Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.ambari/ambari-server@2.5.0

Type maven

Namespace org.apache.ambari

Name ambari-server

Version 2.5.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.5.1

Latest_non_vulnerable_version 2.7.7

Affected_by_vulnerabilities

url VCID-9rz2-phnw-1kca

vulnerability_id VCID-9rz2-phnw-1kca

summary

Information Exposure
Sensitive data may be stored on disk in temporary files on the Ambari Server host. The temporary files are readable by any user authenticated on the host.

references

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-5655
reference_id	CVE-2017-5655
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-5655

fixed_packages

url	pkg:maven/org.apache.ambari/ambari-server@2.5.1
purl	pkg:maven/org.apache.ambari/ambari-server@2.5.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ambari/ambari-server@2.5.1

aliases CVE-2017-5655

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9rz2-phnw-1kca

url VCID-znw5-yk6r-nuhk

vulnerability_id VCID-znw5-yk6r-nuhk

summary

XPath Injection
An authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes.

references

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-5654
reference_id	CVE-2017-5654
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-5654

fixed_packages

url	pkg:maven/org.apache.ambari/ambari-server@2.5.1
purl	pkg:maven/org.apache.ambari/ambari-server@2.5.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ambari/ambari-server@2.5.1

aliases CVE-2017-5654

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-znw5-yk6r-nuhk

Fixing_vulnerabilities

url VCID-q1e4-5sjs-eqgs

vulnerability_id VCID-q1e4-5sjs-eqgs

summary

Incorrect Default Permissions
During installation, Ambari Server artifacts are not created with proper ACLs.

references

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-5642
reference_id	CVE-2017-5642
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-5642

fixed_packages

url pkg:maven/org.apache.ambari/ambari-server@2.5.0

purl pkg:maven/org.apache.ambari/ambari-server@2.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9rz2-phnw-1kca

vulnerability	VCID-znw5-yk6r-nuhk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ambari/ambari-server@2.5.0

aliases CVE-2017-5642

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q1e4-5sjs-eqgs

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ambari/ambari-server@2.5.0

Package Instance