Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.jvnet.hudson.plugins/android-lint@2.5

Type maven

Namespace org.jvnet.hudson.plugins

Name android-lint

Version 2.5

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.6

Latest_non_vulnerable_version 2.6

Affected_by_vulnerabilities

url VCID-79a7-zsgp-ubap

vulnerability_id VCID-79a7-zsgp-ubap

summary

Server-Side Request Forgery (SSRF)
Jenkins Android Lint Plugin 2.5 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.

references

reference_url	https://jenkins.io/security/advisory/2018-02-05/
reference_id
reference_type
scores
url	https://jenkins.io/security/advisory/2018-02-05/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-1000055
reference_id	CVE-2018-1000055
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-1000055

reference_url	https://github.com/advisories/GHSA-3vcx-w94h-68vg
reference_id	GHSA-3vcx-w94h-68vg
reference_type
scores
url	https://github.com/advisories/GHSA-3vcx-w94h-68vg

fixed_packages

url	pkg:maven/org.jvnet.hudson.plugins/android-lint@2.6
purl	pkg:maven/org.jvnet.hudson.plugins/android-lint@2.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jvnet.hudson.plugins/android-lint@2.6

aliases CVE-2018-1000055, GHSA-3vcx-w94h-68vg

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-79a7-zsgp-ubap

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jvnet.hudson.plugins/android-lint@2.5

Package Instance