Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/4853?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4853?format=api", "vulnerability_id": "VCID-mqnn-spsw-8fg5", "summary": "Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the \"jsonp\" and \"callback\" JSONP parameters, enabling cross-domain requests.", "aliases": [ { "alias": "CVE-2018-11040" }, { "alias": "GHSA-f26x-pr96-vw86" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928706?format=api", "purl": "pkg:deb/debian/libspring-java@4.3.19-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.19-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1051236?format=api", "purl": "pkg:deb/debian/libspring-java@4.3.22-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-y3uz-etva-sufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.22-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/928694?format=api", "purl": "pkg:deb/debian/libspring-java@4.3.30-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.30-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928692?format=api", "purl": "pkg:deb/debian/libspring-java@4.3.30-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.30-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928696?format=api", "purl": "pkg:deb/debian/libspring-java@4.3.30-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.30-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928695?format=api", "purl": "pkg:deb/debian/libspring-java@4.3.30-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.30-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/77878?format=api", "purl": "pkg:maven/org.springframework/spring-core@4.3.18.RELEASE", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ysx-5wcw-f7b5" }, { "vulnerability": "VCID-c74k-e1me-pfb2" }, { "vulnerability": "VCID-cyjt-4vjn-mbc7" }, { "vulnerability": "VCID-k17s-ttg2-ubgj" }, { "vulnerability": "VCID-w6br-v2gm-j7gr" }, { "vulnerability": "VCID-y3uz-etva-sufh" }, { "vulnerability": "VCID-z3th-j593-m7bg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.3.18.RELEASE" }, { "url": "http://public2.vulnerablecode.io/api/packages/77877?format=api", "purl": "pkg:maven/org.springframework/spring-core@5.0.7.RELEASE", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ysx-5wcw-f7b5" }, { "vulnerability": "VCID-c74k-e1me-pfb2" }, { "vulnerability": "VCID-cyjt-4vjn-mbc7" }, { "vulnerability": "VCID-f3g5-hamr-6yar" }, { "vulnerability": "VCID-k17s-ttg2-ubgj" }, { "vulnerability": "VCID-w6br-v2gm-j7gr" }, { "vulnerability": "VCID-y3uz-etva-sufh" }, { "vulnerability": "VCID-z3th-j593-m7bg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.0.7.RELEASE" }, { "url": "http://public2.vulnerablecode.io/api/packages/29139?format=api", "purl": "pkg:maven/org.springframework/spring-web@4.3.18.RELEASE", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ng1-3a32-cugs" }, { "vulnerability": "VCID-kpma-e8rd-b7c8" }, { "vulnerability": "VCID-pht6-8af8-b3f2" }, { "vulnerability": "VCID-x5w8-j62d-m7h6" }, { "vulnerability": "VCID-y3uz-etva-sufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.18.RELEASE" }, { "url": "http://public2.vulnerablecode.io/api/packages/29140?format=api", "purl": "pkg:maven/org.springframework/spring-web@5.0.7.RELEASE", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ng1-3a32-cugs" }, { "vulnerability": "VCID-kpma-e8rd-b7c8" }, { "vulnerability": "VCID-pht6-8af8-b3f2" }, { "vulnerability": "VCID-u7kk-c6fm-judy" }, { "vulnerability": "VCID-x5w8-j62d-m7h6" }, { "vulnerability": "VCID-y3uz-etva-sufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@5.0.7.RELEASE" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051233?format=api", "purl": "pkg:deb/debian/libspring-java@3.0.6.RELEASE-6%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2nff-p7we-tuax" }, { "vulnerability": "VCID-4sj2-j914-9yfb" }, { "vulnerability": "VCID-53gt-nbgk-hyc2" }, { "vulnerability": "VCID-9v66-xp9z-8kea" }, { "vulnerability": "VCID-ajex-5x84-8ygb" }, { "vulnerability": "VCID-asmf-3c71-gqcb" }, { "vulnerability": "VCID-bpme-zq57-4uh7" }, { "vulnerability": "VCID-dfs4-emmn-f3eb" }, { "vulnerability": "VCID-e7xv-sdvz-g7e4" }, { "vulnerability": "VCID-ec6g-dnjb-vycb" }, { "vulnerability": "VCID-eer8-apxc-2ue6" }, { "vulnerability": "VCID-j3wr-npbv-8qcw" }, { "vulnerability": "VCID-kpma-e8rd-b7c8" }, { "vulnerability": "VCID-mqnn-spsw-8fg5" }, { "vulnerability": "VCID-mvx7-2y3s-fbbb" }, { "vulnerability": "VCID-pb7f-yasx-17ag" }, { "vulnerability": "VCID-pht6-8af8-b3f2" }, { "vulnerability": "VCID-qpxj-fzta-v7bs" }, { "vulnerability": "VCID-r384-aque-vqcw" }, { "vulnerability": "VCID-tu1q-zbk1-hbdm" }, { "vulnerability": "VCID-vkf8-5z5m-wqc7" }, { "vulnerability": "VCID-y3uz-etva-sufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@3.0.6.RELEASE-6%252Bdeb7u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1051234?format=api", "purl": "pkg:deb/debian/libspring-java@3.0.6.RELEASE-17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2nff-p7we-tuax" }, { "vulnerability": "VCID-4sj2-j914-9yfb" }, { "vulnerability": "VCID-53gt-nbgk-hyc2" }, { "vulnerability": "VCID-9v66-xp9z-8kea" }, { "vulnerability": "VCID-bpme-zq57-4uh7" }, { "vulnerability": "VCID-dfs4-emmn-f3eb" }, { "vulnerability": "VCID-ec6g-dnjb-vycb" }, { "vulnerability": "VCID-j3wr-npbv-8qcw" }, { "vulnerability": "VCID-kpma-e8rd-b7c8" }, { "vulnerability": "VCID-mqnn-spsw-8fg5" }, { "vulnerability": "VCID-pb7f-yasx-17ag" }, { "vulnerability": "VCID-pht6-8af8-b3f2" }, { "vulnerability": "VCID-qpxj-fzta-v7bs" }, { "vulnerability": "VCID-tu1q-zbk1-hbdm" }, { "vulnerability": "VCID-y3uz-etva-sufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@3.0.6.RELEASE-17" }, { "url": "http://public2.vulnerablecode.io/api/packages/1051235?format=api", "purl": "pkg:deb/debian/libspring-java@4.3.5-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sj2-j914-9yfb" }, { "vulnerability": "VCID-bpme-zq57-4uh7" }, { "vulnerability": "VCID-mqnn-spsw-8fg5" }, { "vulnerability": "VCID-pb7f-yasx-17ag" }, { "vulnerability": "VCID-pht6-8af8-b3f2" }, { "vulnerability": "VCID-qpxj-fzta-v7bs" }, { "vulnerability": "VCID-tu1q-zbk1-hbdm" }, { "vulnerability": "VCID-y3uz-etva-sufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.5-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/24201?format=api", "purl": "pkg:maven/org.springframework/spring-core@4.3.0.RELEASE", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3rev-eg6f-tkb7" }, { "vulnerability": "VCID-6ysx-5wcw-f7b5" }, { "vulnerability": "VCID-c74k-e1me-pfb2" }, { "vulnerability": "VCID-cyjt-4vjn-mbc7" }, { "vulnerability": "VCID-dfs4-emmn-f3eb" }, { "vulnerability": "VCID-j3wr-npbv-8qcw" }, { "vulnerability": "VCID-k17s-ttg2-ubgj" }, { "vulnerability": "VCID-mqnn-spsw-8fg5" }, { "vulnerability": "VCID-pb7f-yasx-17ag" }, { "vulnerability": "VCID-qpxj-fzta-v7bs" }, { "vulnerability": "VCID-w6br-v2gm-j7gr" }, { "vulnerability": "VCID-y3uz-etva-sufh" }, { "vulnerability": "VCID-z3th-j593-m7bg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.3.0.RELEASE" }, { "url": "http://public2.vulnerablecode.io/api/packages/142008?format=api", "purl": "pkg:maven/org.springframework/spring-core@5.0.0.RELEASE", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3rev-eg6f-tkb7" }, { "vulnerability": "VCID-6ysx-5wcw-f7b5" }, { "vulnerability": "VCID-c74k-e1me-pfb2" }, { "vulnerability": "VCID-cyjt-4vjn-mbc7" }, { "vulnerability": "VCID-f3g5-hamr-6yar" }, { "vulnerability": "VCID-k17s-ttg2-ubgj" }, { "vulnerability": "VCID-mqnn-spsw-8fg5" }, { "vulnerability": "VCID-pb7f-yasx-17ag" }, { "vulnerability": "VCID-pht6-8af8-b3f2" }, { "vulnerability": "VCID-qpxj-fzta-v7bs" }, { "vulnerability": "VCID-w6br-v2gm-j7gr" }, { "vulnerability": "VCID-y3uz-etva-sufh" }, { "vulnerability": "VCID-z3th-j593-m7bg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@5.0.0.RELEASE" }, { "url": "http://public2.vulnerablecode.io/api/packages/29134?format=api", "purl": "pkg:maven/org.springframework/spring-web@4.3.0.RELEASE", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ng1-3a32-cugs" }, { "vulnerability": "VCID-kpma-e8rd-b7c8" }, { "vulnerability": "VCID-mqnn-spsw-8fg5" }, { "vulnerability": "VCID-pht6-8af8-b3f2" }, { "vulnerability": "VCID-tu1q-zbk1-hbdm" }, { "vulnerability": "VCID-x5w8-j62d-m7h6" }, { "vulnerability": "VCID-y3uz-etva-sufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.0.RELEASE" }, { "url": "http://public2.vulnerablecode.io/api/packages/173471?format=api", "purl": "pkg:maven/org.springframework/spring-web@4.3.1.RELEASE", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ng1-3a32-cugs" }, { "vulnerability": "VCID-kpma-e8rd-b7c8" }, { "vulnerability": "VCID-mqnn-spsw-8fg5" }, { "vulnerability": "VCID-pht6-8af8-b3f2" }, { "vulnerability": "VCID-tu1q-zbk1-hbdm" }, { "vulnerability": "VCID-x5w8-j62d-m7h6" }, { "vulnerability": "VCID-y3uz-etva-sufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.1.RELEASE" }, { "url": "http://public2.vulnerablecode.io/api/packages/173472?format=api", "purl": "pkg:maven/org.springframework/spring-web@4.3.2.RELEASE", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ng1-3a32-cugs" }, { "vulnerability": "VCID-kpma-e8rd-b7c8" }, { "vulnerability": "VCID-mqnn-spsw-8fg5" }, { "vulnerability": "VCID-pht6-8af8-b3f2" }, { "vulnerability": "VCID-tu1q-zbk1-hbdm" }, { "vulnerability": "VCID-x5w8-j62d-m7h6" }, { "vulnerability": "VCID-y3uz-etva-sufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.2.RELEASE" }, { "url": "http://public2.vulnerablecode.io/api/packages/173473?format=api", "purl": "pkg:maven/org.springframework/spring-web@4.3.3.RELEASE", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ng1-3a32-cugs" }, { "vulnerability": "VCID-kpma-e8rd-b7c8" }, { "vulnerability": "VCID-mqnn-spsw-8fg5" }, { "vulnerability": "VCID-pht6-8af8-b3f2" }, { "vulnerability": "VCID-tu1q-zbk1-hbdm" }, { "vulnerability": "VCID-x5w8-j62d-m7h6" }, { "vulnerability": "VCID-y3uz-etva-sufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.3.RELEASE" }, { "url": "http://public2.vulnerablecode.io/api/packages/173474?format=api", "purl": "pkg:maven/org.springframework/spring-web@4.3.4.RELEASE", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ng1-3a32-cugs" }, { "vulnerability": "VCID-kpma-e8rd-b7c8" }, { "vulnerability": "VCID-mqnn-spsw-8fg5" }, { "vulnerability": "VCID-pht6-8af8-b3f2" }, { "vulnerability": "VCID-tu1q-zbk1-hbdm" }, { "vulnerability": "VCID-x5w8-j62d-m7h6" }, { "vulnerability": "VCID-y3uz-etva-sufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.4.RELEASE" }, { "url": "http://public2.vulnerablecode.io/api/packages/173475?format=api", "purl": "pkg:maven/org.springframework/spring-web@4.3.5.RELEASE", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ng1-3a32-cugs" }, { "vulnerability": "VCID-kpma-e8rd-b7c8" }, { "vulnerability": "VCID-mqnn-spsw-8fg5" }, { "vulnerability": "VCID-pht6-8af8-b3f2" }, { "vulnerability": "VCID-tu1q-zbk1-hbdm" }, { "vulnerability": "VCID-x5w8-j62d-m7h6" }, { "vulnerability": "VCID-y3uz-etva-sufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.5.RELEASE" }, { "url": "http://public2.vulnerablecode.io/api/packages/173476?format=api", "purl": "pkg:maven/org.springframework/spring-web@4.3.6.RELEASE", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ng1-3a32-cugs" }, { "vulnerability": "VCID-kpma-e8rd-b7c8" }, { "vulnerability": "VCID-mqnn-spsw-8fg5" }, { "vulnerability": "VCID-pht6-8af8-b3f2" }, { "vulnerability": "VCID-tu1q-zbk1-hbdm" }, { "vulnerability": "VCID-x5w8-j62d-m7h6" }, { "vulnerability": "VCID-y3uz-etva-sufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.6.RELEASE" }, { "url": "http://public2.vulnerablecode.io/api/packages/173477?format=api", "purl": "pkg:maven/org.springframework/spring-web@4.3.7.RELEASE", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ng1-3a32-cugs" }, { "vulnerability": "VCID-kpma-e8rd-b7c8" }, { "vulnerability": "VCID-mqnn-spsw-8fg5" }, { "vulnerability": "VCID-pht6-8af8-b3f2" }, { "vulnerability": "VCID-tu1q-zbk1-hbdm" }, { "vulnerability": "VCID-x5w8-j62d-m7h6" }, { "vulnerability": "VCID-y3uz-etva-sufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.7.RELEASE" }, { "url": "http://public2.vulnerablecode.io/api/packages/173478?format=api", "purl": "pkg:maven/org.springframework/spring-web@4.3.8.RELEASE", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ng1-3a32-cugs" }, { "vulnerability": "VCID-kpma-e8rd-b7c8" }, { "vulnerability": "VCID-mqnn-spsw-8fg5" }, { "vulnerability": "VCID-pht6-8af8-b3f2" }, { "vulnerability": "VCID-tu1q-zbk1-hbdm" }, { "vulnerability": "VCID-x5w8-j62d-m7h6" }, { "vulnerability": "VCID-y3uz-etva-sufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.8.RELEASE" }, { "url": "http://public2.vulnerablecode.io/api/packages/173479?format=api", "purl": "pkg:maven/org.springframework/spring-web@4.3.9.RELEASE", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ng1-3a32-cugs" }, { "vulnerability": "VCID-kpma-e8rd-b7c8" }, { "vulnerability": "VCID-mqnn-spsw-8fg5" }, { "vulnerability": "VCID-pht6-8af8-b3f2" }, { "vulnerability": "VCID-tu1q-zbk1-hbdm" }, { "vulnerability": "VCID-x5w8-j62d-m7h6" }, { "vulnerability": "VCID-y3uz-etva-sufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.9.RELEASE" }, { "url": "http://public2.vulnerablecode.io/api/packages/173480?format=api", "purl": "pkg:maven/org.springframework/spring-web@4.3.10.RELEASE", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ng1-3a32-cugs" }, { "vulnerability": "VCID-kpma-e8rd-b7c8" }, { "vulnerability": "VCID-mqnn-spsw-8fg5" }, { "vulnerability": "VCID-pht6-8af8-b3f2" }, { "vulnerability": "VCID-tu1q-zbk1-hbdm" }, { "vulnerability": "VCID-x5w8-j62d-m7h6" }, { "vulnerability": "VCID-y3uz-etva-sufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.10.RELEASE" }, { "url": "http://public2.vulnerablecode.io/api/packages/173481?format=api", "purl": "pkg:maven/org.springframework/spring-web@4.3.11.RELEASE", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ng1-3a32-cugs" }, { "vulnerability": "VCID-kpma-e8rd-b7c8" }, { "vulnerability": "VCID-mqnn-spsw-8fg5" }, { "vulnerability": "VCID-pht6-8af8-b3f2" }, { "vulnerability": "VCID-tu1q-zbk1-hbdm" }, { "vulnerability": "VCID-x5w8-j62d-m7h6" }, { "vulnerability": "VCID-y3uz-etva-sufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.11.RELEASE" }, { "url": "http://public2.vulnerablecode.io/api/packages/173482?format=api", "purl": "pkg:maven/org.springframework/spring-web@4.3.12.RELEASE", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ng1-3a32-cugs" }, { "vulnerability": "VCID-kpma-e8rd-b7c8" }, { "vulnerability": "VCID-mqnn-spsw-8fg5" }, { "vulnerability": "VCID-pht6-8af8-b3f2" }, { "vulnerability": "VCID-tu1q-zbk1-hbdm" }, { "vulnerability": "VCID-x5w8-j62d-m7h6" }, { "vulnerability": "VCID-y3uz-etva-sufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.12.RELEASE" }, { "url": "http://public2.vulnerablecode.io/api/packages/173483?format=api", "purl": "pkg:maven/org.springframework/spring-web@4.3.13.RELEASE", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ng1-3a32-cugs" }, { "vulnerability": "VCID-kpma-e8rd-b7c8" }, { "vulnerability": "VCID-mqnn-spsw-8fg5" }, { "vulnerability": "VCID-pht6-8af8-b3f2" }, { "vulnerability": "VCID-tu1q-zbk1-hbdm" }, { "vulnerability": "VCID-x5w8-j62d-m7h6" }, { "vulnerability": "VCID-y3uz-etva-sufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.13.RELEASE" }, { "url": "http://public2.vulnerablecode.io/api/packages/173484?format=api", "purl": "pkg:maven/org.springframework/spring-web@4.3.14.RELEASE", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ng1-3a32-cugs" }, { "vulnerability": "VCID-kpma-e8rd-b7c8" }, { "vulnerability": "VCID-mqnn-spsw-8fg5" }, { "vulnerability": "VCID-pht6-8af8-b3f2" }, { "vulnerability": "VCID-tu1q-zbk1-hbdm" }, { "vulnerability": "VCID-x5w8-j62d-m7h6" }, { "vulnerability": "VCID-y3uz-etva-sufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.14.RELEASE" }, { "url": "http://public2.vulnerablecode.io/api/packages/173485?format=api", "purl": "pkg:maven/org.springframework/spring-web@4.3.15.RELEASE", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ng1-3a32-cugs" }, { "vulnerability": "VCID-kpma-e8rd-b7c8" }, { "vulnerability": "VCID-mqnn-spsw-8fg5" }, { "vulnerability": "VCID-pht6-8af8-b3f2" }, { "vulnerability": "VCID-tu1q-zbk1-hbdm" }, { "vulnerability": "VCID-x5w8-j62d-m7h6" }, { "vulnerability": "VCID-y3uz-etva-sufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.15.RELEASE" }, { "url": "http://public2.vulnerablecode.io/api/packages/173486?format=api", "purl": "pkg:maven/org.springframework/spring-web@4.3.16.RELEASE", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ng1-3a32-cugs" }, { "vulnerability": "VCID-kpma-e8rd-b7c8" }, { "vulnerability": "VCID-mqnn-spsw-8fg5" }, { "vulnerability": "VCID-pht6-8af8-b3f2" }, { "vulnerability": "VCID-tu1q-zbk1-hbdm" }, { "vulnerability": "VCID-x5w8-j62d-m7h6" }, { "vulnerability": "VCID-y3uz-etva-sufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.16.RELEASE" }, { "url": "http://public2.vulnerablecode.io/api/packages/173487?format=api", "purl": "pkg:maven/org.springframework/spring-web@4.3.17.RELEASE", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ng1-3a32-cugs" }, { "vulnerability": "VCID-kpma-e8rd-b7c8" }, { "vulnerability": "VCID-mqnn-spsw-8fg5" }, { "vulnerability": "VCID-pht6-8af8-b3f2" }, { "vulnerability": "VCID-tu1q-zbk1-hbdm" }, { "vulnerability": "VCID-x5w8-j62d-m7h6" }, { "vulnerability": "VCID-y3uz-etva-sufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@4.3.17.RELEASE" }, { "url": "http://public2.vulnerablecode.io/api/packages/29136?format=api", "purl": "pkg:maven/org.springframework/spring-web@5.0.0.RELEASE", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ng1-3a32-cugs" }, { "vulnerability": "VCID-kpma-e8rd-b7c8" }, { "vulnerability": "VCID-mqnn-spsw-8fg5" }, { "vulnerability": "VCID-pht6-8af8-b3f2" }, { "vulnerability": "VCID-tu1q-zbk1-hbdm" }, { "vulnerability": "VCID-u7kk-c6fm-judy" }, { "vulnerability": "VCID-x5w8-j62d-m7h6" }, { "vulnerability": "VCID-y3uz-etva-sufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@5.0.0.RELEASE" }, { "url": "http://public2.vulnerablecode.io/api/packages/173488?format=api", "purl": "pkg:maven/org.springframework/spring-web@5.0.1.RELEASE", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ng1-3a32-cugs" }, { "vulnerability": "VCID-kpma-e8rd-b7c8" }, { "vulnerability": "VCID-mqnn-spsw-8fg5" }, { "vulnerability": "VCID-pht6-8af8-b3f2" }, { "vulnerability": "VCID-tu1q-zbk1-hbdm" }, { "vulnerability": "VCID-u7kk-c6fm-judy" }, { "vulnerability": "VCID-x5w8-j62d-m7h6" }, { "vulnerability": "VCID-y3uz-etva-sufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@5.0.1.RELEASE" }, { "url": "http://public2.vulnerablecode.io/api/packages/173489?format=api", "purl": "pkg:maven/org.springframework/spring-web@5.0.2.RELEASE", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ng1-3a32-cugs" }, { "vulnerability": "VCID-kpma-e8rd-b7c8" }, { "vulnerability": "VCID-mqnn-spsw-8fg5" }, { "vulnerability": "VCID-pht6-8af8-b3f2" }, { "vulnerability": "VCID-tu1q-zbk1-hbdm" }, { "vulnerability": "VCID-u7kk-c6fm-judy" }, { "vulnerability": "VCID-x5w8-j62d-m7h6" }, { "vulnerability": "VCID-y3uz-etva-sufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@5.0.2.RELEASE" }, { "url": "http://public2.vulnerablecode.io/api/packages/173490?format=api", "purl": "pkg:maven/org.springframework/spring-web@5.0.3.RELEASE", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ng1-3a32-cugs" }, { "vulnerability": "VCID-kpma-e8rd-b7c8" }, { "vulnerability": "VCID-mqnn-spsw-8fg5" }, { "vulnerability": "VCID-pht6-8af8-b3f2" }, { "vulnerability": "VCID-tu1q-zbk1-hbdm" }, { "vulnerability": "VCID-u7kk-c6fm-judy" }, { "vulnerability": "VCID-x5w8-j62d-m7h6" }, { "vulnerability": "VCID-y3uz-etva-sufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@5.0.3.RELEASE" }, { "url": "http://public2.vulnerablecode.io/api/packages/173491?format=api", "purl": "pkg:maven/org.springframework/spring-web@5.0.4.RELEASE", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ng1-3a32-cugs" }, { "vulnerability": "VCID-kpma-e8rd-b7c8" }, { "vulnerability": "VCID-mqnn-spsw-8fg5" }, { "vulnerability": "VCID-pht6-8af8-b3f2" }, { "vulnerability": "VCID-tu1q-zbk1-hbdm" }, { "vulnerability": "VCID-u7kk-c6fm-judy" }, { "vulnerability": "VCID-x5w8-j62d-m7h6" }, { "vulnerability": "VCID-y3uz-etva-sufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@5.0.4.RELEASE" }, { "url": "http://public2.vulnerablecode.io/api/packages/173492?format=api", "purl": "pkg:maven/org.springframework/spring-web@5.0.5.RELEASE", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ng1-3a32-cugs" }, { "vulnerability": "VCID-kpma-e8rd-b7c8" }, { "vulnerability": "VCID-mqnn-spsw-8fg5" }, { "vulnerability": "VCID-pht6-8af8-b3f2" }, { "vulnerability": "VCID-tu1q-zbk1-hbdm" }, { "vulnerability": "VCID-u7kk-c6fm-judy" }, { "vulnerability": "VCID-x5w8-j62d-m7h6" }, { "vulnerability": "VCID-y3uz-etva-sufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@5.0.5.RELEASE" }, { "url": "http://public2.vulnerablecode.io/api/packages/173493?format=api", "purl": "pkg:maven/org.springframework/spring-web@5.0.6.RELEASE", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ng1-3a32-cugs" }, { "vulnerability": "VCID-kpma-e8rd-b7c8" }, { "vulnerability": "VCID-mqnn-spsw-8fg5" }, { "vulnerability": "VCID-pht6-8af8-b3f2" }, { "vulnerability": "VCID-tu1q-zbk1-hbdm" }, { "vulnerability": "VCID-u7kk-c6fm-judy" }, { "vulnerability": "VCID-x5w8-j62d-m7h6" }, { "vulnerability": "VCID-y3uz-etva-sufh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-web@5.0.6.RELEASE" } ], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11040.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11040.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11040", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07316", "scoring_system": "epss", "scoring_elements": "0.91701", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.07316", "scoring_system": "epss", "scoring_elements": "0.91708", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.07316", "scoring_system": "epss", "scoring_elements": "0.91687", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.07316", "scoring_system": "epss", "scoring_elements": "0.91691", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.07316", "scoring_system": "epss", "scoring_elements": "0.91689", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.07316", "scoring_system": "epss", "scoring_elements": "0.91685", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.07316", "scoring_system": "epss", "scoring_elements": "0.91679", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.07316", "scoring_system": "epss", "scoring_elements": "0.91666", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.07316", "scoring_system": "epss", "scoring_elements": "0.91657", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.07316", "scoring_system": "epss", "scoring_elements": "0.91651", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.07316", "scoring_system": "epss", "scoring_elements": "0.91644", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11040" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11040", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11040" }, { "reference_url": "https://github.com/spring-projects/spring-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/spring-projects/spring-framework" }, { "reference_url": "https://github.com/spring-projects/spring-framework/commit/874859493bbda59739c38c7e52eb3625f247b93", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/spring-projects/spring-framework/commit/874859493bbda59739c38c7e52eb3625f247b93" }, { "reference_url": "https://github.com/spring-projects/spring-framework/commit/874859493bbda59739c38c7e52eb3625f247b93a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/spring-projects/spring-framework/commit/874859493bbda59739c38c7e52eb3625f247b93a" }, { "reference_url": "https://github.com/spring-projects/spring-framework/commit/b80c13b722bb207ddf43f53a007ee3ddc1dd2e2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/spring-projects/spring-framework/commit/b80c13b722bb207ddf43f53a007ee3ddc1dd2e2" }, { "reference_url": "https://github.com/spring-projects/spring-framework/commit/b80c13b722bb207ddf43f53a007ee3ddc1dd2e26", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/spring-projects/spring-framework/commit/b80c13b722bb207ddf43f53a007ee3ddc1dd2e26" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591931", "reference_id": "1591931", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591931" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_network_integrity:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_network_integrity:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_network_integrity:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_online_mediation_controller:6.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_online_mediation_controller:6.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_online_mediation_controller:6.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager:13.2:*:*:*:*:mysql:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager:13.2:*:*:*:*:mysql:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager:13.2:*:*:*:*:mysql:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:12.0.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:12.0.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:12.0.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:12.0.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:12.1.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:12.1.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:2.0.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:flexcube_private_banking:2.0.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:2.0.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:2.2.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:flexcube_private_banking:2.2.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:2.2.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:insurance_calculation_engine:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:insurance_calculation_engine:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:insurance_calculation_engine:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:micros_lucas:2.9.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:micros_lucas:2.9.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:micros_lucas:2.9.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:product_lifecycle_management:9.3.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:product_lifecycle_management:9.3.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:product_lifecycle_management:9.3.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_markdown_optimization:13.4.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:retail_markdown_optimization:13.4.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_markdown_optimization:13.4.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_predictive_application_server:14.0.3.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:retail_predictive_application_server:14.0.3.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_predictive_application_server:14.0.3.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.37:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.37:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.37:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.100:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.100:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.100:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_service_backbone:16.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:retail_service_backbone:16.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_service_backbone:16.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11040", "reference_id": "CVE-2018-11040", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" }, { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11040" }, { "reference_url": "https://pivotal.io/security/cve-2018-11040", "reference_id": "CVE-2018-11040", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pivotal.io/security/cve-2018-11040" }, { "reference_url": "https://github.com/advisories/GHSA-f26x-pr96-vw86", "reference_id": "GHSA-f26x-pr96-vw86", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f26x-pr96-vw86" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 829, "name": "Inclusion of Functionality from Untrusted Control Sphere", "description": "The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 79, "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "description": "The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users." } ], "exploits": [], "severity_range_score": "3.7 - 7.5", "exploitability": "0.5", "weighted_severity": "6.8", "risk_score": 3.4, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mqnn-spsw-8fg5" }