Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-cuwt-vtwk-9qfc

Summary

Multiple vulnerabilities have been found in JasPer, the worst of
    which could result in a Denial of Service condition.

Aliases

alias	CVE-2018-20584

Fixed_packages

Affected_packages

url pkg:ebuild/media-libs/jasper@2.0.16

purl pkg:ebuild/media-libs/jasper@2.0.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14uc-suy4-vkav

vulnerability	VCID-411s-m5hf-13ea

vulnerability	VCID-43tr-aux5-xfg4

vulnerability	VCID-4uee-ywf5-77fg

vulnerability	VCID-71h8-gwku-nyba

vulnerability	VCID-8kug-2mr4-n7ap

vulnerability	VCID-bvgt-kswn-s3gu

vulnerability	VCID-cuwt-vtwk-9qfc

vulnerability	VCID-d55p-qzv3-abba

vulnerability	VCID-ddwa-ag8b-5kd3

vulnerability	VCID-fs57-6w4t-7khr

vulnerability	VCID-g8fd-dzfe-wqck

vulnerability	VCID-gqb1-mvjf-hfch

vulnerability	VCID-j7jh-x7p4-tbfg

vulnerability	VCID-mf2h-8nqn-73h9

vulnerability	VCID-mpy2-q1kz-mqbd

vulnerability	VCID-pzmn-b9g7-hqfy

vulnerability	VCID-u84u-4sre-sqez

vulnerability	VCID-unhd-qymu-j7a6

vulnerability	VCID-uzf7-rgm3-ykap

vulnerability	VCID-wjhs-wew4-3yhs

vulnerability	VCID-y4g3-1zev-nyda

resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/jasper@2.0.16

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20584.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20584.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-20584

reference_id

reference_type

scores

value	0.00279
scoring_system	epss
scoring_elements	0.51191
published_at	2026-04-01T12:55:00Z

value	0.00279
scoring_system	epss
scoring_elements	0.51264
published_at	2026-04-24T12:55:00Z

value	0.00279
scoring_system	epss
scoring_elements	0.5133
published_at	2026-04-16T12:55:00Z

value	0.00279
scoring_system	epss
scoring_elements	0.51338
published_at	2026-04-18T12:55:00Z

value	0.00279
scoring_system	epss
scoring_elements	0.51317
published_at	2026-04-21T12:55:00Z

value	0.00279
scoring_system	epss
scoring_elements	0.51244
published_at	2026-04-02T12:55:00Z

value	0.00279
scoring_system	epss
scoring_elements	0.51269
published_at	2026-04-04T12:55:00Z

value	0.00279
scoring_system	epss
scoring_elements	0.51228
published_at	2026-04-07T12:55:00Z

value	0.00279
scoring_system	epss
scoring_elements	0.51283
published_at	2026-04-08T12:55:00Z

value	0.00279
scoring_system	epss
scoring_elements	0.5128
published_at	2026-04-09T12:55:00Z

value	0.00279
scoring_system	epss
scoring_elements	0.51324
published_at	2026-04-11T12:55:00Z

value	0.00279
scoring_system	epss
scoring_elements	0.51303
published_at	2026-04-12T12:55:00Z

value	0.00279
scoring_system	epss
scoring_elements	0.51289
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-20584

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/mdadams/jasper/issues/192
reference_id
reference_type
scores
url	https://github.com/mdadams/jasper/issues/192

reference_url	https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html

reference_url	https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url	http://www.securityfocus.com/bid/106356
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/106356

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1664864
reference_id	1664864
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1664864

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jasper_project:jasper:2.0.14:::::::*
reference_id	cpe:2.3:a:jasper_project:jasper:2.0.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jasper_project:jasper:2.0.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:outside_in_technology:8.5.4:::::::*
reference_id	cpe:2.3:a:oracle:outside_in_technology:8.5.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:outside_in_technology:8.5.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-20584

reference_id

CVE-2018-20584

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-20584

reference_url	https://security.gentoo.org/glsa/201908-03
reference_id	GLSA-201908-03
reference_type
scores
url	https://security.gentoo.org/glsa/201908-03

Weaknesses

cwe_id	400
name	Uncontrolled Resource Consumption
description	The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

Exploits

Severity_range_score 3.3 - 6.5

Exploitability 0.5

Weighted_severity 5.9

Risk_score 3.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cuwt-vtwk-9qfc

Vulnerability Instance