
vulnerability VCID-5qtg-djvn-97ht
3
vulnerability VCID-74ab-1p1c-4qbd
4
vulnerability VCID-79j9-v8gz-rfax
5
vulnerability VCID-7c97-nj5a-hqb8
6
vulnerability VCID-87fh-rvvb-6ubq
7
vulnerability VCID-95ts-vpk6-uubg
8
vulnerability VCID-b7zy-qhz9-tuar
9
vulnerability VCID-bgbt-j1n9-6yg5
10
vulnerability VCID-cm62-bsdz-yye2
11
vulnerability VCID-dk2f-14xj-9bf8
12
vulnerability VCID-gfxq-vtry-bqgg
13
vulnerability VCID-hgj2-vqzn-gyeb
14
vulnerability VCID-mdde-pa5h-w7g4
15
vulnerability VCID-sf53-bgb2-7ue2
16
vulnerability VCID-tgd1-s1yg-9fdt
17
vulnerability VCID-y4qu-21c9-6fav
18
vulnerability VCID-y5uq-a6dx-3yd4
19
vulnerability VCID-ygbu-vb2t-jqhx
20
vulnerability VCID-zkg1-bed6-bbfv
21
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5
2
url pkg:maven/org.apache.struts/struts2-core@2.5.1
purl pkg:maven/org.apache.struts/struts2-core@2.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3yq7-n972-j7dh
1
vulnerability VCID-579w-2k2v-efa2
2
vulnerability VCID-5qtg-djvn-97ht
3
vulnerability VCID-74ab-1p1c-4qbd
4
vulnerability VCID-79j9-v8gz-rfax
5
vulnerability VCID-7c97-nj5a-hqb8
6
vulnerability VCID-87fh-rvvb-6ubq
7
vulnerability VCID-95ts-vpk6-uubg
8
vulnerability VCID-b7zy-qhz9-tuar
9
vulnerability VCID-bgbt-j1n9-6yg5
10
vulnerability VCID-cm62-bsdz-yye2
11
vulnerability VCID-dk2f-14xj-9bf8
12
vulnerability VCID-gfxq-vtry-bqgg
13
vulnerability VCID-hgj2-vqzn-gyeb
14
vulnerability VCID-mdde-pa5h-w7g4
15
vulnerability VCID-tgd1-s1yg-9fdt
16
vulnerability VCID-y4qu-21c9-6fav
17
vulnerability VCID-y5uq-a6dx-3yd4
18
vulnerability VCID-zkg1-bed6-bbfv
19
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.1
3
url pkg:maven/org.apache.struts/struts2-core@2.5.2
purl pkg:maven/org.apache.struts/struts2-core@2.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3yq7-n972-j7dh
1
vulnerability VCID-579w-2k2v-efa2
2
vulnerability VCID-5qtg-djvn-97ht
3
vulnerability VCID-74ab-1p1c-4qbd
4
vulnerability VCID-79j9-v8gz-rfax
5
vulnerability VCID-7c97-nj5a-hqb8
6
vulnerability VCID-87fh-rvvb-6ubq
7
vulnerability VCID-95ts-vpk6-uubg
8
vulnerability VCID-b7zy-qhz9-tuar
9
vulnerability VCID-bgbt-j1n9-6yg5
10
vulnerability VCID-cm62-bsdz-yye2
11
vulnerability VCID-dk2f-14xj-9bf8
12
vulnerability VCID-gfxq-vtry-bqgg
13
vulnerability VCID-hgj2-vqzn-gyeb
14
vulnerability VCID-mdde-pa5h-w7g4
15
vulnerability VCID-tgd1-s1yg-9fdt
16
vulnerability VCID-y4qu-21c9-6fav
17
vulnerability VCID-y5uq-a6dx-3yd4
18
vulnerability VCID-zkg1-bed6-bbfv
19
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.2
4
url pkg:maven/org.apache.struts/struts2-core@2.5.5
purl pkg:maven/org.apache.struts/struts2-core@2.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3yq7-n972-j7dh
1
vulnerability VCID-579w-2k2v-efa2
2
vulnerability VCID-5qtg-djvn-97ht
3
vulnerability VCID-79j9-v8gz-rfax
4
vulnerability VCID-7c97-nj5a-hqb8
5
vulnerability VCID-87fh-rvvb-6ubq
6
vulnerability VCID-95ts-vpk6-uubg
7
vulnerability VCID-b7zy-qhz9-tuar
8
vulnerability VCID-bgbt-j1n9-6yg5
9
vulnerability VCID-cm62-bsdz-yye2
10
vulnerability VCID-dk2f-14xj-9bf8
11
vulnerability VCID-gfxq-vtry-bqgg
12
vulnerability VCID-hgj2-vqzn-gyeb
13
vulnerability VCID-mdde-pa5h-w7g4
14
vulnerability VCID-tgd1-s1yg-9fdt
15
vulnerability VCID-y4qu-21c9-6fav
16
vulnerability VCID-y5uq-a6dx-3yd4
17
vulnerability VCID-zkg1-bed6-bbfv
18
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.5
5
url pkg:maven/org.apache.struts/struts2-core@2.5.8
purl pkg:maven/org.apache.struts/struts2-core@2.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3yq7-n972-j7dh
1
vulnerability VCID-579w-2k2v-efa2
2
vulnerability VCID-79j9-v8gz-rfax
3
vulnerability VCID-7c97-nj5a-hqb8
4
vulnerability VCID-87fh-rvvb-6ubq
5
vulnerability VCID-95ts-vpk6-uubg
6
vulnerability VCID-b7zy-qhz9-tuar
7
vulnerability VCID-bgbt-j1n9-6yg5
8
vulnerability VCID-cm62-bsdz-yye2
9
vulnerability VCID-dk2f-14xj-9bf8
10
vulnerability VCID-gfxq-vtry-bqgg
11
vulnerability VCID-hgj2-vqzn-gyeb
12
vulnerability VCID-mdde-pa5h-w7g4
13
vulnerability VCID-tgd1-s1yg-9fdt
14
vulnerability VCID-y4qu-21c9-6fav
15
vulnerability VCID-y5uq-a6dx-3yd4
16
vulnerability VCID-zkg1-bed6-bbfv
17
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.8
6
url pkg:maven/org.apache.struts/struts2-core@2.5.10
purl pkg:maven/org.apache.struts/struts2-core@2.5.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3yq7-n972-j7dh
1
vulnerability VCID-579w-2k2v-efa2
2
vulnerability VCID-79j9-v8gz-rfax
3
vulnerability VCID-7c97-nj5a-hqb8
4
vulnerability VCID-87fh-rvvb-6ubq
5
vulnerability VCID-95ts-vpk6-uubg
6
vulnerability VCID-b7zy-qhz9-tuar
7
vulnerability VCID-bgbt-j1n9-6yg5
8
vulnerability VCID-cm62-bsdz-yye2
9
vulnerability VCID-dk2f-14xj-9bf8
10
vulnerability VCID-gfxq-vtry-bqgg
11
vulnerability VCID-hgj2-vqzn-gyeb
12
vulnerability VCID-mdde-pa5h-w7g4
13
vulnerability VCID-tgd1-s1yg-9fdt
14
vulnerability VCID-y4qu-21c9-6fav
15
vulnerability VCID-y5uq-a6dx-3yd4
16
vulnerability VCID-zkg1-bed6-bbfv
17
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.10
7
url pkg:maven/org.apache.struts/struts2-core@2.5.10.1
purl pkg:maven/org.apache.struts/struts2-core@2.5.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3yq7-n972-j7dh
1
vulnerability VCID-579w-2k2v-efa2
2
vulnerability VCID-79j9-v8gz-rfax
3
vulnerability VCID-87fh-rvvb-6ubq
4
vulnerability VCID-95ts-vpk6-uubg
5
vulnerability VCID-b7zy-qhz9-tuar
6
vulnerability VCID-bgbt-j1n9-6yg5
7
vulnerability VCID-cm62-bsdz-yye2
8
vulnerability VCID-dk2f-14xj-9bf8
9
vulnerability VCID-gfxq-vtry-bqgg
10
vulnerability VCID-hgj2-vqzn-gyeb
11
vulnerability VCID-mdde-pa5h-w7g4
12
vulnerability VCID-tgd1-s1yg-9fdt
13
vulnerability VCID-y4qu-21c9-6fav
14
vulnerability VCID-y5uq-a6dx-3yd4
15
vulnerability VCID-zkg1-bed6-bbfv
16
vulnerability VCID-zxww-8kb3-tufv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.10.1
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7672.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7672.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-7672
reference_id
reference_type
scores
0
value 0.01346
scoring_system epss
scoring_elements 0.801
published_at 2026-04-18T12:55:00Z
1
value 0.01346
scoring_system epss
scoring_elements 0.80072
published_at 2026-04-13T12:55:00Z
2
value 0.01346
scoring_system epss
scoring_elements 0.8008
published_at 2026-04-12T12:55:00Z
3
value 0.01346
scoring_system epss
scoring_elements 0.80096
published_at 2026-04-11T12:55:00Z
4
value 0.01346
scoring_system epss
scoring_elements 0.80076
published_at 2026-04-09T12:55:00Z
5
value 0.01346
scoring_system epss
scoring_elements 0.80028
published_at 2026-04-02T12:55:00Z
6
value 0.01346
scoring_system epss
scoring_elements 0.80021
published_at 2026-04-01T12:55:00Z
7
value 0.01346
scoring_system epss
scoring_elements 0.80068
published_at 2026-04-08T12:55:00Z
8
value 0.01346
scoring_system epss
scoring_elements 0.8004
published_at 2026-04-07T12:55:00Z
9
value 0.01346
scoring_system epss
scoring_elements 0.8005
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-7672
2
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
3
reference_url https://github.com/apache/struts/commit/931df54ab379bf4eb5a625bf05066b8563c3737b
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/931df54ab379bf4eb5a625bf05066b8563c3737b
4
reference_url https://lists.apache.org/thread.html/3795c4dd46d9ec75f4a6eb9eca11c11edd3e796c6c1fd7b17b5dc50d@%3Cannouncements.struts.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/3795c4dd46d9ec75f4a6eb9eca11c11edd3e796c6c1fd7b17b5dc50d@%3Cannouncements.struts.apache.org%3E
5
reference_url https://security.netapp.com/advisory/ntap-20180706-0002
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20180706-0002
6
reference_url https://security.netapp.com/advisory/ntap-20180706-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20180706-0002/
7
reference_url http://struts.apache.org/docs/s2-047.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/docs/s2-047.html
8
reference_url https://web.archive.org/web/20170907215142/http://www.securitytracker.com/id/1039114
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20170907215142/http://www.securitytracker.com/id/1039114
9
reference_url https://web.archive.org/web/20200227144724/http://www.securityfocus.com/bid/99563
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227144724/http://www.securityfocus.com/bid/99563
10
reference_url http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html
11
reference_url http://www.securityfocus.com/bid/99563
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/99563
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1480614
reference_id 1480614
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1480614
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7672
reference_id CVE-2017-7672
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-7672
14
reference_url https://github.com/advisories/GHSA-9gp7-jvm2-r4mx
reference_id GHSA-9gp7-jvm2-r4mx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9gp7-jvm2-r4mx
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 20
name Improper Input Validation
description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score3.1 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-zkg1-bed6-bbfv