Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-bdv1-cuyk-sqc1
Summary
Deserialization of Untrusted Data and Code Injection in xstream
It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regression of CVE-2013-7285)
Aliases
0
alias CVE-2019-10173
1
alias GHSA-hf23-9pf7-388p
Fixed_packages
0
url pkg:deb/debian/libxstream-java@1.4.11-1?distro=trixie
purl pkg:deb/debian/libxstream-java@1.4.11-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxstream-java@1.4.11-1%3Fdistro=trixie
1
url pkg:deb/debian/libxstream-java@1.4.11.1-1%2Bdeb10u3
purl pkg:deb/debian/libxstream-java@1.4.11.1-1%2Bdeb10u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12bx-r37t-3ygm
1
vulnerability VCID-2t1b-135u-euem
2
vulnerability VCID-6mz4-fu3s-vycx
3
vulnerability VCID-7ma6-2uv1-sbef
4
vulnerability VCID-8gha-n6ke-nucu
5
vulnerability VCID-9442-1vwr-5fbt
6
vulnerability VCID-c5tu-31kw-mfcf
7
vulnerability VCID-dxpe-qmxq-ykax
8
vulnerability VCID-eeye-wfxf-x7cc
9
vulnerability VCID-f779-wcjk-kfc1
10
vulnerability VCID-fcg2-x3s5-wudk
11
vulnerability VCID-hsja-ryzy-7bbx
12
vulnerability VCID-na6t-mkxt-3qbw
13
vulnerability VCID-npjx-vkrd-9bae
14
vulnerability VCID-nrf7-heu6-vfdc
15
vulnerability VCID-qh44-75jb-wbhf
16
vulnerability VCID-qvbb-jhkk-2udw
17
vulnerability VCID-qwp5-wae9-cffb
18
vulnerability VCID-re5g-6kjz-q7e8
19
vulnerability VCID-rfc1-r1gr-wffp
20
vulnerability VCID-sqb5-brnu-vfbk
21
vulnerability VCID-u5yy-xx6z-dfh6
22
vulnerability VCID-v7za-zjfx-mqek
23
vulnerability VCID-vn1d-9uf5-gbce
24
vulnerability VCID-vpxs-6wcf-ckh9
25
vulnerability VCID-wehr-d623-akaj
26
vulnerability VCID-xdpy-sx55-b3ac
27
vulnerability VCID-xsr8-3cke-33ck
28
vulnerability VCID-yb4j-92y9-nfb5
29
vulnerability VCID-yuwe-6pp1-bke2
30
vulnerability VCID-zm9c-xw64-5qcc
31
vulnerability VCID-zmh2-t17w-wue1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxstream-java@1.4.11.1-1%252Bdeb10u3
2
url pkg:deb/debian/libxstream-java@1.4.15-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/libxstream-java@1.4.15-3%2Bdeb11u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxstream-java@1.4.15-3%252Bdeb11u2%3Fdistro=trixie
3
url pkg:deb/debian/libxstream-java@1.4.20-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/libxstream-java@1.4.20-1%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxstream-java@1.4.20-1%252Bdeb12u1%3Fdistro=trixie
4
url pkg:deb/debian/libxstream-java@1.4.21-1?distro=trixie
purl pkg:deb/debian/libxstream-java@1.4.21-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxstream-java@1.4.21-1%3Fdistro=trixie
5
url pkg:maven/com.thoughtworks.xstream/xstream@1.4.11
purl pkg:maven/com.thoughtworks.xstream/xstream@1.4.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12bx-r37t-3ygm
1
vulnerability VCID-2t1b-135u-euem
2
vulnerability VCID-6mz4-fu3s-vycx
3
vulnerability VCID-7ma6-2uv1-sbef
4
vulnerability VCID-8gha-n6ke-nucu
5
vulnerability VCID-9442-1vwr-5fbt
6
vulnerability VCID-c5tu-31kw-mfcf
7
vulnerability VCID-dxpe-qmxq-ykax
8
vulnerability VCID-eeye-wfxf-x7cc
9
vulnerability VCID-exrn-u19r-wfd8
10
vulnerability VCID-f779-wcjk-kfc1
11
vulnerability VCID-fcg2-x3s5-wudk
12
vulnerability VCID-hqzr-vc5w-9ff5
13
vulnerability VCID-hsja-ryzy-7bbx
14
vulnerability VCID-mfub-hwcq-pqbt
15
vulnerability VCID-na6t-mkxt-3qbw
16
vulnerability VCID-npjx-vkrd-9bae
17
vulnerability VCID-nrf7-heu6-vfdc
18
vulnerability VCID-qh44-75jb-wbhf
19
vulnerability VCID-qvbb-jhkk-2udw
20
vulnerability VCID-qwp5-wae9-cffb
21
vulnerability VCID-re5g-6kjz-q7e8
22
vulnerability VCID-rfc1-r1gr-wffp
23
vulnerability VCID-sqb5-brnu-vfbk
24
vulnerability VCID-u5yy-xx6z-dfh6
25
vulnerability VCID-v7za-zjfx-mqek
26
vulnerability VCID-vn1d-9uf5-gbce
27
vulnerability VCID-vpxs-6wcf-ckh9
28
vulnerability VCID-wehr-d623-akaj
29
vulnerability VCID-xdpy-sx55-b3ac
30
vulnerability VCID-xsr8-3cke-33ck
31
vulnerability VCID-yb4j-92y9-nfb5
32
vulnerability VCID-yuwe-6pp1-bke2
33
vulnerability VCID-zm9c-xw64-5qcc
34
vulnerability VCID-zmh2-t17w-wue1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.thoughtworks.xstream/xstream@1.4.11
Affected_packages
0
url pkg:deb/debian/libxstream-java@1.3-1
purl pkg:deb/debian/libxstream-java@1.3-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12bx-r37t-3ygm
1
vulnerability VCID-2t1b-135u-euem
2
vulnerability VCID-6mz4-fu3s-vycx
3
vulnerability VCID-7ma6-2uv1-sbef
4
vulnerability VCID-8gha-n6ke-nucu
5
vulnerability VCID-9442-1vwr-5fbt
6
vulnerability VCID-bdv1-cuyk-sqc1
7
vulnerability VCID-c5tu-31kw-mfcf
8
vulnerability VCID-dxpe-qmxq-ykax
9
vulnerability VCID-eeye-wfxf-x7cc
10
vulnerability VCID-f779-wcjk-kfc1
11
vulnerability VCID-fcg2-x3s5-wudk
12
vulnerability VCID-hsja-ryzy-7bbx
13
vulnerability VCID-na6t-mkxt-3qbw
14
vulnerability VCID-nn7p-d7hz-53d5
15
vulnerability VCID-npjx-vkrd-9bae
16
vulnerability VCID-nrf7-heu6-vfdc
17
vulnerability VCID-qh44-75jb-wbhf
18
vulnerability VCID-qvbb-jhkk-2udw
19
vulnerability VCID-qwp5-wae9-cffb
20
vulnerability VCID-re5g-6kjz-q7e8
21
vulnerability VCID-rfc1-r1gr-wffp
22
vulnerability VCID-sqb5-brnu-vfbk
23
vulnerability VCID-u5yy-xx6z-dfh6
24
vulnerability VCID-v7za-zjfx-mqek
25
vulnerability VCID-vn1d-9uf5-gbce
26
vulnerability VCID-vpxs-6wcf-ckh9
27
vulnerability VCID-wehr-d623-akaj
28
vulnerability VCID-xdpy-sx55-b3ac
29
vulnerability VCID-xsr8-3cke-33ck
30
vulnerability VCID-y8ub-2kad-kqbs
31
vulnerability VCID-yb4j-92y9-nfb5
32
vulnerability VCID-yuwe-6pp1-bke2
33
vulnerability VCID-zm9c-xw64-5qcc
34
vulnerability VCID-zmh2-t17w-wue1
35
vulnerability VCID-znut-tkpq-b7cu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxstream-java@1.3-1
1
url pkg:deb/debian/libxstream-java@1.3.1-6
purl pkg:deb/debian/libxstream-java@1.3.1-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12bx-r37t-3ygm
1
vulnerability VCID-2t1b-135u-euem
2
vulnerability VCID-6mz4-fu3s-vycx
3
vulnerability VCID-7ma6-2uv1-sbef
4
vulnerability VCID-8gha-n6ke-nucu
5
vulnerability VCID-9442-1vwr-5fbt
6
vulnerability VCID-bdv1-cuyk-sqc1
7
vulnerability VCID-c5tu-31kw-mfcf
8
vulnerability VCID-dxpe-qmxq-ykax
9
vulnerability VCID-eeye-wfxf-x7cc
10
vulnerability VCID-f779-wcjk-kfc1
11
vulnerability VCID-fcg2-x3s5-wudk
12
vulnerability VCID-hsja-ryzy-7bbx
13
vulnerability VCID-na6t-mkxt-3qbw
14
vulnerability VCID-nn7p-d7hz-53d5
15
vulnerability VCID-npjx-vkrd-9bae
16
vulnerability VCID-nrf7-heu6-vfdc
17
vulnerability VCID-qh44-75jb-wbhf
18
vulnerability VCID-qvbb-jhkk-2udw
19
vulnerability VCID-qwp5-wae9-cffb
20
vulnerability VCID-re5g-6kjz-q7e8
21
vulnerability VCID-rfc1-r1gr-wffp
22
vulnerability VCID-sqb5-brnu-vfbk
23
vulnerability VCID-u5yy-xx6z-dfh6
24
vulnerability VCID-v7za-zjfx-mqek
25
vulnerability VCID-vn1d-9uf5-gbce
26
vulnerability VCID-vpxs-6wcf-ckh9
27
vulnerability VCID-wehr-d623-akaj
28
vulnerability VCID-xdpy-sx55-b3ac
29
vulnerability VCID-xsr8-3cke-33ck
30
vulnerability VCID-y8ub-2kad-kqbs
31
vulnerability VCID-yb4j-92y9-nfb5
32
vulnerability VCID-yuwe-6pp1-bke2
33
vulnerability VCID-zm9c-xw64-5qcc
34
vulnerability VCID-zmh2-t17w-wue1
35
vulnerability VCID-znut-tkpq-b7cu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxstream-java@1.3.1-6
2
url pkg:deb/debian/libxstream-java@1.4.2-1
purl pkg:deb/debian/libxstream-java@1.4.2-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12bx-r37t-3ygm
1
vulnerability VCID-2t1b-135u-euem
2
vulnerability VCID-6mz4-fu3s-vycx
3
vulnerability VCID-7ma6-2uv1-sbef
4
vulnerability VCID-8gha-n6ke-nucu
5
vulnerability VCID-9442-1vwr-5fbt
6
vulnerability VCID-bdv1-cuyk-sqc1
7
vulnerability VCID-c5tu-31kw-mfcf
8
vulnerability VCID-dxpe-qmxq-ykax
9
vulnerability VCID-eeye-wfxf-x7cc
10
vulnerability VCID-f779-wcjk-kfc1
11
vulnerability VCID-fcg2-x3s5-wudk
12
vulnerability VCID-hsja-ryzy-7bbx
13
vulnerability VCID-na6t-mkxt-3qbw
14
vulnerability VCID-nn7p-d7hz-53d5
15
vulnerability VCID-npjx-vkrd-9bae
16
vulnerability VCID-nrf7-heu6-vfdc
17
vulnerability VCID-qh44-75jb-wbhf
18
vulnerability VCID-qvbb-jhkk-2udw
19
vulnerability VCID-qwp5-wae9-cffb
20
vulnerability VCID-re5g-6kjz-q7e8
21
vulnerability VCID-rfc1-r1gr-wffp
22
vulnerability VCID-sqb5-brnu-vfbk
23
vulnerability VCID-u5yy-xx6z-dfh6
24
vulnerability VCID-v7za-zjfx-mqek
25
vulnerability VCID-vn1d-9uf5-gbce
26
vulnerability VCID-vpxs-6wcf-ckh9
27
vulnerability VCID-wehr-d623-akaj
28
vulnerability VCID-xdpy-sx55-b3ac
29
vulnerability VCID-xsr8-3cke-33ck
30
vulnerability VCID-y8ub-2kad-kqbs
31
vulnerability VCID-yb4j-92y9-nfb5
32
vulnerability VCID-yuwe-6pp1-bke2
33
vulnerability VCID-zm9c-xw64-5qcc
34
vulnerability VCID-zmh2-t17w-wue1
35
vulnerability VCID-znut-tkpq-b7cu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxstream-java@1.4.2-1
3
url pkg:deb/debian/libxstream-java@1.4.7-2
purl pkg:deb/debian/libxstream-java@1.4.7-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12bx-r37t-3ygm
1
vulnerability VCID-2t1b-135u-euem
2
vulnerability VCID-6mz4-fu3s-vycx
3
vulnerability VCID-7ma6-2uv1-sbef
4
vulnerability VCID-8gha-n6ke-nucu
5
vulnerability VCID-9442-1vwr-5fbt
6
vulnerability VCID-bdv1-cuyk-sqc1
7
vulnerability VCID-c5tu-31kw-mfcf
8
vulnerability VCID-dxpe-qmxq-ykax
9
vulnerability VCID-eeye-wfxf-x7cc
10
vulnerability VCID-f779-wcjk-kfc1
11
vulnerability VCID-fcg2-x3s5-wudk
12
vulnerability VCID-hsja-ryzy-7bbx
13
vulnerability VCID-na6t-mkxt-3qbw
14
vulnerability VCID-nn7p-d7hz-53d5
15
vulnerability VCID-npjx-vkrd-9bae
16
vulnerability VCID-nrf7-heu6-vfdc
17
vulnerability VCID-qh44-75jb-wbhf
18
vulnerability VCID-qvbb-jhkk-2udw
19
vulnerability VCID-qwp5-wae9-cffb
20
vulnerability VCID-re5g-6kjz-q7e8
21
vulnerability VCID-rfc1-r1gr-wffp
22
vulnerability VCID-sqb5-brnu-vfbk
23
vulnerability VCID-u5yy-xx6z-dfh6
24
vulnerability VCID-v7za-zjfx-mqek
25
vulnerability VCID-vn1d-9uf5-gbce
26
vulnerability VCID-vpxs-6wcf-ckh9
27
vulnerability VCID-wehr-d623-akaj
28
vulnerability VCID-xdpy-sx55-b3ac
29
vulnerability VCID-xsr8-3cke-33ck
30
vulnerability VCID-yb4j-92y9-nfb5
31
vulnerability VCID-yuwe-6pp1-bke2
32
vulnerability VCID-zm9c-xw64-5qcc
33
vulnerability VCID-zmh2-t17w-wue1
34
vulnerability VCID-znut-tkpq-b7cu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxstream-java@1.4.7-2
4
url pkg:deb/debian/libxstream-java@1.4.7-2%2Bdeb8u2
purl pkg:deb/debian/libxstream-java@1.4.7-2%2Bdeb8u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12bx-r37t-3ygm
1
vulnerability VCID-2t1b-135u-euem
2
vulnerability VCID-6mz4-fu3s-vycx
3
vulnerability VCID-7ma6-2uv1-sbef
4
vulnerability VCID-8gha-n6ke-nucu
5
vulnerability VCID-9442-1vwr-5fbt
6
vulnerability VCID-bdv1-cuyk-sqc1
7
vulnerability VCID-c5tu-31kw-mfcf
8
vulnerability VCID-dxpe-qmxq-ykax
9
vulnerability VCID-eeye-wfxf-x7cc
10
vulnerability VCID-f779-wcjk-kfc1
11
vulnerability VCID-fcg2-x3s5-wudk
12
vulnerability VCID-hsja-ryzy-7bbx
13
vulnerability VCID-na6t-mkxt-3qbw
14
vulnerability VCID-nn7p-d7hz-53d5
15
vulnerability VCID-npjx-vkrd-9bae
16
vulnerability VCID-nrf7-heu6-vfdc
17
vulnerability VCID-qh44-75jb-wbhf
18
vulnerability VCID-qvbb-jhkk-2udw
19
vulnerability VCID-qwp5-wae9-cffb
20
vulnerability VCID-re5g-6kjz-q7e8
21
vulnerability VCID-rfc1-r1gr-wffp
22
vulnerability VCID-sqb5-brnu-vfbk
23
vulnerability VCID-u5yy-xx6z-dfh6
24
vulnerability VCID-v7za-zjfx-mqek
25
vulnerability VCID-vn1d-9uf5-gbce
26
vulnerability VCID-vpxs-6wcf-ckh9
27
vulnerability VCID-wehr-d623-akaj
28
vulnerability VCID-xdpy-sx55-b3ac
29
vulnerability VCID-xsr8-3cke-33ck
30
vulnerability VCID-yb4j-92y9-nfb5
31
vulnerability VCID-yuwe-6pp1-bke2
32
vulnerability VCID-zm9c-xw64-5qcc
33
vulnerability VCID-zmh2-t17w-wue1
34
vulnerability VCID-znut-tkpq-b7cu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxstream-java@1.4.7-2%252Bdeb8u2
5
url pkg:deb/debian/libxstream-java@1.4.9-2
purl pkg:deb/debian/libxstream-java@1.4.9-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12bx-r37t-3ygm
1
vulnerability VCID-2t1b-135u-euem
2
vulnerability VCID-6mz4-fu3s-vycx
3
vulnerability VCID-7ma6-2uv1-sbef
4
vulnerability VCID-8gha-n6ke-nucu
5
vulnerability VCID-9442-1vwr-5fbt
6
vulnerability VCID-bdv1-cuyk-sqc1
7
vulnerability VCID-c5tu-31kw-mfcf
8
vulnerability VCID-dxpe-qmxq-ykax
9
vulnerability VCID-eeye-wfxf-x7cc
10
vulnerability VCID-f779-wcjk-kfc1
11
vulnerability VCID-fcg2-x3s5-wudk
12
vulnerability VCID-hsja-ryzy-7bbx
13
vulnerability VCID-na6t-mkxt-3qbw
14
vulnerability VCID-npjx-vkrd-9bae
15
vulnerability VCID-nrf7-heu6-vfdc
16
vulnerability VCID-qh44-75jb-wbhf
17
vulnerability VCID-qvbb-jhkk-2udw
18
vulnerability VCID-qwp5-wae9-cffb
19
vulnerability VCID-re5g-6kjz-q7e8
20
vulnerability VCID-rfc1-r1gr-wffp
21
vulnerability VCID-sqb5-brnu-vfbk
22
vulnerability VCID-u5yy-xx6z-dfh6
23
vulnerability VCID-v7za-zjfx-mqek
24
vulnerability VCID-vn1d-9uf5-gbce
25
vulnerability VCID-vpxs-6wcf-ckh9
26
vulnerability VCID-wehr-d623-akaj
27
vulnerability VCID-xdpy-sx55-b3ac
28
vulnerability VCID-xsr8-3cke-33ck
29
vulnerability VCID-yb4j-92y9-nfb5
30
vulnerability VCID-yuwe-6pp1-bke2
31
vulnerability VCID-zm9c-xw64-5qcc
32
vulnerability VCID-zmh2-t17w-wue1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxstream-java@1.4.9-2
6
url pkg:maven/com.thoughtworks.xstream/xstream@1.4.10
purl pkg:maven/com.thoughtworks.xstream/xstream@1.4.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12bx-r37t-3ygm
1
vulnerability VCID-2t1b-135u-euem
2
vulnerability VCID-6mz4-fu3s-vycx
3
vulnerability VCID-7ma6-2uv1-sbef
4
vulnerability VCID-8gha-n6ke-nucu
5
vulnerability VCID-9442-1vwr-5fbt
6
vulnerability VCID-bdv1-cuyk-sqc1
7
vulnerability VCID-c5tu-31kw-mfcf
8
vulnerability VCID-dxpe-qmxq-ykax
9
vulnerability VCID-eeye-wfxf-x7cc
10
vulnerability VCID-exrn-u19r-wfd8
11
vulnerability VCID-f779-wcjk-kfc1
12
vulnerability VCID-fcg2-x3s5-wudk
13
vulnerability VCID-hqzr-vc5w-9ff5
14
vulnerability VCID-hsja-ryzy-7bbx
15
vulnerability VCID-mfub-hwcq-pqbt
16
vulnerability VCID-na6t-mkxt-3qbw
17
vulnerability VCID-npjx-vkrd-9bae
18
vulnerability VCID-nrf7-heu6-vfdc
19
vulnerability VCID-qh44-75jb-wbhf
20
vulnerability VCID-qvbb-jhkk-2udw
21
vulnerability VCID-qwp5-wae9-cffb
22
vulnerability VCID-re5g-6kjz-q7e8
23
vulnerability VCID-rfc1-r1gr-wffp
24
vulnerability VCID-sqb5-brnu-vfbk
25
vulnerability VCID-u5yy-xx6z-dfh6
26
vulnerability VCID-v7za-zjfx-mqek
27
vulnerability VCID-vn1d-9uf5-gbce
28
vulnerability VCID-vpxs-6wcf-ckh9
29
vulnerability VCID-wehr-d623-akaj
30
vulnerability VCID-xdpy-sx55-b3ac
31
vulnerability VCID-xsr8-3cke-33ck
32
vulnerability VCID-y8ub-2kad-kqbs
33
vulnerability VCID-yb4j-92y9-nfb5
34
vulnerability VCID-yuwe-6pp1-bke2
35
vulnerability VCID-zm9c-xw64-5qcc
36
vulnerability VCID-zmh2-t17w-wue1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.thoughtworks.xstream/xstream@1.4.10
References
0
reference_url https://access.redhat.com/errata/RHSA-2019:3892
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3892
1
reference_url https://access.redhat.com/errata/RHSA-2019:4352
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:4352
2
reference_url https://access.redhat.com/errata/RHSA-2020:0445
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0445
3
reference_url https://access.redhat.com/errata/RHSA-2020:0727
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0727
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10173.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10173.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10173
reference_id
reference_type
scores
0
value 0.92774
scoring_system epss
scoring_elements 0.99761
published_at 2026-04-21T12:55:00Z
1
value 0.92774
scoring_system epss
scoring_elements 0.9976
published_at 2026-04-18T12:55:00Z
2
value 0.92962
scoring_system epss
scoring_elements 0.99778
published_at 2026-04-13T12:55:00Z
3
value 0.92962
scoring_system epss
scoring_elements 0.99779
published_at 2026-04-16T12:55:00Z
4
value 0.92962
scoring_system epss
scoring_elements 0.99777
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10173
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10173
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10173
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10173
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10173
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://github.com/x-stream/xstream
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10173
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10173
11
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2020.html
12
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
13
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2021.html
14
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
15
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
16
reference_url http://x-stream.github.io/changes.html#1.4.11
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://x-stream.github.io/changes.html#1.4.11
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1722971
reference_id 1722971
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1722971
18
reference_url https://github.com/advisories/GHSA-hf23-9pf7-388p
reference_id GHSA-hf23-9pf7-388p
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hf23-9pf7-388p
Weaknesses
0
cwe_id 502
name Deserialization of Untrusted Data
description The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
1
cwe_id 94
name Improper Control of Generation of Code ('Code Injection')
description The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
3
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score7.3 - 10.0
Exploitability2.0
Weighted_severity9.0
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-bdv1-cuyk-sqc1