Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-cg26-agyn-rbf6

Summary ansible-tower: Remote code execution by users with access to define variables in job templates

Aliases

alias	CVE-2018-1104

Fixed_packages

Affected_packages

url pkg:rpm/redhat/ansible@2.4.4.0-1?arch=el7ae

purl pkg:rpm/redhat/ansible@2.4.4.0-1?arch=el7ae

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3jh2-znva-2bb6

vulnerability	VCID-6ht6-jwwn-wuf4

vulnerability	VCID-cg26-agyn-rbf6

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ansible@2.4.4.0-1%3Farch=el7ae

url pkg:rpm/redhat/ansible-tower@3.1.7-1?arch=el7at

purl pkg:rpm/redhat/ansible-tower@3.1.7-1?arch=el7at

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3jh2-znva-2bb6

vulnerability	VCID-6ht6-jwwn-wuf4

vulnerability	VCID-cg26-agyn-rbf6

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ansible-tower@3.1.7-1%3Farch=el7at

url pkg:rpm/redhat/ansible-tower@3.2.4-1?arch=el7at

purl pkg:rpm/redhat/ansible-tower@3.2.4-1?arch=el7at

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3jh2-znva-2bb6

vulnerability	VCID-6ht6-jwwn-wuf4

vulnerability	VCID-cg26-agyn-rbf6

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ansible-tower@3.2.4-1%3Farch=el7at

url pkg:rpm/redhat/cfme@5.8.4.5-1?arch=el7cf

purl pkg:rpm/redhat/cfme@5.8.4.5-1?arch=el7cf

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3jh2-znva-2bb6

vulnerability	VCID-6ht6-jwwn-wuf4

vulnerability	VCID-cg26-agyn-rbf6

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cfme@5.8.4.5-1%3Farch=el7cf

url pkg:rpm/redhat/cfme@5.9.2.4-1?arch=el7cf

purl pkg:rpm/redhat/cfme@5.9.2.4-1?arch=el7cf

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3jh2-znva-2bb6

vulnerability	VCID-6ht6-jwwn-wuf4

vulnerability	VCID-cg26-agyn-rbf6

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cfme@5.9.2.4-1%3Farch=el7cf

url pkg:rpm/redhat/cfme-amazon-smartstate@5.9.2.4-1?arch=el7cf

purl pkg:rpm/redhat/cfme-amazon-smartstate@5.9.2.4-1?arch=el7cf

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3jh2-znva-2bb6

vulnerability	VCID-6ht6-jwwn-wuf4

vulnerability	VCID-cg26-agyn-rbf6

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cfme-amazon-smartstate@5.9.2.4-1%3Farch=el7cf

url pkg:rpm/redhat/cfme-appliance@5.8.4.5-1?arch=el7cf

purl pkg:rpm/redhat/cfme-appliance@5.8.4.5-1?arch=el7cf

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3jh2-znva-2bb6

vulnerability	VCID-6ht6-jwwn-wuf4

vulnerability	VCID-cg26-agyn-rbf6

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cfme-appliance@5.8.4.5-1%3Farch=el7cf

url pkg:rpm/redhat/cfme-appliance@5.9.2.4-1?arch=el7cf

purl pkg:rpm/redhat/cfme-appliance@5.9.2.4-1?arch=el7cf

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3jh2-znva-2bb6

vulnerability	VCID-6ht6-jwwn-wuf4

vulnerability	VCID-cg26-agyn-rbf6

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cfme-appliance@5.9.2.4-1%3Farch=el7cf

url pkg:rpm/redhat/cfme-gemset@5.8.4.5-1?arch=el7cf

purl pkg:rpm/redhat/cfme-gemset@5.8.4.5-1?arch=el7cf

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3jh2-znva-2bb6

vulnerability	VCID-6ht6-jwwn-wuf4

vulnerability	VCID-cg26-agyn-rbf6

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cfme-gemset@5.8.4.5-1%3Farch=el7cf

url pkg:rpm/redhat/cfme-gemset@5.9.2.4-1?arch=el7cf

purl pkg:rpm/redhat/cfme-gemset@5.9.2.4-1?arch=el7cf

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3jh2-znva-2bb6

vulnerability	VCID-6ht6-jwwn-wuf4

vulnerability	VCID-cg26-agyn-rbf6

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cfme-gemset@5.9.2.4-1%3Farch=el7cf

url pkg:rpm/redhat/dbus-api-service@1.0.1-3?arch=el7cf

purl pkg:rpm/redhat/dbus-api-service@1.0.1-3?arch=el7cf

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3jh2-znva-2bb6

vulnerability	VCID-6ht6-jwwn-wuf4

vulnerability	VCID-cg26-agyn-rbf6

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/dbus-api-service@1.0.1-3%3Farch=el7cf

url pkg:rpm/redhat/httpd-configmap-generator@0.2.1-2?arch=el7cf

purl pkg:rpm/redhat/httpd-configmap-generator@0.2.1-2?arch=el7cf

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3jh2-znva-2bb6

vulnerability	VCID-6ht6-jwwn-wuf4

vulnerability	VCID-cg26-agyn-rbf6

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/httpd-configmap-generator@0.2.1-2%3Farch=el7cf

url pkg:rpm/redhat/postgresql96@9.6.6-1PGDG?arch=el7

purl pkg:rpm/redhat/postgresql96@9.6.6-1PGDG?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3jh2-znva-2bb6

vulnerability	VCID-6ht6-jwwn-wuf4

vulnerability	VCID-cg26-agyn-rbf6

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/postgresql96@9.6.6-1PGDG%3Farch=el7

url pkg:rpm/redhat/python-paramiko@2.1.1-4?arch=el7

purl pkg:rpm/redhat/python-paramiko@2.1.1-4?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3jh2-znva-2bb6

vulnerability	VCID-6ht6-jwwn-wuf4

vulnerability	VCID-cg26-agyn-rbf6

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-paramiko@2.1.1-4%3Farch=el7

url pkg:rpm/redhat/rh-ruby23-rubygem-json@2.1.0-1?arch=el7cf

purl pkg:rpm/redhat/rh-ruby23-rubygem-json@2.1.0-1?arch=el7cf

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3jh2-znva-2bb6

vulnerability	VCID-6ht6-jwwn-wuf4

vulnerability	VCID-cg26-agyn-rbf6

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby23-rubygem-json@2.1.0-1%3Farch=el7cf

url pkg:rpm/redhat/rh-ruby23-rubygem-qpid_proton@0.22.0-2?arch=el7cf

purl pkg:rpm/redhat/rh-ruby23-rubygem-qpid_proton@0.22.0-2?arch=el7cf

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3jh2-znva-2bb6

vulnerability	VCID-6ht6-jwwn-wuf4

vulnerability	VCID-cg26-agyn-rbf6

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-ruby23-rubygem-qpid_proton@0.22.0-2%3Farch=el7cf

References

reference_url	https://access.redhat.com/errata/RHSA-2018:1328
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1328

reference_url	https://access.redhat.com/errata/RHSA-2018:1972
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1972

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1104.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1104.json

reference_url	https://access.redhat.com/security/cve/cve-2018-1104
reference_id
reference_type
scores
url	https://access.redhat.com/security/cve/cve-2018-1104

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1104

reference_id

reference_type

scores

value	0.00417
scoring_system	epss
scoring_elements	0.6161
published_at	2026-04-01T12:55:00Z

value	0.00417
scoring_system	epss
scoring_elements	0.61785
published_at	2026-04-18T12:55:00Z

value	0.00417
scoring_system	epss
scoring_elements	0.61739
published_at	2026-04-13T12:55:00Z

value	0.00417
scoring_system	epss
scoring_elements	0.6178
published_at	2026-04-16T12:55:00Z

value	0.00417
scoring_system	epss
scoring_elements	0.61684
published_at	2026-04-02T12:55:00Z

value	0.00417
scoring_system	epss
scoring_elements	0.61714
published_at	2026-04-04T12:55:00Z

value	0.00417
scoring_system	epss
scoring_elements	0.61685
published_at	2026-04-07T12:55:00Z

value	0.00417
scoring_system	epss
scoring_elements	0.61734
published_at	2026-04-08T12:55:00Z

value	0.00417
scoring_system	epss
scoring_elements	0.61749
published_at	2026-04-09T12:55:00Z

value	0.00417
scoring_system	epss
scoring_elements	0.61771
published_at	2026-04-11T12:55:00Z

value	0.00417
scoring_system	epss
scoring_elements	0.61758
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1104

reference_url	https://www.ansible.com/security
reference_id
reference_type
scores
url	https://www.ansible.com/security

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1565862
reference_id	1565862
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1565862

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_tower::::::::
reference_id	cpe:2.3:a:redhat:ansible_tower::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible_tower::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.5:::::::*
reference_id	cpe:2.3:a:redhat:cloudforms:4.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.6:::::::*
reference_id	cpe:2.3:a:redhat:cloudforms:4.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.6:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1104

reference_id

CVE-2018-1104

reference_type

scores

value	6.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1104

Weaknesses

cwe_id	20
name	Improper Input Validation
description	The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

cwe_id	94
name	Improper Control of Generation of Code ('Code Injection')
description	The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Exploits

Severity_range_score 6.5 - 8.8

Exploitability 0.5

Weighted_severity 7.9

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cg26-agyn-rbf6

Vulnerability Instance