Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.xmlbeam/xmlprojector@1.4.10
Typemaven
Namespaceorg.xmlbeam
Namexmlprojector
Version1.4.10
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.4.15
Latest_non_vulnerable_version1.4.15
Affected_by_vulnerabilities
0
url VCID-h1gq-c3sp-1fga
vulnerability_id VCID-h1gq-c3sp-1fga
summary 
Improper Restriction of XML External Entity Reference
XMLBeam does not restrict external reference expansion. An unauthenticated remote malicious user can supply specially crafted request parameters against Spring Data's projection-based request payload binding to access arbitrary files on the system.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:1809
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1809
1
reference_url https://access.redhat.com/errata/RHSA-2018:3768
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3768
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1259.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1259.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1259
reference_id
reference_type
scores
0
value 0.09831
scoring_system epss
scoring_elements 0.93125
published_at 2026-06-07T12:55:00Z
1
value 0.09831
scoring_system epss
scoring_elements 0.93132
published_at 2026-06-09T12:55:00Z
2
value 0.09831
scoring_system epss
scoring_elements 0.93123
published_at 2026-06-08T12:55:00Z
3
value 0.09831
scoring_system epss
scoring_elements 0.93118
published_at 2026-06-04T12:55:00Z
4
value 0.09831
scoring_system epss
scoring_elements 0.93129
published_at 2026-06-05T12:55:00Z
5
value 0.09831
scoring_system epss
scoring_elements 0.93128
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1259
4
reference_url https://github.com/SvenEwald/xmlbeam/commit/f8e943f44961c14cf1316deb56280f7878702ee1
reference_id
reference_type
scores
url https://github.com/SvenEwald/xmlbeam/commit/f8e943f44961c14cf1316deb56280f7878702ee1
5
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1578902
reference_id 1578902
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1578902
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1259
reference_id CVE-2018-1259
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1259
8
reference_url https://pivotal.io/security/cve-2018-1259
reference_id CVE-2018-1259
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pivotal.io/security/cve-2018-1259
9
reference_url https://github.com/advisories/GHSA-m929-7fr6-cvjg
reference_id GHSA-m929-7fr6-cvjg
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-m929-7fr6-cvjg
fixed_packages
0
url pkg:maven/org.xmlbeam/xmlprojector@1.4.15
purl pkg:maven/org.xmlbeam/xmlprojector@1.4.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xmlbeam/xmlprojector@1.4.15
aliases CVE-2018-1259, GHSA-m929-7fr6-cvjg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h1gq-c3sp-1fga
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.xmlbeam/xmlprojector@1.4.10