Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-fwnu-d26u-pufq
SummaryApache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method.
Aliases
0
alias CVE-2016-4431
1
alias GHSA-vq79-mgpx-2wx4
Fixed_packages
Affected_packages
0
url pkg:maven/org.apache.struts/struts-master@2.3.20
purl pkg:maven/org.apache.struts/struts-master@2.3.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fwnu-d26u-pufq
1
vulnerability VCID-js22-usgt-8qd9
2
vulnerability VCID-zc1y-ff37-nqat
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts-master@2.3.20
1
url pkg:maven/org.apache.struts/struts-master@2.3.28.1
purl pkg:maven/org.apache.struts/struts-master@2.3.28.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fwnu-d26u-pufq
1
vulnerability VCID-js22-usgt-8qd9
2
vulnerability VCID-zc1y-ff37-nqat
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts-master@2.3.28.1
2
url pkg:maven/org.apache.struts/struts-parent@2.3.20
purl pkg:maven/org.apache.struts/struts-parent@2.3.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fwnu-d26u-pufq
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts-parent@2.3.20
3
url pkg:maven/org.apache.struts/struts-parent@2.3.28.1
purl pkg:maven/org.apache.struts/struts-parent@2.3.28.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fwnu-d26u-pufq
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts-parent@2.3.28.1
References
0
reference_url http://jvndb.jvn.jp/jvndb/JVNDB-2016-000113
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://jvndb.jvn.jp/jvndb/JVNDB-2016-000113
1
reference_url http://jvn.jp/en/jp/JVN45093481/index.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://jvn.jp/en/jp/JVN45093481/index.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4431.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4431.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-4431
reference_id
reference_type
scores
0
value 0.08174
scoring_system epss
scoring_elements 0.92206
published_at 2026-04-26T12:55:00Z
1
value 0.08174
scoring_system epss
scoring_elements 0.92157
published_at 2026-04-01T12:55:00Z
2
value 0.08174
scoring_system epss
scoring_elements 0.92165
published_at 2026-04-02T12:55:00Z
3
value 0.08174
scoring_system epss
scoring_elements 0.92171
published_at 2026-04-04T12:55:00Z
4
value 0.08174
scoring_system epss
scoring_elements 0.92174
published_at 2026-04-07T12:55:00Z
5
value 0.08174
scoring_system epss
scoring_elements 0.92185
published_at 2026-04-08T12:55:00Z
6
value 0.08174
scoring_system epss
scoring_elements 0.92188
published_at 2026-04-09T12:55:00Z
7
value 0.08174
scoring_system epss
scoring_elements 0.92194
published_at 2026-04-12T12:55:00Z
8
value 0.08174
scoring_system epss
scoring_elements 0.9219
published_at 2026-04-13T12:55:00Z
9
value 0.08174
scoring_system epss
scoring_elements 0.92201
published_at 2026-04-16T12:55:00Z
10
value 0.08174
scoring_system epss
scoring_elements 0.922
published_at 2026-04-18T12:55:00Z
11
value 0.08174
scoring_system epss
scoring_elements 0.92203
published_at 2026-04-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-4431
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1348252
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1348252
5
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
6
reference_url https://github.com/apache/struts/commit/b28b78c062f0bf3c79793a25aab8c9b6c12bce6e
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/b28b78c062f0bf3c79793a25aab8c9b6c12bce6e
7
reference_url https://github.com/apache/struts/commit/eccc31ebce5430f9e91b9684c63eaaf885e603f9
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/eccc31ebce5430f9e91b9684c63eaaf885e603f9
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-4431
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N
1
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-4431
9
reference_url https://struts.apache.org/docs/s2-040.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://struts.apache.org/docs/s2-040.html
10
reference_url https://web.archive.org/web/20210123145002/http://www.securityfocus.com/bid/91284
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210123145002/http://www.securityfocus.com/bid/91284
11
reference_url http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282
12
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21987854
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg21987854
13
reference_url http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
14
reference_url http://www.securityfocus.com/bid/91284
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/91284
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*
22
reference_url https://github.com/advisories/GHSA-vq79-mgpx-2wx4
reference_id GHSA-vq79-mgpx-2wx4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vq79-mgpx-2wx4
Weaknesses
0
cwe_id 20
name Improper Input Validation
description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
1
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score5.0 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-fwnu-d26u-pufq