Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/ro.pippo/pippo-core@1.8.0
Typemaven
Namespacero.pippo
Namepippo-core
Version1.8.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.12.0
Latest_non_vulnerable_version1.12.0
Affected_by_vulnerabilities
0
url VCID-5qgv-5kad-5kfg
vulnerability_id VCID-5qgv-5kad-5kfg
summary 
Deserialization of Untrusted Data
An issue was discovered in Pippo 1.11.0. The function SerializationSessionDataTranscoder.decode() calls ObjectInputStream.readObject() to deserialize a SessionData object without checking the object types. An attacker can create a malicious object, base64 encode it, and place it in the PIPPO_SESSION field of a cookie. Sending this cookie may lead to remote code execution.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-18628
reference_id
reference_type
scores
0
value 0.04173
scoring_system epss
scoring_elements 0.88884
published_at 2026-06-04T12:55:00Z
1
value 0.04173
scoring_system epss
scoring_elements 0.889
published_at 2026-06-08T12:55:00Z
2
value 0.04173
scoring_system epss
scoring_elements 0.88901
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-18628
1
reference_url https://github.com/pippo-java/pippo
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pippo-java/pippo
2
reference_url https://github.com/pippo-java/pippo/commit/a82347d9d3358e98c89b48579d4285d807a57cc0
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pippo-java/pippo/commit/a82347d9d3358e98c89b48579d4285d807a57cc0
3
reference_url https://github.com/pippo-java/pippo/commit/c6b26551a82d2dd32097fcb17c13c3b830916296
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pippo-java/pippo/commit/c6b26551a82d2dd32097fcb17c13c3b830916296
4
reference_url https://github.com/pippo-java/pippo/issues/458
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pippo-java/pippo/issues/458
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-18628
reference_id CVE-2018-18628
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-18628
6
reference_url https://github.com/advisories/GHSA-7fm6-2qw4-g3x3
reference_id GHSA-7fm6-2qw4-g3x3
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-7fm6-2qw4-g3x3
fixed_packages
0
url pkg:maven/ro.pippo/pippo-core@1.12.0
purl pkg:maven/ro.pippo/pippo-core@1.12.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ro.pippo/pippo-core@1.12.0
aliases CVE-2018-18628, GHSA-7fm6-2qw4-g3x3
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5qgv-5kad-5kfg
1
url VCID-9rsf-zzwy-w7cx
vulnerability_id VCID-9rsf-zzwy-w7cx
summary 
Improper Restriction of XML External Entity Reference
jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-20059
reference_id
reference_type
scores
0
value 0.00404
scoring_system epss
scoring_elements 0.61242
published_at 2026-06-04T12:55:00Z
1
value 0.00404
scoring_system epss
scoring_elements 0.61267
published_at 2026-06-08T12:55:00Z
2
value 0.00404
scoring_system epss
scoring_elements 0.61285
published_at 2026-06-07T12:55:00Z
3
value 0.00404
scoring_system epss
scoring_elements 0.61299
published_at 2026-06-06T12:55:00Z
4
value 0.00404
scoring_system epss
scoring_elements 0.61291
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-20059
1
reference_url https://github.com/pippo-java/pippo
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pippo-java/pippo
2
reference_url https://github.com/pippo-java/pippo/commit/9f36e5891c0b11f840e1e1561ae96d83ba9ce759
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pippo-java/pippo/commit/9f36e5891c0b11f840e1e1561ae96d83ba9ce759
3
reference_url https://github.com/pippo-java/pippo/issues/486
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pippo-java/pippo/issues/486
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-20059
reference_id CVE-2018-20059
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-20059
5
reference_url https://github.com/advisories/GHSA-rmm5-g63h-m6g9
reference_id GHSA-rmm5-g63h-m6g9
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-rmm5-g63h-m6g9
fixed_packages
0
url pkg:maven/ro.pippo/pippo-core@1.12.0
purl pkg:maven/ro.pippo/pippo-core@1.12.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ro.pippo/pippo-core@1.12.0
aliases CVE-2018-20059, GHSA-rmm5-g63h-m6g9
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9rsf-zzwy-w7cx
2
url VCID-qg4q-4rcb-vkdd
vulnerability_id VCID-qg4q-4rcb-vkdd
summary 
Deserialization of Untrusted Data
Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-18240
reference_id
reference_type
scores
0
value 0.02572
scoring_system epss
scoring_elements 0.85828
published_at 2026-06-04T12:55:00Z
1
value 0.02572
scoring_system epss
scoring_elements 0.85832
published_at 2026-06-08T12:55:00Z
2
value 0.02572
scoring_system epss
scoring_elements 0.85848
published_at 2026-06-07T12:55:00Z
3
value 0.02572
scoring_system epss
scoring_elements 0.85851
published_at 2026-06-06T12:55:00Z
4
value 0.02572
scoring_system epss
scoring_elements 0.8585
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-18240
1
reference_url https://github.com/pippo-java/pippo
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pippo-java/pippo
2
reference_url https://github.com/pippo-java/pippo/commit/c6b26551a82d2dd32097fcb17c13c3b830916296
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pippo-java/pippo/commit/c6b26551a82d2dd32097fcb17c13c3b830916296
3
reference_url https://github.com/pippo-java/pippo/issues/454
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pippo-java/pippo/issues/454
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-18240
reference_id CVE-2018-18240
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-18240
5
reference_url https://github.com/advisories/GHSA-h892-x453-86wc
reference_id GHSA-h892-x453-86wc
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h892-x453-86wc
fixed_packages
0
url pkg:maven/ro.pippo/pippo-core@1.12.0
purl pkg:maven/ro.pippo/pippo-core@1.12.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ro.pippo/pippo-core@1.12.0
aliases CVE-2018-18240, GHSA-h892-x453-86wc
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qg4q-4rcb-vkdd
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/ro.pippo/pippo-core@1.8.0