Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-ftky-shfy-bufk
Summary
Unsafe entry in Script Security list of approved signatures in Pipeline Remote Loader Plugin
Jenkins Pipeline Remote Loader Plugin before 1.5 provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.
Aliases
0
alias CVE-2019-10328
1
alias GHSA-v558-fhw2-v46w
Fixed_packages
0
url pkg:maven/org.jenkins-ci.plugins/workflow-remote-loader@1.5
purl pkg:maven/org.jenkins-ci.plugins/workflow-remote-loader@1.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/workflow-remote-loader@1.5
Affected_packages
0
url pkg:rpm/redhat/atomic-enterprise-service-catalog@1:3.11.117-1.git.1.376e432?arch=el7
purl pkg:rpm/redhat/atomic-enterprise-service-catalog@1:3.11.117-1.git.1.376e432?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wmw-rn4w-vqf5
1
vulnerability VCID-ftky-shfy-bufk
2
vulnerability VCID-s5qz-aqj7-6uhz
3
vulnerability VCID-zftt-hmv8-judu
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-enterprise-service-catalog@1:3.11.117-1.git.1.376e432%3Farch=el7
1
url pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.117-1.git.1.caa79fa?arch=el7
purl pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.117-1.git.1.caa79fa?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wmw-rn4w-vqf5
1
vulnerability VCID-ftky-shfy-bufk
2
vulnerability VCID-s5qz-aqj7-6uhz
3
vulnerability VCID-zftt-hmv8-judu
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.117-1.git.1.caa79fa%3Farch=el7
2
url pkg:rpm/redhat/atomic-openshift-descheduler@3.11.117-1.git.1.1635b0a?arch=el7
purl pkg:rpm/redhat/atomic-openshift-descheduler@3.11.117-1.git.1.1635b0a?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wmw-rn4w-vqf5
1
vulnerability VCID-ftky-shfy-bufk
2
vulnerability VCID-s5qz-aqj7-6uhz
3
vulnerability VCID-zftt-hmv8-judu
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-descheduler@3.11.117-1.git.1.1635b0a%3Farch=el7
3
url pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.117-1.git.1.6a42b08?arch=el7
purl pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.117-1.git.1.6a42b08?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wmw-rn4w-vqf5
1
vulnerability VCID-ftky-shfy-bufk
2
vulnerability VCID-s5qz-aqj7-6uhz
3
vulnerability VCID-zftt-hmv8-judu
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.117-1.git.1.6a42b08%3Farch=el7
4
url pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.117-1.git.1.319d58e?arch=el7
purl pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.117-1.git.1.319d58e?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wmw-rn4w-vqf5
1
vulnerability VCID-ftky-shfy-bufk
2
vulnerability VCID-s5qz-aqj7-6uhz
3
vulnerability VCID-zftt-hmv8-judu
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.117-1.git.1.319d58e%3Farch=el7
5
url pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.117-1.git.1.0345fe3?arch=el7
purl pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.117-1.git.1.0345fe3?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wmw-rn4w-vqf5
1
vulnerability VCID-ftky-shfy-bufk
2
vulnerability VCID-s5qz-aqj7-6uhz
3
vulnerability VCID-zftt-hmv8-judu
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.117-1.git.1.0345fe3%3Farch=el7
6
url pkg:rpm/redhat/atomic-openshift-service-idler@3.11.117-1.git.1.887bb82?arch=el7
purl pkg:rpm/redhat/atomic-openshift-service-idler@3.11.117-1.git.1.887bb82?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wmw-rn4w-vqf5
1
vulnerability VCID-ftky-shfy-bufk
2
vulnerability VCID-s5qz-aqj7-6uhz
3
vulnerability VCID-zftt-hmv8-judu
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-service-idler@3.11.117-1.git.1.887bb82%3Farch=el7
7
url pkg:rpm/redhat/atomic-openshift-web-console@3.11.117-1.git.1.be7a05c?arch=el7
purl pkg:rpm/redhat/atomic-openshift-web-console@3.11.117-1.git.1.be7a05c?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wmw-rn4w-vqf5
1
vulnerability VCID-ftky-shfy-bufk
2
vulnerability VCID-s5qz-aqj7-6uhz
3
vulnerability VCID-zftt-hmv8-judu
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-web-console@3.11.117-1.git.1.be7a05c%3Farch=el7
8
url pkg:rpm/redhat/cri-o@1.11.14-1.rhaos3.11.gitd56660e?arch=el7
purl pkg:rpm/redhat/cri-o@1.11.14-1.rhaos3.11.gitd56660e?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wmw-rn4w-vqf5
1
vulnerability VCID-ftky-shfy-bufk
2
vulnerability VCID-s5qz-aqj7-6uhz
3
vulnerability VCID-zftt-hmv8-judu
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cri-o@1.11.14-1.rhaos3.11.gitd56660e%3Farch=el7
9
url pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.117-1.git.1.2b006d2?arch=el7
purl pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.117-1.git.1.2b006d2?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wmw-rn4w-vqf5
1
vulnerability VCID-ftky-shfy-bufk
2
vulnerability VCID-s5qz-aqj7-6uhz
3
vulnerability VCID-zftt-hmv8-judu
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.117-1.git.1.2b006d2%3Farch=el7
10
url pkg:rpm/redhat/golang-github-prometheus-alertmanager@3.11.117-1.git.1.207ef35?arch=el7
purl pkg:rpm/redhat/golang-github-prometheus-alertmanager@3.11.117-1.git.1.207ef35?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wmw-rn4w-vqf5
1
vulnerability VCID-ftky-shfy-bufk
2
vulnerability VCID-s5qz-aqj7-6uhz
3
vulnerability VCID-zftt-hmv8-judu
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang-github-prometheus-alertmanager@3.11.117-1.git.1.207ef35%3Farch=el7
11
url pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.11.117-1.git.1.dcee33f?arch=el7
purl pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.11.117-1.git.1.dcee33f?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wmw-rn4w-vqf5
1
vulnerability VCID-ftky-shfy-bufk
2
vulnerability VCID-s5qz-aqj7-6uhz
3
vulnerability VCID-zftt-hmv8-judu
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.11.117-1.git.1.dcee33f%3Farch=el7
12
url pkg:rpm/redhat/golang-github-prometheus-prometheus@3.11.117-1.git.1.f52d417?arch=el7
purl pkg:rpm/redhat/golang-github-prometheus-prometheus@3.11.117-1.git.1.f52d417?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wmw-rn4w-vqf5
1
vulnerability VCID-ftky-shfy-bufk
2
vulnerability VCID-s5qz-aqj7-6uhz
3
vulnerability VCID-zftt-hmv8-judu
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang-github-prometheus-prometheus@3.11.117-1.git.1.f52d417%3Farch=el7
13
url pkg:rpm/redhat/jenkins@2.164.2.1555422716-1?arch=el7
purl pkg:rpm/redhat/jenkins@2.164.2.1555422716-1?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wmw-rn4w-vqf5
1
vulnerability VCID-ftky-shfy-bufk
2
vulnerability VCID-s5qz-aqj7-6uhz
3
vulnerability VCID-zftt-hmv8-judu
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins@2.164.2.1555422716-1%3Farch=el7
14
url pkg:rpm/redhat/jenkins-2-plugins@3.11.1559667994-1?arch=el7
purl pkg:rpm/redhat/jenkins-2-plugins@3.11.1559667994-1?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wmw-rn4w-vqf5
1
vulnerability VCID-ftky-shfy-bufk
2
vulnerability VCID-s5qz-aqj7-6uhz
3
vulnerability VCID-zftt-hmv8-judu
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@3.11.1559667994-1%3Farch=el7
15
url pkg:rpm/redhat/jenkins-2-plugins@4.1.1561471763-1?arch=el7
purl pkg:rpm/redhat/jenkins-2-plugins@4.1.1561471763-1?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2r58-w5gn-x3bt
1
vulnerability VCID-ftky-shfy-bufk
2
vulnerability VCID-s5qz-aqj7-6uhz
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.1.1561471763-1%3Farch=el7
16
url pkg:rpm/redhat/jenkins-2-plugins@4.2.1568997376-1?arch=el7
purl pkg:rpm/redhat/jenkins-2-plugins@4.2.1568997376-1?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ftky-shfy-bufk
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.2.1568997376-1%3Farch=el7
17
url pkg:rpm/redhat/openshift-ansible@3.11.123-1.git.0.db681ba?arch=el7
purl pkg:rpm/redhat/openshift-ansible@3.11.123-1.git.0.db681ba?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wmw-rn4w-vqf5
1
vulnerability VCID-ftky-shfy-bufk
2
vulnerability VCID-s5qz-aqj7-6uhz
3
vulnerability VCID-zftt-hmv8-judu
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-ansible@3.11.123-1.git.0.db681ba%3Farch=el7
18
url pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.117-1.git.1.ef32a58?arch=el7
purl pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.117-1.git.1.ef32a58?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wmw-rn4w-vqf5
1
vulnerability VCID-ftky-shfy-bufk
2
vulnerability VCID-s5qz-aqj7-6uhz
3
vulnerability VCID-zftt-hmv8-judu
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.117-1.git.1.ef32a58%3Farch=el7
19
url pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.117-1.git.1.6593fce?arch=el7
purl pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.117-1.git.1.6593fce?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wmw-rn4w-vqf5
1
vulnerability VCID-ftky-shfy-bufk
2
vulnerability VCID-s5qz-aqj7-6uhz
3
vulnerability VCID-zftt-hmv8-judu
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.117-1.git.1.6593fce%3Farch=el7
References
0
reference_url https://access.redhat.com/errata/RHBA-2019:1605
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:1605
1
reference_url https://access.redhat.com/errata/RHSA-2019:1636
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1636
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10328.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10328.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10328
reference_id
reference_type
scores
0
value 0.00276
scoring_system epss
scoring_elements 0.51121
published_at 2026-04-11T12:55:00Z
1
value 0.00276
scoring_system epss
scoring_elements 0.51053
published_at 2026-04-24T12:55:00Z
2
value 0.00276
scoring_system epss
scoring_elements 0.50988
published_at 2026-04-01T12:55:00Z
3
value 0.00276
scoring_system epss
scoring_elements 0.51042
published_at 2026-04-02T12:55:00Z
4
value 0.00276
scoring_system epss
scoring_elements 0.51066
published_at 2026-04-04T12:55:00Z
5
value 0.00276
scoring_system epss
scoring_elements 0.51024
published_at 2026-04-07T12:55:00Z
6
value 0.00276
scoring_system epss
scoring_elements 0.51081
published_at 2026-04-08T12:55:00Z
7
value 0.00276
scoring_system epss
scoring_elements 0.51077
published_at 2026-04-09T12:55:00Z
8
value 0.00276
scoring_system epss
scoring_elements 0.51099
published_at 2026-04-12T12:55:00Z
9
value 0.00276
scoring_system epss
scoring_elements 0.51105
published_at 2026-04-21T12:55:00Z
10
value 0.00276
scoring_system epss
scoring_elements 0.51128
published_at 2026-04-18T12:55:00Z
11
value 0.00276
scoring_system epss
scoring_elements 0.51122
published_at 2026-04-16T12:55:00Z
12
value 0.00276
scoring_system epss
scoring_elements 0.51083
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10328
4
reference_url https://github.com/jenkinsci/workflow-remote-loader-plugin
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/workflow-remote-loader-plugin
5
reference_url https://github.com/jenkinsci/workflow-remote-loader-plugin/commit/6f9d60f614359720ec98e22b80ba15e8bf88e712
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/workflow-remote-loader-plugin/commit/6f9d60f614359720ec98e22b80ba15e8bf88e712
6
reference_url https://jenkins.io/security/advisory/2019-05-31/#SECURITY-921
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2019-05-31/#SECURITY-921
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10328
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10328
8
reference_url http://www.openwall.com/lists/oss-security/2019/05/31/2
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/05/31/2
9
reference_url http://www.securityfocus.com/bid/108540
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/108540
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1716794
reference_id 1716794
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1716794
11
reference_url https://github.com/advisories/GHSA-v558-fhw2-v46w
reference_id GHSA-v558-fhw2-v46w
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v558-fhw2-v46w
Weaknesses
0
cwe_id 183
name Permissive List of Allowed Inputs
description The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because the inputs are assumed to be safe, but the list is too permissive - that is, it allows an input that is unsafe, leading to resultant weaknesses.
1
cwe_id 693
name Protection Mechanism Failure
description The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
2
cwe_id 184
name Incomplete List of Disallowed Inputs
description The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete, leading to resultant weaknesses.
3
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
4
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score8.8 - 10.0
Exploitability0.5
Weighted_severity9.0
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-ftky-shfy-bufk