Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0
Typemaven
Namespaceorg.apache.jspwiki
Namejspwiki-war
Version2.11.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.11.2
Latest_non_vulnerable_version2.12.0
Affected_by_vulnerabilities
0
url VCID-r8n2-f2bj-fud3
vulnerability_id VCID-r8n2-f2bj-fud3
summary 
Cross-site Scripting
A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki, which could lead to session hijacking.
references
0
reference_url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10076
reference_id
reference_type
scores
url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10076
1
reference_url https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16@%3Ccommits.jspwiki.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16@%3Ccommits.jspwiki.apache.org%3E
2
reference_url http://www.openwall.com/lists/oss-security/2019/05/19/4
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2019/05/19/4
3
reference_url http://www.securityfocus.com/bid/108437
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/108437
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10076
reference_id CVE-2019-10076
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-10076
5
reference_url https://github.com/advisories/GHSA-cxx2-fp39-rf3r
reference_id GHSA-cxx2-fp39-rf3r
reference_type
scores
url https://github.com/advisories/GHSA-cxx2-fp39-rf3r
fixed_packages
aliases CVE-2019-10076, GHSA-cxx2-fp39-rf3r
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r8n2-f2bj-fud3
Fixing_vulnerabilities
0
url VCID-1ezw-t63q-zkgc
vulnerability_id VCID-1ezw-t63q-zkgc
summary 
Incorrect Default Permissions
Remote attackers may delete arbitrary files in a system hosting a JSPWiki instance by using a carefuly crafted http request on logout, given that those files are reachable to the user running the JSPWiki instance.
references
0
reference_url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2021-44140
reference_id
reference_type
scores
url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2021-44140
1
reference_url https://lists.apache.org/thread/5qglpjdhvobppx7j550lf1sk28f6011t
reference_id
reference_type
scores
url https://lists.apache.org/thread/5qglpjdhvobppx7j550lf1sk28f6011t
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-44140
reference_id CVE-2021-44140
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-44140
fixed_packages
0
url pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0
purl pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r8n2-f2bj-fud3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0
aliases CVE-2021-44140
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1ezw-t63q-zkgc
1
url VCID-br13-gj7e-fudc
vulnerability_id VCID-br13-gj7e-fudc
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Denounce plugin, which could allow the attacker to execute javascript in the victim's browser and retrieve sensitive information about the victim.
references
0
reference_url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2021-40369
reference_id
reference_type
scores
url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2021-40369
1
reference_url https://lists.apache.org/thread/r2j00nrnpjgcmoxvlv3pgfoq9kzrcsfh
reference_id
reference_type
scores
url https://lists.apache.org/thread/r2j00nrnpjgcmoxvlv3pgfoq9kzrcsfh
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-40369
reference_id CVE-2021-40369
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-40369
fixed_packages
0
url pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0
purl pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r8n2-f2bj-fud3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0
aliases CVE-2021-40369
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-br13-gj7e-fudc
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0