Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/mistral@6.0.0.0b1

Type pypi

Namespace

Name mistral

Version 6.0.0.0b1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 10.0.0

Latest_non_vulnerable_version 10.0.0

Affected_by_vulnerabilities

url VCID-566y-jpyb-b3cj

vulnerability_id VCID-566y-jpyb-b3cj

summary A Denial of Service (DoS) condition is possible in OpenStack Mistral in versions up to and including 7.0.3. Submitting a specially crafted workflow definition YAML file containing nested anchors can lead to resource exhaustion culminating in a denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16848.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16848.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-16848

reference_id

reference_type

scores

value	0.00386
scoring_system	epss
scoring_elements	0.60183
published_at	2026-06-11T12:55:00Z

value	0.00386
scoring_system	epss
scoring_elements	0.6029
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-16848

reference_url

https://bugs.launchpad.net/mistral/+bug/1785657

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/mistral/+bug/1785657

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1645332

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1645332

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16848
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16848

reference_url	https://github.com/advisories/GHSA-443j-6p7g-6v4w
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-443j-6p7g-6v4w

reference_url

https://github.com/openstack/mistral

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/mistral

reference_url

https://github.com/openstack/mistral/commit/eac23d9e774f658f9d4743c99aa2743eb104c3f9

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/mistral/commit/eac23d9e774f658f9d4743c99aa2743eb104c3f9

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/mistral/PYSEC-2020-240.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/mistral/PYSEC-2020-240.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-16848

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-16848

reference_url	https://usn.ubuntu.com/7465-1/
reference_id	USN-7465-1
reference_type
scores
url	https://usn.ubuntu.com/7465-1/

fixed_packages

url pkg:pypi/mistral@7.0.4

purl pkg:pypi/mistral@7.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-566y-jpyb-b3cj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mistral@7.0.4

url	pkg:pypi/mistral@10.0.0
purl	pkg:pypi/mistral@10.0.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/mistral@10.0.0

aliases CVE-2018-16848, GHSA-443j-6p7g-6v4w, PYSEC-2020-240

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-566y-jpyb-b3cj

url VCID-hs62-t461-3bfz

vulnerability_id VCID-hs62-t461-3bfz

summary A flaw was found in openstack-mistral. By manipulating the SSH private key filename, the std.ssh action can be used to disclose the presence of arbitrary files within the filesystem of the executor running the action. Since std.ssh private_key_filename can take an absolute path, it can be used to assess whether or not a file exists on the executor's filesystem.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16849.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16849.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-16849

reference_id

reference_type

scores

value	0.00352
scoring_system	epss
scoring_elements	0.58121
published_at	2026-06-12T12:55:00Z

value	0.00352
scoring_system	epss
scoring_elements	0.58008
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-16849

reference_url

https://bugs.launchpad.net/mistral/+bug/1783708

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/mistral/+bug/1783708

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16849

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16849

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16849
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16849

reference_url

https://github.com/openstack/mistral

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/mistral

reference_url

https://github.com/openstack/mistral/commit/2309e5265a1d5f28480ae872817b5de05f66e83c

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/mistral/commit/2309e5265a1d5f28480ae872817b5de05f66e83c

reference_url

https://github.com/openstack/mistral/commit/c93b45a61f49d4633f76d8e117cd89063e7759c4

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/mistral/commit/c93b45a61f49d4633f76d8e117cd89063e7759c4

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/mistral/PYSEC-2018-92.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/mistral/PYSEC-2018-92.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1645334
reference_id	1645334
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1645334

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912714
reference_id	912714
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912714

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-16849

reference_id

CVE-2018-16849

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-16849

reference_url

https://github.com/advisories/GHSA-fqw7-c6vr-q29m

reference_id

GHSA-fqw7-c6vr-q29m

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fqw7-c6vr-q29m

reference_url	https://usn.ubuntu.com/7465-1/
reference_id	USN-7465-1
reference_type
scores
url	https://usn.ubuntu.com/7465-1/

fixed_packages

url pkg:pypi/mistral@7.0.1

purl pkg:pypi/mistral@7.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-566y-jpyb-b3cj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mistral@7.0.1

aliases CVE-2018-16849, GHSA-fqw7-c6vr-q29m, PYSEC-2018-92

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hs62-t461-3bfz

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mistral@6.0.0.0b1

Package Instance