Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/python2-tkinter@2.7.18-r0?arch=x86_64&distroversion=v3.10&reponame=community
Typeapk
Namespacealpine
Namepython2-tkinter
Version2.7.18-r0
Qualifiers
arch x86_64
distroversion v3.10
reponame community
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-g932-tm87-ebb6
vulnerability_id VCID-g932-tm87-ebb6
summary An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.). This is fixed in: v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1; v3.6.11, v3.6.11rc1, v3.6.12; v3.7.8, v3.7.8rc1, v3.7.9; v3.8.3, v3.8.3rc1, v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18348.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18348.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-18348
reference_id
reference_type
scores
0
value 0.02244
scoring_system epss
scoring_elements 0.84896
published_at 2026-06-09T12:55:00Z
1
value 0.02244
scoring_system epss
scoring_elements 0.84881
published_at 2026-06-08T12:55:00Z
2
value 0.02672
scoring_system epss
scoring_elements 0.8612
published_at 2026-06-05T12:55:00Z
3
value 0.02672
scoring_system epss
scoring_elements 0.86123
published_at 2026-06-06T12:55:00Z
4
value 0.02672
scoring_system epss
scoring_elements 0.86119
published_at 2026-06-07T12:55:00Z
5
value 0.02672
scoring_system epss
scoring_elements 0.86099
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-18348
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18348
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18348
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1727276
reference_id 1727276
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1727276
5
reference_url https://access.redhat.com/errata/RHSA-2020:4273
reference_id RHSA-2020:4273
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4273
6
reference_url https://access.redhat.com/errata/RHSA-2020:4285
reference_id RHSA-2020:4285
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4285
7
reference_url https://usn.ubuntu.com/4333-1/
reference_id USN-4333-1
reference_type
scores
url https://usn.ubuntu.com/4333-1/
8
reference_url https://usn.ubuntu.com/4333-2/
reference_id USN-4333-2
reference_type
scores
url https://usn.ubuntu.com/4333-2/
9
reference_url https://usn.ubuntu.com/6891-1/
reference_id USN-6891-1
reference_type
scores
url https://usn.ubuntu.com/6891-1/
fixed_packages
0
url pkg:apk/alpine/python2-tkinter@2.7.18-r0?arch=x86_64&distroversion=v3.10&reponame=community
purl pkg:apk/alpine/python2-tkinter@2.7.18-r0?arch=x86_64&distroversion=v3.10&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/python2-tkinter@2.7.18-r0%3Farch=x86_64&distroversion=v3.10&reponame=community
aliases CVE-2019-18348
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g932-tm87-ebb6
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/python2-tkinter@2.7.18-r0%3Farch=x86_64&distroversion=v3.10&reponame=community