Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/io.spray/spray-json_2.10@1.2.5

Type maven

Namespace io.spray

Name spray-json_2.10

Version 1.2.5

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.3.5

Latest_non_vulnerable_version 1.3.5

Affected_by_vulnerabilities

url VCID-1e6n-nsbs-47et

vulnerability_id VCID-1e6n-nsbs-47et

summary

Uncontrolled Resource Consumption
Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of many JSON object fields (with keys that have the same hash code).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-18854

reference_id

reference_type

scores

value	0.00838
scoring_system	epss
scoring_elements	0.75076
published_at	2026-06-07T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.75088
published_at	2026-06-09T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.75061
published_at	2026-06-08T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.75084
published_at	2026-06-06T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.7505
published_at	2026-06-04T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.7508
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-18854

reference_url

https://github.com/spray/spray-jso

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spray/spray-jso

reference_url

https://github.com/spray/spray-json/issues/277

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spray/spray-json/issues/277

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-18854

reference_id

CVE-2018-18854

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-18854

reference_url

https://github.com/advisories/GHSA-q8xj-8xg3-w432

reference_id

GHSA-q8xj-8xg3-w432

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-q8xj-8xg3-w432

fixed_packages

url	pkg:maven/io.spray/spray-json_2.10@1.3.5
purl	pkg:maven/io.spray/spray-json_2.10@1.3.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.spray/spray-json_2.10@1.3.5

aliases CVE-2018-18854, GHSA-q8xj-8xg3-w432

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1e6n-nsbs-47et

url VCID-8rtj-2w78-1fga

vulnerability_id VCID-8rtj-2w78-1fga

summary

Uncontrolled Resource Consumption
Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of a field composed of many decimal digits.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-18853

reference_id

reference_type

scores

value	0.00838
scoring_system	epss
scoring_elements	0.75076
published_at	2026-06-07T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.75088
published_at	2026-06-09T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.75061
published_at	2026-06-08T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.75084
published_at	2026-06-06T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.7505
published_at	2026-06-04T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.7508
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-18853

reference_url

https://github.com/spray/spray-json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spray/spray-json

reference_url

https://github.com/spray/spray-json/issues/278

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spray/spray-json/issues/278

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-18853

reference_id

CVE-2018-18853

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-18853

reference_url

https://github.com/advisories/GHSA-f94m-mqhr-mc29

reference_id

GHSA-f94m-mqhr-mc29

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-f94m-mqhr-mc29

fixed_packages

url	pkg:maven/io.spray/spray-json_2.10@1.3.5
purl	pkg:maven/io.spray/spray-json_2.10@1.3.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.spray/spray-json_2.10@1.3.5

aliases CVE-2018-18853, GHSA-f94m-mqhr-mc29

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8rtj-2w78-1fga

url VCID-nsnb-23xs-73dv

vulnerability_id VCID-nsnb-23xs-73dv

summary

Uncontrolled Resource Consumption in Spray JSON
Recursive decent parsers are susceptible too StackOverflowExceptions on too deeply nested structures as currently "open" parsing state is kept on the stack.

references

reference_url

https://github.com/spray/spray-json

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spray/spray-json

reference_url

https://github.com/spray/spray-json/pull/284

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/spray/spray-json/pull/284

reference_url

https://security.snyk.io/vuln/SNYK-JAVA-IOSPRAY-72601

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.snyk.io/vuln/SNYK-JAVA-IOSPRAY-72601

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-18855
reference_id	CVE-2018-18855
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-18855

reference_url

https://github.com/advisories/GHSA-ww3v-6xjf-jv28

reference_id

GHSA-ww3v-6xjf-jv28

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-ww3v-6xjf-jv28

fixed_packages

url	pkg:maven/io.spray/spray-json_2.10@1.3.5
purl	pkg:maven/io.spray/spray-json_2.10@1.3.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.spray/spray-json_2.10@1.3.5

aliases CVE-2018-18855, GHSA-ww3v-6xjf-jv28, GMS-2022-2792

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nsnb-23xs-73dv

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.spray/spray-json_2.10@1.2.5

Package Instance