Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.ignite/ignite-core@2.6.0
Typemaven
Namespaceorg.apache.ignite
Nameignite-core
Version2.6.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.17.0
Latest_non_vulnerable_version2.17.0
Affected_by_vulnerabilities
0
url VCID-d6hk-e64u-tbcj
vulnerability_id VCID-d6hk-e64u-tbcj
summary 
File system access via H2 in Apache Ignite
Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1963.json
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1963.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1963
reference_id
reference_type
scores
0
value 0.04667
scoring_system epss
scoring_elements 0.89353
published_at 2026-04-26T12:55:00Z
1
value 0.04667
scoring_system epss
scoring_elements 0.89366
published_at 2026-05-05T12:55:00Z
2
value 0.04667
scoring_system epss
scoring_elements 0.89356
published_at 2026-04-29T12:55:00Z
3
value 0.04667
scoring_system epss
scoring_elements 0.89277
published_at 2026-04-01T12:55:00Z
4
value 0.04667
scoring_system epss
scoring_elements 0.89282
published_at 2026-04-02T12:55:00Z
5
value 0.04667
scoring_system epss
scoring_elements 0.89296
published_at 2026-04-04T12:55:00Z
6
value 0.04667
scoring_system epss
scoring_elements 0.89299
published_at 2026-04-07T12:55:00Z
7
value 0.04667
scoring_system epss
scoring_elements 0.89316
published_at 2026-04-08T12:55:00Z
8
value 0.04667
scoring_system epss
scoring_elements 0.8932
published_at 2026-04-09T12:55:00Z
9
value 0.04667
scoring_system epss
scoring_elements 0.89329
published_at 2026-04-11T12:55:00Z
10
value 0.04667
scoring_system epss
scoring_elements 0.89327
published_at 2026-04-12T12:55:00Z
11
value 0.04667
scoring_system epss
scoring_elements 0.89323
published_at 2026-04-13T12:55:00Z
12
value 0.04667
scoring_system epss
scoring_elements 0.89337
published_at 2026-04-16T12:55:00Z
13
value 0.04667
scoring_system epss
scoring_elements 0.89336
published_at 2026-04-18T12:55:00Z
14
value 0.04667
scoring_system epss
scoring_elements 0.89331
published_at 2026-04-21T12:55:00Z
15
value 0.04667
scoring_system epss
scoring_elements 0.89349
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1963
2
reference_url https://lists.apache.org/thread.html/r119024ef71c8d39f952df0950a275d09714715179aff544aea0129a3@%3Cuser.ignite.apache.org%3E
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r119024ef71c8d39f952df0950a275d09714715179aff544aea0129a3@%3Cuser.ignite.apache.org%3E
3
reference_url https://lists.apache.org/thread.html/r1933faf8a26c431f38a5f8dbbfab80254454e54e33a79be474b67dc4%40%3Cdev.ignite.apache.org%3E
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1933faf8a26c431f38a5f8dbbfab80254454e54e33a79be474b67dc4%40%3Cdev.ignite.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/rd43ae18588fd7bdb375be63bc95a651aab319ced6306759e1237ce67@%3Cdev.ignite.apache.org%3E
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd43ae18588fd7bdb375be63bc95a651aab319ced6306759e1237ce67@%3Cdev.ignite.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/rdf37011b92a31a67c299ff45655e2638f194fc814e5c6e2fde352884@%3Cdev.ignite.apache.org%3E
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rdf37011b92a31a67c299ff45655e2638f194fc814e5c6e2fde352884@%3Cdev.ignite.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/rdf37011b92a31a67c299ff45655e2638f194fc814e5c6e2fde352884@%3Cuser.ignite.apache.org%3E
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rdf37011b92a31a67c299ff45655e2638f194fc814e5c6e2fde352884@%3Cuser.ignite.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/re7b43cf8333ee30b6589e465f72a6ed4a082222612d1a0fdd30beb94@%3Cdev.ignite.apache.org%3E
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re7b43cf8333ee30b6589e465f72a6ed4a082222612d1a0fdd30beb94@%3Cdev.ignite.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/re7b43cf8333ee30b6589e465f72a6ed4a082222612d1a0fdd30beb94@%3Cuser.ignite.apache.org%3E
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re7b43cf8333ee30b6589e465f72a6ed4a082222612d1a0fdd30beb94@%3Cuser.ignite.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/rf032a13a4711f88c0a2c0734eecbee1026cc1b6cde27d16a653f8755@%3Cdev.ignite.apache.org%3E
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf032a13a4711f88c0a2c0734eecbee1026cc1b6cde27d16a653f8755@%3Cdev.ignite.apache.org%3E
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1963
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1963
11
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
12
reference_url http://www.openwall.com/lists/oss-security/2020/06/03/2
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/06/03/2
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1847145
reference_id 1847145
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1847145
14
reference_url https://github.com/advisories/GHSA-5wm5-8q42-rhxg
reference_id GHSA-5wm5-8q42-rhxg
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5wm5-8q42-rhxg
fixed_packages
0
url pkg:maven/org.apache.ignite/ignite-core@2.8.1
purl pkg:maven/org.apache.ignite/ignite-core@2.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-t38y-1dv8-b7av
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ignite/ignite-core@2.8.1
aliases CVE-2020-1963, GHSA-5wm5-8q42-rhxg
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d6hk-e64u-tbcj
1
url VCID-t38y-1dv8-b7av
vulnerability_id VCID-t38y-1dv8-b7av
summary 
Apache Ignite: Possible RCE when deserializing incoming messages by the server node
In Apache Ignite versions from 2.6.0 and before 2.17.0, configured Class Serialization Filters are ignored for some Ignite endpoints. The vulnerability could be exploited if an attacker manually crafts an Ignite message containing a vulnerable object whose class is present in the Ignite server classpath and sends it to Ignite server endpoints. Deserialization of such a message by the Ignite server may result in the execution of arbitrary code on the Apache Ignite server side.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52577.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52577.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52577
reference_id
reference_type
scores
0
value 0.02584
scoring_system epss
scoring_elements 0.8565
published_at 2026-05-05T12:55:00Z
1
value 0.02584
scoring_system epss
scoring_elements 0.85631
published_at 2026-04-29T12:55:00Z
2
value 0.02584
scoring_system epss
scoring_elements 0.85573
published_at 2026-04-13T12:55:00Z
3
value 0.02584
scoring_system epss
scoring_elements 0.85619
published_at 2026-04-24T12:55:00Z
4
value 0.02584
scoring_system epss
scoring_elements 0.85597
published_at 2026-04-21T12:55:00Z
5
value 0.02584
scoring_system epss
scoring_elements 0.85601
published_at 2026-04-18T12:55:00Z
6
value 0.02584
scoring_system epss
scoring_elements 0.85514
published_at 2026-04-02T12:55:00Z
7
value 0.02584
scoring_system epss
scoring_elements 0.85531
published_at 2026-04-04T12:55:00Z
8
value 0.02584
scoring_system epss
scoring_elements 0.85535
published_at 2026-04-07T12:55:00Z
9
value 0.02584
scoring_system epss
scoring_elements 0.85555
published_at 2026-04-08T12:55:00Z
10
value 0.02584
scoring_system epss
scoring_elements 0.85566
published_at 2026-04-09T12:55:00Z
11
value 0.02584
scoring_system epss
scoring_elements 0.8558
published_at 2026-04-11T12:55:00Z
12
value 0.02584
scoring_system epss
scoring_elements 0.85577
published_at 2026-04-12T12:55:00Z
13
value 0.02584
scoring_system epss
scoring_elements 0.85596
published_at 2026-04-16T12:55:00Z
14
value 0.02584
scoring_system epss
scoring_elements 0.8563
published_at 2026-04-26T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52577
2
reference_url https://github.com/apache/ignite
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/ignite
3
reference_url https://github.com/apache/ignite/commit/f1d3579eabb2c6f5b11b94d58600afc497a8603d
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/ignite/commit/f1d3579eabb2c6f5b11b94d58600afc497a8603d
4
reference_url https://lists.apache.org/thread/1bst0n27m9kb3b6f6hvlghn182vqb2hh
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-14T16:46:34Z/
url https://lists.apache.org/thread/1bst0n27m9kb3b6f6hvlghn182vqb2hh
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52577
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52577
6
reference_url http://www.openwall.com/lists/oss-security/2025/02/14/2
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/02/14/2
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2345704
reference_id 2345704
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2345704
8
reference_url https://github.com/advisories/GHSA-8355-xj3p-hv6q
reference_id GHSA-8355-xj3p-hv6q
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8355-xj3p-hv6q
fixed_packages
0
url pkg:maven/org.apache.ignite/ignite-core@2.17.0
purl pkg:maven/org.apache.ignite/ignite-core@2.17.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ignite/ignite-core@2.17.0
aliases CVE-2024-52577, GHSA-8355-xj3p-hv6q
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t38y-1dv8-b7av
Fixing_vulnerabilities
0
url VCID-s8a4-9j7s-8fc8
vulnerability_id VCID-s8a4-9j7s-8fc8
summary Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.
references
0
reference_url http://mail-archives.apache.org/mod_mbox/ignite-dev/201807.mbox/%3CCAK0qHnqzfzmCDFFi6c5Jok19zNkVCz5Xb4sU%3D0f2J_1i4p46zQ%40mail.gmail.com%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:41:40Z/
url http://mail-archives.apache.org/mod_mbox/ignite-dev/201807.mbox/%3CCAK0qHnqzfzmCDFFi6c5Jok19zNkVCz5Xb4sU%3D0f2J_1i4p46zQ%40mail.gmail.com%3E
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1273.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1273.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1273
reference_id
reference_type
scores
0
value 0.94288
scoring_system epss
scoring_elements 0.99941
published_at 2026-04-26T12:55:00Z
1
value 0.94288
scoring_system epss
scoring_elements 0.99942
published_at 2026-05-05T12:55:00Z
2
value 0.94288
scoring_system epss
scoring_elements 0.9994
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1273
3
reference_url https://github.com/advisories/GHSA-4fq3-mr56-cg6r
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-4fq3-mr56-cg6r
4
reference_url https://github.com/spring-projects/spring-data-commons
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-data-commons
5
reference_url https://github.com/spring-projects/spring-data-commons/commit/ae1dd2741ce06d44a0966ecbd6f47beabde2b65
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-data-commons/commit/ae1dd2741ce06d44a0966ecbd6f47beabde2b65
6
reference_url https://github.com/spring-projects/spring-data-commons/commit/ae1dd2741ce06d44a0966ecbd6f47beabde2b653
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-data-commons/commit/ae1dd2741ce06d44a0966ecbd6f47beabde2b653
7
reference_url https://github.com/spring-projects/spring-data-commons/commit/b1a20ae1e82a63f99b3afc6f2aaedb3bf4dc432
reference_id
reference_type
scores
url https://github.com/spring-projects/spring-data-commons/commit/b1a20ae1e82a63f99b3afc6f2aaedb3bf4dc432
8
reference_url https://github.com/spring-projects/spring-data-commons/commit/b1a20ae1e82a63f99b3afc6f2aaedb3bf4dc432a
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-data-commons/commit/b1a20ae1e82a63f99b3afc6f2aaedb3bf4dc432a
9
reference_url https://github.com/spring-projects/spring-data-commons/issues/1721
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-data-commons/issues/1721
10
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:41:40Z/
url https://www.oracle.com/security-alerts/cpujul2022.html
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1565923
reference_id 1565923
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1565923
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1273
reference_id CVE-2018-1273
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1273
13
reference_url https://pivotal.io/security/cve-2018-1273
reference_id CVE-2018-1273
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T12:41:40Z/
url https://pivotal.io/security/cve-2018-1273
fixed_packages
0
url pkg:maven/org.apache.ignite/ignite-core@2.6.0
purl pkg:maven/org.apache.ignite/ignite-core@2.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d6hk-e64u-tbcj
1
vulnerability VCID-t38y-1dv8-b7av
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ignite/ignite-core@2.6.0
aliases CVE-2018-1273, GHSA-4fq3-mr56-cg6r
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s8a4-9j7s-8fc8
1
url VCID-ykug-1dhq-tygt
vulnerability_id VCID-ykug-1dhq-tygt
summary In Apache Ignite before 2.4.8 and 2.5.x before 2.5.3, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a specially prepared form of a serialized object to GridClientJdkMarshaller deserialization endpoint.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:3768
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3768
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8018.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8018.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-8018
reference_id
reference_type
scores
0
value 0.04449
scoring_system epss
scoring_elements 0.89088
published_at 2026-04-24T12:55:00Z
1
value 0.04449
scoring_system epss
scoring_elements 0.89105
published_at 2026-05-05T12:55:00Z
2
value 0.04449
scoring_system epss
scoring_elements 0.8903
published_at 2026-04-04T12:55:00Z
3
value 0.04449
scoring_system epss
scoring_elements 0.89032
published_at 2026-04-07T12:55:00Z
4
value 0.04449
scoring_system epss
scoring_elements 0.8905
published_at 2026-04-08T12:55:00Z
5
value 0.04449
scoring_system epss
scoring_elements 0.89054
published_at 2026-04-09T12:55:00Z
6
value 0.04449
scoring_system epss
scoring_elements 0.89066
published_at 2026-04-11T12:55:00Z
7
value 0.04449
scoring_system epss
scoring_elements 0.89062
published_at 2026-04-12T12:55:00Z
8
value 0.04449
scoring_system epss
scoring_elements 0.8906
published_at 2026-04-13T12:55:00Z
9
value 0.04449
scoring_system epss
scoring_elements 0.89074
published_at 2026-04-18T12:55:00Z
10
value 0.04449
scoring_system epss
scoring_elements 0.8907
published_at 2026-04-21T12:55:00Z
11
value 0.04449
scoring_system epss
scoring_elements 0.89006
published_at 2026-04-01T12:55:00Z
12
value 0.04449
scoring_system epss
scoring_elements 0.89098
published_at 2026-04-29T12:55:00Z
13
value 0.04449
scoring_system epss
scoring_elements 0.89095
published_at 2026-04-26T12:55:00Z
14
value 0.04449
scoring_system epss
scoring_elements 0.89014
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-8018
3
reference_url https://github.com/advisories/GHSA-qcjv-wfcg-mmpr
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-qcjv-wfcg-mmpr
4
reference_url https://github.com/apache/ignite/commit/82a7b8209fcf56971d12cb10410a38ed632215b
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/ignite/commit/82a7b8209fcf56971d12cb10410a38ed632215b
5
reference_url https://github.com/apache/ignite/commit/bc374f85ca4a5e69572902d2167fe6bedebd40a
reference_id
reference_type
scores
url https://github.com/apache/ignite/commit/bc374f85ca4a5e69572902d2167fe6bedebd40a
6
reference_url https://issues.apache.org/jira/browse/IGNITE-8565
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/IGNITE-8565
7
reference_url https://lists.apache.org/thread.html/e0fdf53114a321142ecfa5cfa17658090f0b4e1677de431e329b37ab@%3Cdev.ignite.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/e0fdf53114a321142ecfa5cfa17658090f0b4e1677de431e329b37ab@%3Cdev.ignite.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/e0fdf53114a321142ecfa5cfa17658090f0b4e1677de431e329b37ab%40%3Cdev.ignite.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/e0fdf53114a321142ecfa5cfa17658090f0b4e1677de431e329b37ab%40%3Cdev.ignite.apache.org%3E
9
reference_url http://www.securityfocus.com/bid/104911
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/104911
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1607731
reference_id 1607731
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1607731
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:ignite:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:ignite:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:ignite:*:*:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-8018
reference_id CVE-2018-8018
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-8018
fixed_packages
0
url pkg:maven/org.apache.ignite/ignite-core@2.6.0
purl pkg:maven/org.apache.ignite/ignite-core@2.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d6hk-e64u-tbcj
1
vulnerability VCID-t38y-1dv8-b7av
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ignite/ignite-core@2.6.0
1
url pkg:maven/org.apache.ignite/ignite-core@2.6
purl pkg:maven/org.apache.ignite/ignite-core@2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ignite/ignite-core@2.6
aliases CVE-2018-8018, GHSA-qcjv-wfcg-mmpr
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ykug-1dhq-tygt
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ignite/ignite-core@2.6.0