Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.springframework/spring-webmvc@4.2.9.RELEASE
Typemaven
Namespaceorg.springframework
Namespring-webmvc
Version4.2.9.RELEASE
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.2.9.RELEASE.4.2
Latest_non_vulnerable_version6.0.14
Affected_by_vulnerabilities
0
url VCID-2327-21sr-mfgx
vulnerability_id VCID-2327-21sr-mfgx
summary 
Improper Privilege Management
When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:1320
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:1320
1
reference_url https://access.redhat.com/errata/RHSA-2018:2669
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2669
2
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/141286
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/141286
3
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpujul2020.html
4
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuoct2021.html
5
reference_url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
reference_id
reference_type
scores
url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
6
reference_url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
7
reference_url http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
8
reference_url http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
9
reference_url http://www.securityfocus.com/bid/103697
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/103697
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1272
reference_id CVE-2018-1272
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1272
11
reference_url https://pivotal.io/security/cve-2018-1272
reference_id CVE-2018-1272
reference_type
scores
url https://pivotal.io/security/cve-2018-1272
12
reference_url https://github.com/advisories/GHSA-4487-x383-qpph
reference_id GHSA-4487-x383-qpph
reference_type
scores
url https://github.com/advisories/GHSA-4487-x383-qpph
fixed_packages
0
url pkg:maven/org.springframework/spring-webmvc@5.0.5.RELEASE
purl pkg:maven/org.springframework/spring-webmvc@5.0.5.RELEASE
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@5.0.5.RELEASE
aliases CVE-2018-1272, GHSA-4487-x383-qpph
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2327-21sr-mfgx
1
url VCID-dakn-kfyh-syab
vulnerability_id VCID-dakn-kfyh-syab
summary 
Uncontrolled Resource Consumption
Spring Framework provides support for range requests when serving static resources through the `ResourceHttpRequestHandler`. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack.
references
0
reference_url http://www.securityfocus.com/bid/105703
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/105703
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-15756
reference_id CVE-2018-15756
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-15756
2
reference_url https://pivotal.io/security/cve-2018-15756
reference_id CVE-2018-15756
reference_type
scores
url https://pivotal.io/security/cve-2018-15756
fixed_packages
0
url pkg:maven/org.springframework/spring-webmvc@4.3.20.RELEASE
purl pkg:maven/org.springframework/spring-webmvc@4.3.20.RELEASE
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@4.3.20.RELEASE
1
url pkg:maven/org.springframework/spring-webmvc@5.0.10.RELEASE
purl pkg:maven/org.springframework/spring-webmvc@5.0.10.RELEASE
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@5.0.10.RELEASE
2
url pkg:maven/org.springframework/spring-webmvc@5.1.1.RELEASE
purl pkg:maven/org.springframework/spring-webmvc@5.1.1.RELEASE
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@5.1.1.RELEASE
aliases CVE-2018-15756
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dakn-kfyh-syab
2
url VCID-envb-buqd-r3dt
vulnerability_id VCID-envb-buqd-r3dt
summary 
Path Traversal
Spring Framework allows applications to configure Spring MVC to serve static resources (e.g., CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the `ServletContext`), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:1320
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:1320
1
reference_url https://access.redhat.com/errata/RHSA-2018:2669
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2669
2
reference_url https://access.redhat.com/errata/RHSA-2018:2939
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2939
3
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpujul2020.html
4
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuoct2021.html
5
reference_url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
reference_id
reference_type
scores
url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
6
reference_url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
7
reference_url http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
8
reference_url http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
9
reference_url http://www.securityfocus.com/bid/103699
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/103699
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1271
reference_id CVE-2018-1271
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1271
11
reference_url https://pivotal.io/security/cve-2018-1271
reference_id CVE-2018-1271
reference_type
scores
url https://pivotal.io/security/cve-2018-1271
12
reference_url https://github.com/advisories/GHSA-g8hw-794c-4j9g
reference_id GHSA-g8hw-794c-4j9g
reference_type
scores
url https://github.com/advisories/GHSA-g8hw-794c-4j9g
fixed_packages
0
url pkg:maven/org.springframework/spring-webmvc@4.3.15.RELEASE
purl pkg:maven/org.springframework/spring-webmvc@4.3.15.RELEASE
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@4.3.15.RELEASE
1
url pkg:maven/org.springframework/spring-webmvc@5.0.5.RELEASE
purl pkg:maven/org.springframework/spring-webmvc@5.0.5.RELEASE
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@5.0.5.RELEASE
aliases CVE-2018-1271, GHSA-g8hw-794c-4j9g
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-envb-buqd-r3dt
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-webmvc@4.2.9.RELEASE