Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.xmlbeam/xmlprojector@1.4.2
Typemaven
Namespaceorg.xmlbeam
Namexmlprojector
Version1.4.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.4.15
Latest_non_vulnerable_version1.4.15
Affected_by_vulnerabilities
0
url VCID-92mk-6xrd-gbaa
vulnerability_id VCID-92mk-6xrd-gbaa
summary Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict external reference expansion. An unauthenticated remote malicious user can supply specially crafted request parameters against Spring Data's projection-based request payload binding to access arbitrary files on the system.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:1809
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1809
1
reference_url https://access.redhat.com/errata/RHSA-2018:3768
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3768
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1259.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1259.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1259
reference_id
reference_type
scores
0
value 0.09831
scoring_system epss
scoring_elements 0.92972
published_at 2026-04-09T12:55:00Z
1
value 0.09831
scoring_system epss
scoring_elements 0.92997
published_at 2026-04-29T12:55:00Z
2
value 0.09831
scoring_system epss
scoring_elements 0.93001
published_at 2026-04-26T12:55:00Z
3
value 0.09831
scoring_system epss
scoring_elements 0.9296
published_at 2026-04-07T12:55:00Z
4
value 0.09831
scoring_system epss
scoring_elements 0.92968
published_at 2026-04-08T12:55:00Z
5
value 0.09831
scoring_system epss
scoring_elements 0.92977
published_at 2026-04-11T12:55:00Z
6
value 0.09831
scoring_system epss
scoring_elements 0.92995
published_at 2026-04-21T12:55:00Z
7
value 0.09831
scoring_system epss
scoring_elements 0.92989
published_at 2026-04-18T12:55:00Z
8
value 0.09831
scoring_system epss
scoring_elements 0.92986
published_at 2026-04-16T12:55:00Z
9
value 0.09831
scoring_system epss
scoring_elements 0.92947
published_at 2026-04-01T12:55:00Z
10
value 0.09831
scoring_system epss
scoring_elements 0.92976
published_at 2026-04-13T12:55:00Z
11
value 0.09831
scoring_system epss
scoring_elements 0.92975
published_at 2026-04-12T12:55:00Z
12
value 0.09831
scoring_system epss
scoring_elements 0.92956
published_at 2026-04-02T12:55:00Z
13
value 0.09831
scoring_system epss
scoring_elements 0.92961
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1259
4
reference_url https://github.com/SvenEwald/xmlbeam/commit/f8e943f44961c14cf1316deb56280f7878702ee1
reference_id
reference_type
scores
url https://github.com/SvenEwald/xmlbeam/commit/f8e943f44961c14cf1316deb56280f7878702ee1
5
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1578902
reference_id 1578902
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1578902
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_commons:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:pivotal_software:spring_data_commons:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_commons:*:*:*:*:*:*:*:*
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:pivotal_software:spring_data_rest:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pivotal_software:spring_data_rest:*:*:*:*:*:*:*:*
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlbeam:xmlbeam:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:xmlbeam:xmlbeam:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlbeam:xmlbeam:*:*:*:*:*:*:*:*
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1259
reference_id CVE-2018-1259
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1259
11
reference_url https://pivotal.io/security/cve-2018-1259
reference_id CVE-2018-1259
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pivotal.io/security/cve-2018-1259
12
reference_url https://github.com/advisories/GHSA-m929-7fr6-cvjg
reference_id GHSA-m929-7fr6-cvjg
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-m929-7fr6-cvjg
fixed_packages
0
url pkg:maven/org.xmlbeam/xmlprojector@1.4.15
purl pkg:maven/org.xmlbeam/xmlprojector@1.4.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xmlbeam/xmlprojector@1.4.15
aliases CVE-2018-1259, GHSA-m929-7fr6-cvjg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-92mk-6xrd-gbaa
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.xmlbeam/xmlprojector@1.4.2