Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-eqhq-vd75-1fgb
Summary
Uncontrolled Resource Consumption
The decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x through 10.1.4 and 10.0.x through 10.0.13 allow remote attackers to cause a denial of service (memory consumption and daemon crash) via a ZIP bomb.
Aliases
0
alias CVE-2018-16131
1
alias GHSA-9qgc-p27w-3hjg
Fixed_packages
0
url pkg:maven/com.typesafe.akka/akka-http-core_2.11@10.1.4
purl pkg:maven/com.typesafe.akka/akka-http-core_2.11@10.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5781-s1ny-q7ey
1
vulnerability VCID-w7g1-y7u7-z3fg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.akka/akka-http-core_2.11@10.1.4
1
url pkg:maven/com.typesafe.akka/akka-http-core_2.12@10.1.4
purl pkg:maven/com.typesafe.akka/akka-http-core_2.12@10.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5781-s1ny-q7ey
1
vulnerability VCID-w7g1-y7u7-z3fg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.akka/akka-http-core_2.12@10.1.4
Affected_packages
0
url pkg:maven/com.typesafe.akka/akka-http-core_2.11@10.1.0
purl pkg:maven/com.typesafe.akka/akka-http-core_2.11@10.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5781-s1ny-q7ey
1
vulnerability VCID-eqhq-vd75-1fgb
2
vulnerability VCID-w7g1-y7u7-z3fg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.akka/akka-http-core_2.11@10.1.0
1
url pkg:maven/com.typesafe.akka/akka-http-core_2.11@10.1.1
purl pkg:maven/com.typesafe.akka/akka-http-core_2.11@10.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5781-s1ny-q7ey
1
vulnerability VCID-eqhq-vd75-1fgb
2
vulnerability VCID-w7g1-y7u7-z3fg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.akka/akka-http-core_2.11@10.1.1
2
url pkg:maven/com.typesafe.akka/akka-http-core_2.11@10.1.2
purl pkg:maven/com.typesafe.akka/akka-http-core_2.11@10.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5781-s1ny-q7ey
1
vulnerability VCID-eqhq-vd75-1fgb
2
vulnerability VCID-w7g1-y7u7-z3fg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.akka/akka-http-core_2.11@10.1.2
3
url pkg:maven/com.typesafe.akka/akka-http-core_2.11@10.1.3
purl pkg:maven/com.typesafe.akka/akka-http-core_2.11@10.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5781-s1ny-q7ey
1
vulnerability VCID-eqhq-vd75-1fgb
2
vulnerability VCID-w7g1-y7u7-z3fg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.akka/akka-http-core_2.11@10.1.3
4
url pkg:maven/com.typesafe.akka/akka-http-core_2.12@10.1.0
purl pkg:maven/com.typesafe.akka/akka-http-core_2.12@10.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5781-s1ny-q7ey
1
vulnerability VCID-eqhq-vd75-1fgb
2
vulnerability VCID-w7g1-y7u7-z3fg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.akka/akka-http-core_2.12@10.1.0
5
url pkg:maven/com.typesafe.akka/akka-http-core_2.12@10.1.1
purl pkg:maven/com.typesafe.akka/akka-http-core_2.12@10.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5781-s1ny-q7ey
1
vulnerability VCID-eqhq-vd75-1fgb
2
vulnerability VCID-w7g1-y7u7-z3fg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.akka/akka-http-core_2.12@10.1.1
6
url pkg:maven/com.typesafe.akka/akka-http-core_2.12@10.1.2
purl pkg:maven/com.typesafe.akka/akka-http-core_2.12@10.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5781-s1ny-q7ey
1
vulnerability VCID-eqhq-vd75-1fgb
2
vulnerability VCID-w7g1-y7u7-z3fg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.akka/akka-http-core_2.12@10.1.2
7
url pkg:maven/com.typesafe.akka/akka-http-core_2.12@10.1.3
purl pkg:maven/com.typesafe.akka/akka-http-core_2.12@10.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5781-s1ny-q7ey
1
vulnerability VCID-eqhq-vd75-1fgb
2
vulnerability VCID-w7g1-y7u7-z3fg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.akka/akka-http-core_2.12@10.1.3
References
0
reference_url https://akka.io/blog/news/2018/08/30/akka-http-dos-vulnerability-found
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://akka.io/blog/news/2018/08/30/akka-http-dos-vulnerability-found
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-16131
reference_id
reference_type
scores
0
value 0.01343
scoring_system epss
scoring_elements 0.8022
published_at 2026-05-14T12:55:00Z
1
value 0.01343
scoring_system epss
scoring_elements 0.80038
published_at 2026-04-13T12:55:00Z
2
value 0.01343
scoring_system epss
scoring_elements 0.80066
published_at 2026-04-18T12:55:00Z
3
value 0.01343
scoring_system epss
scoring_elements 0.80067
published_at 2026-04-21T12:55:00Z
4
value 0.01343
scoring_system epss
scoring_elements 0.80095
published_at 2026-04-24T12:55:00Z
5
value 0.01343
scoring_system epss
scoring_elements 0.801
published_at 2026-04-26T12:55:00Z
6
value 0.01343
scoring_system epss
scoring_elements 0.80116
published_at 2026-04-29T12:55:00Z
7
value 0.01343
scoring_system epss
scoring_elements 0.80129
published_at 2026-05-05T12:55:00Z
8
value 0.01343
scoring_system epss
scoring_elements 0.80151
published_at 2026-05-07T12:55:00Z
9
value 0.01343
scoring_system epss
scoring_elements 0.80166
published_at 2026-05-09T12:55:00Z
10
value 0.01343
scoring_system epss
scoring_elements 0.80164
published_at 2026-05-11T12:55:00Z
11
value 0.01343
scoring_system epss
scoring_elements 0.80179
published_at 2026-05-12T12:55:00Z
12
value 0.01343
scoring_system epss
scoring_elements 0.79986
published_at 2026-04-01T12:55:00Z
13
value 0.01343
scoring_system epss
scoring_elements 0.79994
published_at 2026-04-02T12:55:00Z
14
value 0.01343
scoring_system epss
scoring_elements 0.80016
published_at 2026-04-04T12:55:00Z
15
value 0.01343
scoring_system epss
scoring_elements 0.80006
published_at 2026-04-07T12:55:00Z
16
value 0.01343
scoring_system epss
scoring_elements 0.80034
published_at 2026-04-08T12:55:00Z
17
value 0.01343
scoring_system epss
scoring_elements 0.80043
published_at 2026-04-09T12:55:00Z
18
value 0.01343
scoring_system epss
scoring_elements 0.80063
published_at 2026-04-11T12:55:00Z
19
value 0.01343
scoring_system epss
scoring_elements 0.80047
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-16131
2
reference_url https://doc.akka.io/docs/akka-http/current/security/2018-09-05-denial-of-service-via-decodeRequest.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://doc.akka.io/docs/akka-http/current/security/2018-09-05-denial-of-service-via-decodeRequest.html
3
reference_url https://github.com/akka/akka-http/issues/2137
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/akka/akka-http/issues/2137
4
reference_url https://groups.google.com/forum/#!topic/akka-security/Dj7INsYWdjg
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/akka-security/Dj7INsYWdjg
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-16131
reference_id CVE-2018-16131
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-16131
6
reference_url https://github.com/advisories/GHSA-9qgc-p27w-3hjg
reference_id GHSA-9qgc-p27w-3hjg
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-9qgc-p27w-3hjg
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 400
name Uncontrolled Resource Consumption
description The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score7.0 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-eqhq-vd75-1fgb