Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-f1hz-htp6-4kgb

Summary

Code Injection
`jmx-remoting.sar` in JBoss Remoting does not properly implement the JSR specification, which allows remote attackers to execute arbitrary code via unspecified vectors.

Aliases

alias	CVE-2014-3518

Fixed_packages

Affected_packages

url pkg:maven/org.jboss.jbossas/jboss-as-jmx-remoting@5.0.0.CR1

purl pkg:maven/org.jboss.jbossas/jboss-as-jmx-remoting@5.0.0.CR1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1hz-htp6-4kgb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.jbossas/jboss-as-jmx-remoting@5.0.0.CR1

url pkg:maven/org.jboss.jbossas/jboss-as-jmx-remoting@5.0.0.CR2

purl pkg:maven/org.jboss.jbossas/jboss-as-jmx-remoting@5.0.0.CR2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1hz-htp6-4kgb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.jbossas/jboss-as-jmx-remoting@5.0.0.CR2

url pkg:maven/org.jboss.jbossas/jboss-as-jmx-remoting@5.0.0.GA

purl pkg:maven/org.jboss.jbossas/jboss-as-jmx-remoting@5.0.0.GA

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1hz-htp6-4kgb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.jbossas/jboss-as-jmx-remoting@5.0.0.GA

url pkg:maven/org.jboss.jbossas/jboss-as-jmx-remoting@5.0.1.GA

purl pkg:maven/org.jboss.jbossas/jboss-as-jmx-remoting@5.0.1.GA

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1hz-htp6-4kgb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.jbossas/jboss-as-jmx-remoting@5.0.1.GA

url pkg:maven/org.jboss.jbossas/jboss-as-jmx-remoting@5.1.0.Beta1

purl pkg:maven/org.jboss.jbossas/jboss-as-jmx-remoting@5.1.0.Beta1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1hz-htp6-4kgb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.jbossas/jboss-as-jmx-remoting@5.1.0.Beta1

url pkg:maven/org.jboss.jbossas/jboss-as-jmx-remoting@5.1.0.CR1

purl pkg:maven/org.jboss.jbossas/jboss-as-jmx-remoting@5.1.0.CR1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1hz-htp6-4kgb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.jbossas/jboss-as-jmx-remoting@5.1.0.CR1

url pkg:maven/org.jboss.jbossas/jboss-as-jmx-remoting@5.1.0.GA

purl pkg:maven/org.jboss.jbossas/jboss-as-jmx-remoting@5.1.0.GA

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1hz-htp6-4kgb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.jbossas/jboss-as-jmx-remoting@5.1.0.GA

url pkg:maven/org.jboss.jbossas/jboss-as-jmx-remoting@6.0.0.M1

purl pkg:maven/org.jboss.jbossas/jboss-as-jmx-remoting@6.0.0.M1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1hz-htp6-4kgb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.jbossas/jboss-as-jmx-remoting@6.0.0.M1

url pkg:maven/org.jboss.jbossas/jboss-as-jmx-remoting@6.0.0.20100216-M2

purl pkg:maven/org.jboss.jbossas/jboss-as-jmx-remoting@6.0.0.20100216-M2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f1hz-htp6-4kgb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.jbossas/jboss-as-jmx-remoting@6.0.0.20100216-M2

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3518

reference_id

reference_type

scores

value	0.01658
scoring_system	epss
scoring_elements	0.82364
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3518

reference_url	https://bugzilla.redhat.com/CVE-2014-3518
reference_id	CVE-2014-3518
reference_type
scores
url	https://bugzilla.redhat.com/CVE-2014-3518

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	94
name	Improper Control of Generation of Code ('Code Injection')
description	The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Exploits

Severity_range_score null

Exploitability 0.5

Weighted_severity 0.0

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f1hz-htp6-4kgb

Vulnerability Instance