Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/wget@1.20.1-r0?arch=x86&distroversion=v3.9&reponame=main
Typeapk
Namespacealpine
Namewget
Version1.20.1-r0
Qualifiers
arch x86
distroversion v3.9
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-b8jj-vw62-hugz
vulnerability_id VCID-b8jj-vw62-hugz
summary set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20483.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20483.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-20483
reference_id
reference_type
scores
0
value 0.00044
scoring_system epss
scoring_elements 0.13981
published_at 2026-06-04T12:55:00Z
1
value 0.00044
scoring_system epss
scoring_elements 0.14055
published_at 2026-06-05T12:55:00Z
2
value 0.00044
scoring_system epss
scoring_elements 0.14056
published_at 2026-06-06T12:55:00Z
3
value 0.00044
scoring_system epss
scoring_elements 0.14019
published_at 2026-06-07T12:55:00Z
4
value 0.00044
scoring_system epss
scoring_elements 0.13935
published_at 2026-06-08T12:55:00Z
5
value 0.00044
scoring_system epss
scoring_elements 0.13964
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-20483
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20483
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20483
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1662705
reference_id 1662705
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1662705
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917375
reference_id 917375
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917375
6
reference_url https://security.gentoo.org/glsa/201903-08
reference_id GLSA-201903-08
reference_type
scores
url https://security.gentoo.org/glsa/201903-08
7
reference_url https://access.redhat.com/errata/RHSA-2019:3701
reference_id RHSA-2019:3701
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3701
8
reference_url https://usn.ubuntu.com/3943-1/
reference_id USN-3943-1
reference_type
scores
url https://usn.ubuntu.com/3943-1/
fixed_packages
0
url pkg:apk/alpine/wget@1.20.1-r0?arch=x86&distroversion=v3.9&reponame=main
purl pkg:apk/alpine/wget@1.20.1-r0?arch=x86&distroversion=v3.9&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/wget@1.20.1-r0%3Farch=x86&distroversion=v3.9&reponame=main
aliases CVE-2018-20483
risk_score 2.5
exploitability 0.5
weighted_severity 5.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b8jj-vw62-hugz
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/wget@1.20.1-r0%3Farch=x86&distroversion=v3.9&reponame=main