Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.jenkins-ci.main/jenkins-core@1.480.1
Typemaven
Namespaceorg.jenkins-ci.main
Namejenkins-core
Version1.480.1
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.480.3
Latest_non_vulnerable_version2.551
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-3h13-18fc-uqbp
vulnerability_id VCID-3h13-18fc-uqbp
summary 
Jenkins allows Cross-Site Scripting (XSS)
Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via unspecified vectors.
references
0
reference_url https://access.redhat.com/errata/RHSA-2013:0220
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0220
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=890612
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=890612
2
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
url https://github.com/jenkinsci/jenkins
3
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
reference_id
reference_type
scores
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
4
reference_url https://access.redhat.com/security/cve/CVE-2012-6074
reference_id CVE-2012-6074
reference_type
scores
url https://access.redhat.com/security/cve/CVE-2012-6074
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-6074
reference_id CVE-2012-6074
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2012-6074
6
reference_url https://github.com/advisories/GHSA-9hr6-5x6g-gg5g
reference_id GHSA-9hr6-5x6g-gg5g
reference_type
scores
url https://github.com/advisories/GHSA-9hr6-5x6g-gg5g
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@1.480.1
purl pkg:maven/org.jenkins-ci.main/jenkins-core@1.480.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.480.1
1
url pkg:maven/org.jenkins-ci.main/jenkins-core@1.491
purl pkg:maven/org.jenkins-ci.main/jenkins-core@1.491
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.491
aliases CVE-2012-6074, GHSA-9hr6-5x6g-gg5g
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3h13-18fc-uqbp
1
url VCID-f51s-qcpy-bbfw
vulnerability_id VCID-f51s-qcpy-bbfw
summary 
Jenkins allows HTTP Injection and Response Splitting
CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=890607
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=890607
1
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
url https://github.com/jenkinsci/jenkins
2
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
reference_id
reference_type
scores
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-6072
reference_id CVE-2012-6072
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2012-6072
4
reference_url https://github.com/advisories/GHSA-2q8v-qx2x-hxjx
reference_id GHSA-2q8v-qx2x-hxjx
reference_type
scores
url https://github.com/advisories/GHSA-2q8v-qx2x-hxjx
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@1.480.1
purl pkg:maven/org.jenkins-ci.main/jenkins-core@1.480.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.480.1
1
url pkg:maven/org.jenkins-ci.main/jenkins-core@1.491
purl pkg:maven/org.jenkins-ci.main/jenkins-core@1.491
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.491
aliases CVE-2012-6072, GHSA-2q8v-qx2x-hxjx
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f51s-qcpy-bbfw
2
url VCID-mdu9-gpvt-6bca
vulnerability_id VCID-mdu9-gpvt-6bca
summary 
Jenkins affected by Open Redirect Vulnerability
Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=890608
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=890608
1
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
url https://github.com/jenkinsci/jenkins
2
reference_url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
reference_id
reference_type
scores
url https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-6073
reference_id CVE-2012-6073
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2012-6073
4
reference_url https://github.com/advisories/GHSA-mqgf-4rw4-2cq2
reference_id GHSA-mqgf-4rw4-2cq2
reference_type
scores
url https://github.com/advisories/GHSA-mqgf-4rw4-2cq2
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@1.480.1
purl pkg:maven/org.jenkins-ci.main/jenkins-core@1.480.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.480.1
1
url pkg:maven/org.jenkins-ci.main/jenkins-core@1.491
purl pkg:maven/org.jenkins-ci.main/jenkins-core@1.491
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.491
aliases CVE-2012-6073, GHSA-mqgf-4rw4-2cq2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mdu9-gpvt-6bca
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@1.480.1