Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.springframework/spring-webflux@5.0.RELEASE
Typemaven
Namespaceorg.springframework
Namespring-webflux
Version5.0.RELEASE
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.2.20.RELEASE
Latest_non_vulnerable_version7.0.6
Affected_by_vulnerabilities
0
url VCID-pb7f-yasx-17ag
vulnerability_id VCID-pb7f-yasx-17ag
summary Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:1320
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1320
1
reference_url https://access.redhat.com/errata/RHSA-2018:2669
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2669
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1272.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1272.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1272
reference_id
reference_type
scores
0
value 0.02166
scoring_system epss
scoring_elements 0.84327
published_at 2026-04-18T12:55:00Z
1
value 0.02166
scoring_system epss
scoring_elements 0.84326
published_at 2026-04-16T12:55:00Z
2
value 0.02166
scoring_system epss
scoring_elements 0.84304
published_at 2026-04-13T12:55:00Z
3
value 0.02166
scoring_system epss
scoring_elements 0.84307
published_at 2026-04-12T12:55:00Z
4
value 0.02166
scoring_system epss
scoring_elements 0.84313
published_at 2026-04-11T12:55:00Z
5
value 0.02166
scoring_system epss
scoring_elements 0.84295
published_at 2026-04-09T12:55:00Z
6
value 0.02166
scoring_system epss
scoring_elements 0.84369
published_at 2026-04-29T12:55:00Z
7
value 0.02166
scoring_system epss
scoring_elements 0.84364
published_at 2026-04-26T12:55:00Z
8
value 0.02166
scoring_system epss
scoring_elements 0.84356
published_at 2026-04-24T12:55:00Z
9
value 0.02166
scoring_system epss
scoring_elements 0.84329
published_at 2026-04-21T12:55:00Z
10
value 0.02166
scoring_system epss
scoring_elements 0.84268
published_at 2026-04-07T12:55:00Z
11
value 0.02166
scoring_system epss
scoring_elements 0.84266
published_at 2026-04-04T12:55:00Z
12
value 0.02166
scoring_system epss
scoring_elements 0.84247
published_at 2026-04-02T12:55:00Z
13
value 0.02166
scoring_system epss
scoring_elements 0.84235
published_at 2026-04-01T12:55:00Z
14
value 0.02166
scoring_system epss
scoring_elements 0.8429
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1272
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1272
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1272
5
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/141286
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/141286
6
reference_url https://github.com/spring-projects/spring-framework/commit/ab2410c754b67902f002bfcc0c3895bd7772d39
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/ab2410c754b67902f002bfcc0c3895bd7772d39
7
reference_url https://github.com/spring-projects/spring-framework/commit/e02ff3a0da50744b0980d5d665fd242eedea767
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/e02ff3a0da50744b0980d5d665fd242eedea767
8
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2020.html
9
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
10
reference_url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
11
reference_url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
12
reference_url http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
13
reference_url http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
14
reference_url http://www.securityfocus.com/bid/103697
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/103697
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1564408
reference_id 1564408
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1564408
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895114
reference_id 895114
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895114
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1272
reference_id CVE-2018-1272
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1272
18
reference_url https://pivotal.io/security/cve-2018-1272
reference_id CVE-2018-1272
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pivotal.io/security/cve-2018-1272
19
reference_url https://github.com/advisories/GHSA-4487-x383-qpph
reference_id GHSA-4487-x383-qpph
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-4487-x383-qpph
fixed_packages
0
url pkg:maven/org.springframework/spring-webflux@5.0.5.RELEASE
purl pkg:maven/org.springframework/spring-webflux@5.0.5.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cyjt-4vjn-mbc7
1
vulnerability VCID-pht6-8af8-b3f2
2
vulnerability VCID-u7kk-c6fm-judy
3
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webflux@5.0.5.RELEASE
aliases CVE-2018-1272, GHSA-4487-x383-qpph
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pb7f-yasx-17ag
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webflux@5.0.RELEASE