Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.wildfly.core/wildfly-server@6.0.0.Alpha2

Type maven

Namespace org.wildfly.core

Name wildfly-server

Version 6.0.0.Alpha2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 6.0.0.Alpha3

Latest_non_vulnerable_version 28.0.0.Beta2

Affected_by_vulnerabilities

url VCID-u3cg-2enp-4ba8

vulnerability_id VCID-u3cg-2enp-4ba8

summary

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.

references

reference_url

https://access.redhat.com/errata/RHSA-2018:2276

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:2276

reference_url

https://access.redhat.com/errata/RHSA-2018:2277

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:2277

reference_url

https://access.redhat.com/errata/RHSA-2018:2279

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:2279

reference_url

https://access.redhat.com/errata/RHSA-2018:2423

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:2423

reference_url

https://access.redhat.com/errata/RHSA-2018:2424

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:2424

reference_url

https://access.redhat.com/errata/RHSA-2018:2425

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:2425

reference_url

https://access.redhat.com/errata/RHSA-2018:2428

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:2428

reference_url

https://access.redhat.com/errata/RHSA-2018:2643

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:2643

reference_url

https://access.redhat.com/errata/RHSA-2019:0877

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:0877

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10862.json

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10862.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-10862

reference_id

reference_type

scores

value	0.00297
scoring_system	epss
scoring_elements	0.53414
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-10862

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10862

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10862

reference_url	https://github.com/wildfly/wildfly-core/commit/40996ae6d5d3b6c1602a15f96b86a8d8a39b53eb
reference_id
reference_type
scores
url	https://github.com/wildfly/wildfly-core/commit/40996ae6d5d3b6c1602a15f96b86a8d8a39b53eb

reference_url

https://snyk.io/research/zip-slip-vulnerability

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/research/zip-slip-vulnerability

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1593527
reference_id	1593527
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1593527

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-10862

reference_id

CVE-2018-10862

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-10862

reference_url	https://github.com/advisories/GHSA-w8r2-5j8x-x8j6
reference_id	GHSA-w8r2-5j8x-x8j6
reference_type
scores
url	https://github.com/advisories/GHSA-w8r2-5j8x-x8j6

reference_url	https://access.redhat.com/errata/RHSA-2020:2321
reference_id	RHSA-2020:2321
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2321

reference_url	https://access.redhat.com/errata/RHSA-2020:2562
reference_id	RHSA-2020:2562
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2562

fixed_packages

url	pkg:maven/org.wildfly.core/wildfly-server@6.0.0.Alpha3
purl	pkg:maven/org.wildfly.core/wildfly-server@6.0.0.Alpha3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.wildfly.core/wildfly-server@6.0.0.Alpha3

aliases CVE-2018-10862, GHSA-w8r2-5j8x-x8j6

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u3cg-2enp-4ba8

Fixing_vulnerabilities

Risk_score 3.4

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.wildfly.core/wildfly-server@6.0.0.Alpha2

Package Instance