Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.jenkins-ci.plugins/htmlpublisher@1.32.1
Typemaven
Namespaceorg.jenkins-ci.plugins
Namehtmlpublisher
Version1.32.1
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version427
Latest_non_vulnerable_version427
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-117s-ujg4-cyfk
vulnerability_id VCID-117s-ujg4-cyfk
summary 
Jenkins HTML Publisher Plugin Path traversal vulnerability
Jenkins HTML Publisher Plugin 1.32 and earlier archives invalid symbolic links in report directories on agents and recreates them on the controller, allowing attackers with Item/Configure permission to determine whether a path on the Jenkins controller file system exists, without being able to access it.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28151.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28151.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28151
reference_id
reference_type
scores
0
value 0.00209
scoring_system epss
scoring_elements 0.43338
published_at 2026-04-13T12:55:00Z
1
value 0.00209
scoring_system epss
scoring_elements 0.43353
published_at 2026-04-12T12:55:00Z
2
value 0.00209
scoring_system epss
scoring_elements 0.43385
published_at 2026-04-11T12:55:00Z
3
value 0.00209
scoring_system epss
scoring_elements 0.43364
published_at 2026-04-09T12:55:00Z
4
value 0.00209
scoring_system epss
scoring_elements 0.43349
published_at 2026-04-08T12:55:00Z
5
value 0.00209
scoring_system epss
scoring_elements 0.43297
published_at 2026-04-07T12:55:00Z
6
value 0.00209
scoring_system epss
scoring_elements 0.4336
published_at 2026-04-04T12:55:00Z
7
value 0.00209
scoring_system epss
scoring_elements 0.43331
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28151
2
reference_url https://github.com/jenkinsci/htmlpublisher-plugin
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/htmlpublisher-plugin
3
reference_url https://github.com/jenkinsci/htmlpublisher-plugin/commit/6b840248dd0d691bbac9b515cd750b3f925909b2
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/htmlpublisher-plugin/commit/6b840248dd0d691bbac9b515cd750b3f925909b2
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-28151
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-28151
5
reference_url https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3303
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-07T16:34:15Z/
url https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3303
6
reference_url http://www.openwall.com/lists/oss-security/2024/03/06/3
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-07T16:34:15Z/
url http://www.openwall.com/lists/oss-security/2024/03/06/3
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2268229
reference_id 2268229
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2268229
8
reference_url https://github.com/advisories/GHSA-478x-m3mx-7j3f
reference_id GHSA-478x-m3mx-7j3f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-478x-m3mx-7j3f
fixed_packages
0
url pkg:maven/org.jenkins-ci.plugins/htmlpublisher@1.32.1
purl pkg:maven/org.jenkins-ci.plugins/htmlpublisher@1.32.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/htmlpublisher@1.32.1
aliases CVE-2024-28151, GHSA-478x-m3mx-7j3f
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-117s-ujg4-cyfk
1
url VCID-6ubx-j66h-ykh5
vulnerability_id VCID-6ubx-j66h-ykh5
summary 
Jenkins HTML Publisher Plugin Stored XSS vulnerability
Jenkins HTML Publisher Plugin 1.32 and earlier does not escape job names, report names, and index page titles shown as part of the report frame, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28150.json
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28150.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28150
reference_id
reference_type
scores
0
value 0.00176
scoring_system epss
scoring_elements 0.39115
published_at 2026-04-13T12:55:00Z
1
value 0.00176
scoring_system epss
scoring_elements 0.39168
published_at 2026-04-04T12:55:00Z
2
value 0.00176
scoring_system epss
scoring_elements 0.39171
published_at 2026-04-11T12:55:00Z
3
value 0.00176
scoring_system epss
scoring_elements 0.39159
published_at 2026-04-09T12:55:00Z
4
value 0.00176
scoring_system epss
scoring_elements 0.39142
published_at 2026-04-08T12:55:00Z
5
value 0.00176
scoring_system epss
scoring_elements 0.39087
published_at 2026-04-07T12:55:00Z
6
value 0.00176
scoring_system epss
scoring_elements 0.39147
published_at 2026-04-02T12:55:00Z
7
value 0.00176
scoring_system epss
scoring_elements 0.39134
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28150
2
reference_url https://github.com/jenkinsci/htmlpublisher-plugin
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/htmlpublisher-plugin
3
reference_url https://github.com/jenkinsci/htmlpublisher-plugin/commit/c0eed940e65ea90f9b5ba21aa3d953546d5cd8ad
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/htmlpublisher-plugin/commit/c0eed940e65ea90f9b5ba21aa3d953546d5cd8ad
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-28150
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-28150
5
reference_url https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3302
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
1
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-07T16:28:03Z/
url https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3302
6
reference_url http://www.openwall.com/lists/oss-security/2024/03/06/3
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
1
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-07T16:28:03Z/
url http://www.openwall.com/lists/oss-security/2024/03/06/3
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2268228
reference_id 2268228
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2268228
8
reference_url https://github.com/advisories/GHSA-xrrw-9j78-hpf3
reference_id GHSA-xrrw-9j78-hpf3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xrrw-9j78-hpf3
fixed_packages
0
url pkg:maven/org.jenkins-ci.plugins/htmlpublisher@1.32.1
purl pkg:maven/org.jenkins-ci.plugins/htmlpublisher@1.32.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/htmlpublisher@1.32.1
aliases CVE-2024-28150, GHSA-xrrw-9j78-hpf3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ubx-j66h-ykh5
2
url VCID-s4j7-r6m7-tyey
vulnerability_id VCID-s4j7-r6m7-tyey
summary 
Jenkins HTML Publisher Plugin does not properly sanitize input
Jenkins HTML Publisher Plugin 1.16 through 1.32 (both inclusive) does not properly sanitize input, allowing attackers with Item/Configure permission to implement cross-site scripting (XSS) attacks and to determine whether a path on the Jenkins controller file system exists.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28149.json
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28149.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28149
reference_id
reference_type
scores
0
value 0.00133
scoring_system epss
scoring_elements 0.32896
published_at 2026-04-13T12:55:00Z
1
value 0.00133
scoring_system epss
scoring_elements 0.32922
published_at 2026-04-12T12:55:00Z
2
value 0.00133
scoring_system epss
scoring_elements 0.3296
published_at 2026-04-11T12:55:00Z
3
value 0.00133
scoring_system epss
scoring_elements 0.32957
published_at 2026-04-09T12:55:00Z
4
value 0.00133
scoring_system epss
scoring_elements 0.32927
published_at 2026-04-08T12:55:00Z
5
value 0.00133
scoring_system epss
scoring_elements 0.32881
published_at 2026-04-07T12:55:00Z
6
value 0.00133
scoring_system epss
scoring_elements 0.33051
published_at 2026-04-04T12:55:00Z
7
value 0.00133
scoring_system epss
scoring_elements 0.33018
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28149
2
reference_url https://github.com/jenkinsci/htmlpublisher-plugin
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/htmlpublisher-plugin
3
reference_url https://github.com/jenkinsci/htmlpublisher-plugin/commit/8bf2e2297a86ad50f7567fb953b2f8ec18b2891b
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/htmlpublisher-plugin/commit/8bf2e2297a86ad50f7567fb953b2f8ec18b2891b
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-28149
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-28149
5
reference_url https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-07T18:49:19Z/
url https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301
6
reference_url http://www.openwall.com/lists/oss-security/2024/03/06/3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-07T18:49:19Z/
url http://www.openwall.com/lists/oss-security/2024/03/06/3
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2268227
reference_id 2268227
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2268227
8
reference_url https://github.com/advisories/GHSA-8vcg-v7g4-3vr7
reference_id GHSA-8vcg-v7g4-3vr7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8vcg-v7g4-3vr7
9
reference_url https://access.redhat.com/errata/RHSA-2024:3634
reference_id RHSA-2024:3634
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3634
10
reference_url https://access.redhat.com/errata/RHSA-2024:3635
reference_id RHSA-2024:3635
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3635
11
reference_url https://access.redhat.com/errata/RHSA-2024:3636
reference_id RHSA-2024:3636
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3636
12
reference_url https://access.redhat.com/errata/RHSA-2024:4597
reference_id RHSA-2024:4597
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4597
fixed_packages
0
url pkg:maven/org.jenkins-ci.plugins/htmlpublisher@1.32.1
purl pkg:maven/org.jenkins-ci.plugins/htmlpublisher@1.32.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/htmlpublisher@1.32.1
aliases CVE-2024-28149, GHSA-8vcg-v7g4-3vr7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s4j7-r6m7-tyey
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/htmlpublisher@1.32.1