Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.ignite/ignite-core@1.8.0
Typemaven
Namespaceorg.apache.ignite
Nameignite-core
Version1.8.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.17.0
Latest_non_vulnerable_version2.17.0
Affected_by_vulnerabilities
0
url VCID-16c2-gkg9-qbaj
vulnerability_id VCID-16c2-gkg9-qbaj
summary Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that the component communicates to an external PHP server (http://ignite.run) where it needs to send some system properties like Apache Ignite or Java version. Some of the properties might contain user sensitive information.
references
0
reference_url http://apache-ignite-developers.2346864.n4.nabble.com/CVE-2017-7686-Apache-Ignite-Information-Disclosure-td19168.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://apache-ignite-developers.2346864.n4.nabble.com/CVE-2017-7686-Apache-Ignite-Information-Disclosure-td19168.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-7686
reference_id
reference_type
scores
0
value 0.0117
scoring_system epss
scoring_elements 0.7874
published_at 2026-04-29T12:55:00Z
1
value 0.0117
scoring_system epss
scoring_elements 0.78663
published_at 2026-04-13T12:55:00Z
2
value 0.0117
scoring_system epss
scoring_elements 0.78692
published_at 2026-04-16T12:55:00Z
3
value 0.0117
scoring_system epss
scoring_elements 0.78689
published_at 2026-04-18T12:55:00Z
4
value 0.0117
scoring_system epss
scoring_elements 0.78686
published_at 2026-04-21T12:55:00Z
5
value 0.0117
scoring_system epss
scoring_elements 0.78715
published_at 2026-04-24T12:55:00Z
6
value 0.0117
scoring_system epss
scoring_elements 0.78723
published_at 2026-04-26T12:55:00Z
7
value 0.0117
scoring_system epss
scoring_elements 0.78614
published_at 2026-04-01T12:55:00Z
8
value 0.0117
scoring_system epss
scoring_elements 0.78621
published_at 2026-04-02T12:55:00Z
9
value 0.0117
scoring_system epss
scoring_elements 0.78651
published_at 2026-04-04T12:55:00Z
10
value 0.0117
scoring_system epss
scoring_elements 0.78632
published_at 2026-04-07T12:55:00Z
11
value 0.0117
scoring_system epss
scoring_elements 0.78659
published_at 2026-04-08T12:55:00Z
12
value 0.0117
scoring_system epss
scoring_elements 0.78665
published_at 2026-04-09T12:55:00Z
13
value 0.0117
scoring_system epss
scoring_elements 0.7869
published_at 2026-04-11T12:55:00Z
14
value 0.0117
scoring_system epss
scoring_elements 0.78671
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-7686
2
reference_url http://www.securityfocus.com/bid/99292
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url http://www.securityfocus.com/bid/99292
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7686
reference_id CVE-2017-7686
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-7686
4
reference_url https://github.com/advisories/GHSA-8p83-68cw-943f
reference_id GHSA-8p83-68cw-943f
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-8p83-68cw-943f
fixed_packages
0
url pkg:maven/org.apache.ignite/ignite-core@2.1
purl pkg:maven/org.apache.ignite/ignite-core@2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ignite/ignite-core@2.1
1
url pkg:maven/org.apache.ignite/ignite-core@2.1.0
purl pkg:maven/org.apache.ignite/ignite-core@2.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8xff-d5ab-bqgf
1
vulnerability VCID-d6hk-e64u-tbcj
2
vulnerability VCID-kxtv-ma18-8fer
3
vulnerability VCID-s8a4-9j7s-8fc8
4
vulnerability VCID-ykug-1dhq-tygt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ignite/ignite-core@2.1.0
aliases CVE-2017-7686, GHSA-8p83-68cw-943f, PYSEC-2017-146
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-16c2-gkg9-qbaj
1
url VCID-66b8-a5kh-yfhw
vulnerability_id VCID-66b8-a5kh-yfhw
summary 
Improper Restriction of XML External Entity Reference
Apache Ignite allows man-in-the-middle attackers to read arbitrary files via XXE in modified update-notifier documents.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-6805
reference_id
reference_type
scores
0
value 0.00926
scoring_system epss
scoring_elements 0.76129
published_at 2026-04-29T12:55:00Z
1
value 0.00926
scoring_system epss
scoring_elements 0.75997
published_at 2026-04-07T12:55:00Z
2
value 0.00926
scoring_system epss
scoring_elements 0.7603
published_at 2026-04-08T12:55:00Z
3
value 0.00926
scoring_system epss
scoring_elements 0.76044
published_at 2026-04-09T12:55:00Z
4
value 0.00926
scoring_system epss
scoring_elements 0.7607
published_at 2026-04-11T12:55:00Z
5
value 0.00926
scoring_system epss
scoring_elements 0.76046
published_at 2026-04-12T12:55:00Z
6
value 0.00926
scoring_system epss
scoring_elements 0.76041
published_at 2026-04-13T12:55:00Z
7
value 0.00926
scoring_system epss
scoring_elements 0.76081
published_at 2026-04-16T12:55:00Z
8
value 0.00926
scoring_system epss
scoring_elements 0.76085
published_at 2026-04-18T12:55:00Z
9
value 0.00926
scoring_system epss
scoring_elements 0.76069
published_at 2026-04-21T12:55:00Z
10
value 0.00926
scoring_system epss
scoring_elements 0.76108
published_at 2026-04-24T12:55:00Z
11
value 0.00926
scoring_system epss
scoring_elements 0.76117
published_at 2026-04-26T12:55:00Z
12
value 0.00926
scoring_system epss
scoring_elements 0.75982
published_at 2026-04-01T12:55:00Z
13
value 0.00926
scoring_system epss
scoring_elements 0.75985
published_at 2026-04-02T12:55:00Z
14
value 0.00926
scoring_system epss
scoring_elements 0.76017
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-6805
1
reference_url http://seclists.org/oss-sec/2017/q2/31
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/oss-sec/2017/q2/31
2
reference_url https://github.com/advisories/GHSA-8qfc-cvjp-mgpq
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-8qfc-cvjp-mgpq
3
reference_url http://www.securityfocus.com/bid/97509
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/97509
4
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:ignite:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:ignite:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:ignite:*:*:*:*:*:*:*:*
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-6805
reference_id CVE-2016-6805
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:N/A:N
1
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-6805
fixed_packages
0
url pkg:maven/org.apache.ignite/ignite-core@1.9.0
purl pkg:maven/org.apache.ignite/ignite-core@1.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16c2-gkg9-qbaj
1
vulnerability VCID-8xff-d5ab-bqgf
2
vulnerability VCID-d6hk-e64u-tbcj
3
vulnerability VCID-kxtv-ma18-8fer
4
vulnerability VCID-s8a4-9j7s-8fc8
5
vulnerability VCID-ykug-1dhq-tygt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ignite/ignite-core@1.9.0
1
url pkg:maven/org.apache.ignite/ignite-core@1.9
purl pkg:maven/org.apache.ignite/ignite-core@1.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ignite/ignite-core@1.9
aliases CVE-2016-6805, GHSA-8qfc-cvjp-mgpq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-66b8-a5kh-yfhw
2
url VCID-8xff-d5ab-bqgf
vulnerability_id VCID-8xff-d5ab-bqgf
summary In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a specially prepared form of a serialized object to one of the deserialization endpoints of some Ignite components - discovery SPI, Ignite persistence, Memcached endpoint, socket steamer.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2405
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2405
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1295.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1295.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1295
reference_id
reference_type
scores
0
value 0.05578
scoring_system epss
scoring_elements 0.90325
published_at 2026-04-24T12:55:00Z
1
value 0.05578
scoring_system epss
scoring_elements 0.9031
published_at 2026-04-21T12:55:00Z
2
value 0.05578
scoring_system epss
scoring_elements 0.90313
published_at 2026-04-18T12:55:00Z
3
value 0.05578
scoring_system epss
scoring_elements 0.90297
published_at 2026-04-13T12:55:00Z
4
value 0.05578
scoring_system epss
scoring_elements 0.90303
published_at 2026-04-12T12:55:00Z
5
value 0.05578
scoring_system epss
scoring_elements 0.90295
published_at 2026-04-09T12:55:00Z
6
value 0.05578
scoring_system epss
scoring_elements 0.90269
published_at 2026-04-04T12:55:00Z
7
value 0.05578
scoring_system epss
scoring_elements 0.9032
published_at 2026-04-29T12:55:00Z
8
value 0.05578
scoring_system epss
scoring_elements 0.90324
published_at 2026-04-26T12:55:00Z
9
value 0.05578
scoring_system epss
scoring_elements 0.90274
published_at 2026-04-07T12:55:00Z
10
value 0.05578
scoring_system epss
scoring_elements 0.90288
published_at 2026-04-08T12:55:00Z
11
value 0.05578
scoring_system epss
scoring_elements 0.90253
published_at 2026-04-01T12:55:00Z
12
value 0.05578
scoring_system epss
scoring_elements 0.90256
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1295
3
reference_url https://github.com/advisories/GHSA-chp4-rv79-68j3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-chp4-rv79-68j3
4
reference_url https://github.com/apache/ignite
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/ignite
5
reference_url https://github.com/apache/ignite/commit/340569b8f4e14a4cb61a9407ed2d9aa4a20bdf49
reference_id
reference_type
scores
url https://github.com/apache/ignite/commit/340569b8f4e14a4cb61a9407ed2d9aa4a20bdf49
6
reference_url https://lists.apache.org/thread.html/45e7d5e2c6face85aab693f5ae0616563132ff757e5a558da80d0209@%3Cdev.ignite.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/45e7d5e2c6face85aab693f5ae0616563132ff757e5a558da80d0209@%3Cdev.ignite.apache.org%3E
7
reference_url https://web.archive.org/web/20200227125559/http://www.securityfocus.com/bid/103692
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227125559/http://www.securityfocus.com/bid/103692
8
reference_url http://www.securityfocus.com/bid/103692
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/103692
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1563133
reference_id 1563133
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1563133
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1295
reference_id CVE-2018-1295
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1295
fixed_packages
0
url pkg:maven/org.apache.ignite/ignite-core@2.4.0
purl pkg:maven/org.apache.ignite/ignite-core@2.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d6hk-e64u-tbcj
1
vulnerability VCID-s8a4-9j7s-8fc8
2
vulnerability VCID-ykug-1dhq-tygt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ignite/ignite-core@2.4.0
1
url pkg:maven/org.apache.ignite/ignite-core@2.4
purl pkg:maven/org.apache.ignite/ignite-core@2.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ignite/ignite-core@2.4
aliases CVE-2018-1295, GHSA-chp4-rv79-68j3
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8xff-d5ab-bqgf
3
url VCID-d6hk-e64u-tbcj
vulnerability_id VCID-d6hk-e64u-tbcj
summary 
File system access via H2 in Apache Ignite
Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1963.json
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1963.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1963
reference_id
reference_type
scores
0
value 0.04667
scoring_system epss
scoring_elements 0.89331
published_at 2026-04-21T12:55:00Z
1
value 0.04667
scoring_system epss
scoring_elements 0.89356
published_at 2026-04-29T12:55:00Z
2
value 0.04667
scoring_system epss
scoring_elements 0.89353
published_at 2026-04-26T12:55:00Z
3
value 0.04667
scoring_system epss
scoring_elements 0.89349
published_at 2026-04-24T12:55:00Z
4
value 0.04667
scoring_system epss
scoring_elements 0.89277
published_at 2026-04-01T12:55:00Z
5
value 0.04667
scoring_system epss
scoring_elements 0.89282
published_at 2026-04-02T12:55:00Z
6
value 0.04667
scoring_system epss
scoring_elements 0.89296
published_at 2026-04-04T12:55:00Z
7
value 0.04667
scoring_system epss
scoring_elements 0.89299
published_at 2026-04-07T12:55:00Z
8
value 0.04667
scoring_system epss
scoring_elements 0.89316
published_at 2026-04-08T12:55:00Z
9
value 0.04667
scoring_system epss
scoring_elements 0.8932
published_at 2026-04-09T12:55:00Z
10
value 0.04667
scoring_system epss
scoring_elements 0.89329
published_at 2026-04-11T12:55:00Z
11
value 0.04667
scoring_system epss
scoring_elements 0.89327
published_at 2026-04-12T12:55:00Z
12
value 0.04667
scoring_system epss
scoring_elements 0.89323
published_at 2026-04-13T12:55:00Z
13
value 0.04667
scoring_system epss
scoring_elements 0.89337
published_at 2026-04-16T12:55:00Z
14
value 0.04667
scoring_system epss
scoring_elements 0.89336
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1963
2
reference_url https://lists.apache.org/thread.html/r119024ef71c8d39f952df0950a275d09714715179aff544aea0129a3@%3Cuser.ignite.apache.org%3E
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r119024ef71c8d39f952df0950a275d09714715179aff544aea0129a3@%3Cuser.ignite.apache.org%3E
3
reference_url https://lists.apache.org/thread.html/r1933faf8a26c431f38a5f8dbbfab80254454e54e33a79be474b67dc4%40%3Cdev.ignite.apache.org%3E
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1933faf8a26c431f38a5f8dbbfab80254454e54e33a79be474b67dc4%40%3Cdev.ignite.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/rd43ae18588fd7bdb375be63bc95a651aab319ced6306759e1237ce67@%3Cdev.ignite.apache.org%3E
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd43ae18588fd7bdb375be63bc95a651aab319ced6306759e1237ce67@%3Cdev.ignite.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/rdf37011b92a31a67c299ff45655e2638f194fc814e5c6e2fde352884@%3Cdev.ignite.apache.org%3E
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rdf37011b92a31a67c299ff45655e2638f194fc814e5c6e2fde352884@%3Cdev.ignite.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/rdf37011b92a31a67c299ff45655e2638f194fc814e5c6e2fde352884@%3Cuser.ignite.apache.org%3E
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rdf37011b92a31a67c299ff45655e2638f194fc814e5c6e2fde352884@%3Cuser.ignite.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/re7b43cf8333ee30b6589e465f72a6ed4a082222612d1a0fdd30beb94@%3Cdev.ignite.apache.org%3E
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re7b43cf8333ee30b6589e465f72a6ed4a082222612d1a0fdd30beb94@%3Cdev.ignite.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/re7b43cf8333ee30b6589e465f72a6ed4a082222612d1a0fdd30beb94@%3Cuser.ignite.apache.org%3E
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re7b43cf8333ee30b6589e465f72a6ed4a082222612d1a0fdd30beb94@%3Cuser.ignite.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/rf032a13a4711f88c0a2c0734eecbee1026cc1b6cde27d16a653f8755@%3Cdev.ignite.apache.org%3E
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf032a13a4711f88c0a2c0734eecbee1026cc1b6cde27d16a653f8755@%3Cdev.ignite.apache.org%3E
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1963
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1963
11
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
12
reference_url http://www.openwall.com/lists/oss-security/2020/06/03/2
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/06/03/2
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1847145
reference_id 1847145
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1847145
14
reference_url https://github.com/advisories/GHSA-5wm5-8q42-rhxg
reference_id GHSA-5wm5-8q42-rhxg
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5wm5-8q42-rhxg
fixed_packages
0
url pkg:maven/org.apache.ignite/ignite-core@2.8.1
purl pkg:maven/org.apache.ignite/ignite-core@2.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-t38y-1dv8-b7av
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ignite/ignite-core@2.8.1
aliases CVE-2020-1963, GHSA-5wm5-8q42-rhxg
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d6hk-e64u-tbcj
4
url VCID-kxtv-ma18-8fer
vulnerability_id VCID-kxtv-ma18-8fer
summary 
Directory exposure in jetty
### Impact
If the `${jetty.base}` directory or the `${jetty.base}/webapps` directory is a symlink (soft link in Linux), the contents of the `${jetty.base}/webapps` directory may be deployed as a static web application, exposing the content of the directory for download. 

For example, the problem manifests in the following `${jetty.base}`:
```$ tree demo-base/
demo-base/
├── etc
├── lib
├── resources
├── start.d
├── deploy
│   └── async-rest.war
└── webapps -> deploy

``` 

### Workarounds
Do not use a symlink
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28163.json
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28163.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-28163
reference_id
reference_type
scores
0
value 0.00154
scoring_system epss
scoring_elements 0.35754
published_at 2026-04-29T12:55:00Z
1
value 0.00154
scoring_system epss
scoring_elements 0.3584
published_at 2026-04-26T12:55:00Z
2
value 0.00154
scoring_system epss
scoring_elements 0.36053
published_at 2026-04-01T12:55:00Z
3
value 0.00154
scoring_system epss
scoring_elements 0.36183
published_at 2026-04-09T12:55:00Z
4
value 0.00154
scoring_system epss
scoring_elements 0.36166
published_at 2026-04-08T12:55:00Z
5
value 0.00154
scoring_system epss
scoring_elements 0.36117
published_at 2026-04-07T12:55:00Z
6
value 0.00154
scoring_system epss
scoring_elements 0.36282
published_at 2026-04-04T12:55:00Z
7
value 0.00154
scoring_system epss
scoring_elements 0.36248
published_at 2026-04-02T12:55:00Z
8
value 0.00154
scoring_system epss
scoring_elements 0.35872
published_at 2026-04-24T12:55:00Z
9
value 0.00154
scoring_system epss
scoring_elements 0.36102
published_at 2026-04-21T12:55:00Z
10
value 0.00154
scoring_system epss
scoring_elements 0.36153
published_at 2026-04-18T12:55:00Z
11
value 0.00154
scoring_system epss
scoring_elements 0.36168
published_at 2026-04-16T12:55:00Z
12
value 0.00154
scoring_system epss
scoring_elements 0.36127
published_at 2026-04-13T12:55:00Z
13
value 0.00154
scoring_system epss
scoring_elements 0.36152
published_at 2026-04-12T12:55:00Z
14
value 0.00154
scoring_system epss
scoring_elements 0.3619
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-28163
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28163
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28163
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/eclipse/jetty.project
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse/jetty.project
5
reference_url https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq
6
reference_url https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961@%3Cissues.solr.apache.org%3E
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961@%3Cissues.solr.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66@%3Cissues.solr.apache.org%3E
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66@%3Cissues.solr.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81@%3Cissues.solr.apache.org%3E
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81@%3Cissues.solr.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f@%3Cissues.ignite.apache.org%3E
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f@%3Cissues.ignite.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46@%3Cissues.ignite.apache.org%3E
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46@%3Cissues.ignite.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b@%3Cissues.ignite.apache.org%3E
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b@%3Cissues.ignite.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec@%3Cissues.zookeeper.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd@%3Cissues.ignite.apache.org%3E
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd@%3Cissues.ignite.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0@%3Cjira.kafka.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/r787e47297a614b05b99d01b04c8a1d6c0cafb480c9cb7c624a6b8fc3@%3Cissues.solr.apache.org%3E
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r787e47297a614b05b99d01b04c8a1d6c0cafb480c9cb7c624a6b8fc3@%3Cissues.solr.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd5eb084@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd5eb084@%3Cnotifications.zookeeper.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6@%3Cissues.solr.apache.org%3E
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6@%3Cissues.solr.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f@%3Cissues.solr.apache.org%3E
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f@%3Cissues.solr.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29eaf5e6fd@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29eaf5e6fd@%3Cnotifications.zookeeper.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c@%3Cissues.solr.apache.org%3E
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c@%3Cissues.solr.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e@%3Cdev.ignite.apache.org%3E
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e@%3Cdev.ignite.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450@%3Cissues.zookeeper.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a@%3Cissues.zookeeper.apache.org%3E
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5CXQIJVYU4R3JL6LSPXQ5GIV7WLLA7PI
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5CXQIJVYU4R3JL6LSPXQ5GIV7WLLA7PI
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5CXQIJVYU4R3JL6LSPXQ5GIV7WLLA7PI/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5CXQIJVYU4R3JL6LSPXQ5GIV7WLLA7PI/
26
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGNKXBNRRCZTGGXPIX3VBWCF2SAM3DWS
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGNKXBNRRCZTGGXPIX3VBWCF2SAM3DWS
27
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGNKXBNRRCZTGGXPIX3VBWCF2SAM3DWS/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGNKXBNRRCZTGGXPIX3VBWCF2SAM3DWS/
28
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HAAKW7S66TECXGJZWB3ZFGOQAK34IYHF
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HAAKW7S66TECXGJZWB3ZFGOQAK34IYHF
29
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HAAKW7S66TECXGJZWB3ZFGOQAK34IYHF/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HAAKW7S66TECXGJZWB3ZFGOQAK34IYHF/
30
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-28163
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-28163
31
reference_url https://security.netapp.com/advisory/ntap-20210611-0006
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210611-0006
32
reference_url https://security.netapp.com/advisory/ntap-20210611-0006/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210611-0006/
33
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
34
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
35
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
36
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1945710
reference_id 1945710
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1945710
37
reference_url https://github.com/advisories/GHSA-j6qj-j888-vvgq
reference_id GHSA-j6qj-j888-vvgq
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j6qj-j888-vvgq
38
reference_url https://access.redhat.com/errata/RHSA-2021:1509
reference_id RHSA-2021:1509
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1509
39
reference_url https://access.redhat.com/errata/RHSA-2021:1551
reference_id RHSA-2021:1551
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1551
40
reference_url https://access.redhat.com/errata/RHSA-2021:1560
reference_id RHSA-2021:1560
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1560
41
reference_url https://access.redhat.com/errata/RHSA-2021:2689
reference_id RHSA-2021:2689
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2689
42
reference_url https://access.redhat.com/errata/RHSA-2021:3225
reference_id RHSA-2021:3225
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3225
43
reference_url https://access.redhat.com/errata/RHSA-2021:3700
reference_id RHSA-2021:3700
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3700
44
reference_url https://access.redhat.com/errata/RHSA-2021:4767
reference_id RHSA-2021:4767
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4767
45
reference_url https://access.redhat.com/errata/RHSA-2021:5134
reference_id RHSA-2021:5134
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5134
46
reference_url https://access.redhat.com/errata/RHSA-2022:6407
reference_id RHSA-2022:6407
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6407
fixed_packages
0
url pkg:maven/org.apache.ignite/ignite-core@2.2.0
purl pkg:maven/org.apache.ignite/ignite-core@2.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8xff-d5ab-bqgf
1
vulnerability VCID-d6hk-e64u-tbcj
2
vulnerability VCID-s8a4-9j7s-8fc8
3
vulnerability VCID-ykug-1dhq-tygt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ignite/ignite-core@2.2.0
aliases CVE-2021-28163, GHSA-j6qj-j888-vvgq
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kxtv-ma18-8fer
5
url VCID-s8a4-9j7s-8fc8
vulnerability_id VCID-s8a4-9j7s-8fc8
summary Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.
references
0
reference_url http://mail-archives.apache.org/mod_mbox/ignite-dev/201807.mbox/%3CCAK0qHnqzfzmCDFFi6c5Jok19zNkVCz5Xb4sU%3D0f2J_1i4p46zQ%40mail.gmail.com%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:41:40Z/
url http://mail-archives.apache.org/mod_mbox/ignite-dev/201807.mbox/%3CCAK0qHnqzfzmCDFFi6c5Jok19zNkVCz5Xb4sU%3D0f2J_1i4p46zQ%40mail.gmail.com%3E
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1273.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1273.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1273
reference_id
reference_type
scores
0
value 0.94288
scoring_system epss
scoring_elements 0.99941
published_at 2026-04-26T12:55:00Z
1
value 0.94288
scoring_system epss
scoring_elements 0.99942
published_at 2026-04-29T12:55:00Z
2
value 0.94288
scoring_system epss
scoring_elements 0.9994
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1273
3
reference_url https://github.com/advisories/GHSA-4fq3-mr56-cg6r
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-4fq3-mr56-cg6r
4
reference_url https://github.com/spring-projects/spring-data-commons
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-data-commons
5
reference_url https://github.com/spring-projects/spring-data-commons/commit/ae1dd2741ce06d44a0966ecbd6f47beabde2b65
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-data-commons/commit/ae1dd2741ce06d44a0966ecbd6f47beabde2b65
6
reference_url https://github.com/spring-projects/spring-data-commons/commit/ae1dd2741ce06d44a0966ecbd6f47beabde2b653
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-data-commons/commit/ae1dd2741ce06d44a0966ecbd6f47beabde2b653
7
reference_url https://github.com/spring-projects/spring-data-commons/commit/b1a20ae1e82a63f99b3afc6f2aaedb3bf4dc432
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-data-commons/commit/b1a20ae1e82a63f99b3afc6f2aaedb3bf4dc432
8
reference_url https://github.com/spring-projects/spring-data-commons/commit/b1a20ae1e82a63f99b3afc6f2aaedb3bf4dc432a
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-data-commons/commit/b1a20ae1e82a63f99b3afc6f2aaedb3bf4dc432a
9
reference_url https://github.com/spring-projects/spring-data-commons/issues/1721
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-data-commons/issues/1721
10
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:41:40Z/
url https://www.oracle.com/security-alerts/cpujul2022.html
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1565923
reference_id 1565923
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1565923
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1273
reference_id CVE-2018-1273
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1273
13
reference_url https://pivotal.io/security/cve-2018-1273
reference_id CVE-2018-1273
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:41:40Z/
url https://pivotal.io/security/cve-2018-1273
fixed_packages
0
url pkg:maven/org.apache.ignite/ignite-core@2.6.0
purl pkg:maven/org.apache.ignite/ignite-core@2.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d6hk-e64u-tbcj
1
vulnerability VCID-t38y-1dv8-b7av
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ignite/ignite-core@2.6.0
aliases CVE-2018-1273, GHSA-4fq3-mr56-cg6r
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s8a4-9j7s-8fc8
6
url VCID-ykug-1dhq-tygt
vulnerability_id VCID-ykug-1dhq-tygt
summary In Apache Ignite before 2.4.8 and 2.5.x before 2.5.3, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a specially prepared form of a serialized object to GridClientJdkMarshaller deserialization endpoint.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:3768
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3768
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8018.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8018.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-8018
reference_id
reference_type
scores
0
value 0.04449
scoring_system epss
scoring_elements 0.8907
published_at 2026-04-21T12:55:00Z
1
value 0.04449
scoring_system epss
scoring_elements 0.89098
published_at 2026-04-29T12:55:00Z
2
value 0.04449
scoring_system epss
scoring_elements 0.89014
published_at 2026-04-02T12:55:00Z
3
value 0.04449
scoring_system epss
scoring_elements 0.8903
published_at 2026-04-04T12:55:00Z
4
value 0.04449
scoring_system epss
scoring_elements 0.89032
published_at 2026-04-07T12:55:00Z
5
value 0.04449
scoring_system epss
scoring_elements 0.8905
published_at 2026-04-08T12:55:00Z
6
value 0.04449
scoring_system epss
scoring_elements 0.89054
published_at 2026-04-09T12:55:00Z
7
value 0.04449
scoring_system epss
scoring_elements 0.89066
published_at 2026-04-11T12:55:00Z
8
value 0.04449
scoring_system epss
scoring_elements 0.89062
published_at 2026-04-12T12:55:00Z
9
value 0.04449
scoring_system epss
scoring_elements 0.8906
published_at 2026-04-13T12:55:00Z
10
value 0.04449
scoring_system epss
scoring_elements 0.89074
published_at 2026-04-18T12:55:00Z
11
value 0.04449
scoring_system epss
scoring_elements 0.89006
published_at 2026-04-01T12:55:00Z
12
value 0.04449
scoring_system epss
scoring_elements 0.89095
published_at 2026-04-26T12:55:00Z
13
value 0.04449
scoring_system epss
scoring_elements 0.89088
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-8018
3
reference_url https://github.com/advisories/GHSA-qcjv-wfcg-mmpr
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-qcjv-wfcg-mmpr
4
reference_url https://github.com/apache/ignite/commit/82a7b8209fcf56971d12cb10410a38ed632215b
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/ignite/commit/82a7b8209fcf56971d12cb10410a38ed632215b
5
reference_url https://github.com/apache/ignite/commit/bc374f85ca4a5e69572902d2167fe6bedebd40a
reference_id
reference_type
scores
url https://github.com/apache/ignite/commit/bc374f85ca4a5e69572902d2167fe6bedebd40a
6
reference_url https://issues.apache.org/jira/browse/IGNITE-8565
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/IGNITE-8565
7
reference_url https://lists.apache.org/thread.html/e0fdf53114a321142ecfa5cfa17658090f0b4e1677de431e329b37ab@%3Cdev.ignite.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/e0fdf53114a321142ecfa5cfa17658090f0b4e1677de431e329b37ab@%3Cdev.ignite.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/e0fdf53114a321142ecfa5cfa17658090f0b4e1677de431e329b37ab%40%3Cdev.ignite.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/e0fdf53114a321142ecfa5cfa17658090f0b4e1677de431e329b37ab%40%3Cdev.ignite.apache.org%3E
9
reference_url http://www.securityfocus.com/bid/104911
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/104911
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1607731
reference_id 1607731
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1607731
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:ignite:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:ignite:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:ignite:*:*:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-8018
reference_id CVE-2018-8018
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-8018
fixed_packages
0
url pkg:maven/org.apache.ignite/ignite-core@2.6.0
purl pkg:maven/org.apache.ignite/ignite-core@2.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d6hk-e64u-tbcj
1
vulnerability VCID-t38y-1dv8-b7av
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ignite/ignite-core@2.6.0
1
url pkg:maven/org.apache.ignite/ignite-core@2.6
purl pkg:maven/org.apache.ignite/ignite-core@2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ignite/ignite-core@2.6
aliases CVE-2018-8018, GHSA-qcjv-wfcg-mmpr
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ykug-1dhq-tygt
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ignite/ignite-core@1.8.0