Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-3vqh-anad-xqbt
Summary
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller JVM using specially crafted library names if a global Pipeline library is already configured.
Aliases
0
alias CVE-2022-25182
1
alias GHSA-7rcw-fwfh-2h2g
Fixed_packages
0
url pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@561.va_ce0de3c2d69
purl pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@561.va_ce0de3c2d69
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@561.va_ce0de3c2d69
Affected_packages
0
url pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@552.vd9cc05b8a2e1
purl pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@552.vd9cc05b8a2e1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3vqh-anad-xqbt
1
vulnerability VCID-a8d9-5365-qubn
2
vulnerability VCID-chux-mqkp-cfe5
3
vulnerability VCID-gv26-67cj-t3ae
4
vulnerability VCID-msed-m3xv-rkfg
5
vulnerability VCID-s2j3-7pfj-buav
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins.workflow/workflow-cps-global-lib@552.vd9cc05b8a2e1
1
url pkg:rpm/redhat/jenkins-2-plugins@3.11.1650371376-1?arch=el7
purl pkg:rpm/redhat/jenkins-2-plugins@3.11.1650371376-1?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3vqh-anad-xqbt
1
vulnerability VCID-41xr-8bvs-tucs
2
vulnerability VCID-a8d9-5365-qubn
3
vulnerability VCID-chux-mqkp-cfe5
4
vulnerability VCID-gv26-67cj-t3ae
5
vulnerability VCID-h57k-wsgx-4kbr
6
vulnerability VCID-hp27-w6wh-3ya6
7
vulnerability VCID-jj9c-e7k7-aqea
8
vulnerability VCID-m4y6-523t-v7ft
9
vulnerability VCID-msed-m3xv-rkfg
10
vulnerability VCID-s2j3-7pfj-buav
11
vulnerability VCID-x5nw-w14p-juas
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@3.11.1650371376-1%3Farch=el7
2
url pkg:rpm/redhat/jenkins-2-plugins@4.6.1650364520-1?arch=el8
purl pkg:rpm/redhat/jenkins-2-plugins@4.6.1650364520-1?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3vqh-anad-xqbt
1
vulnerability VCID-41xr-8bvs-tucs
2
vulnerability VCID-a8d9-5365-qubn
3
vulnerability VCID-chux-mqkp-cfe5
4
vulnerability VCID-gv26-67cj-t3ae
5
vulnerability VCID-h57k-wsgx-4kbr
6
vulnerability VCID-hp27-w6wh-3ya6
7
vulnerability VCID-jj9c-e7k7-aqea
8
vulnerability VCID-m4y6-523t-v7ft
9
vulnerability VCID-msed-m3xv-rkfg
10
vulnerability VCID-s2j3-7pfj-buav
11
vulnerability VCID-x5nw-w14p-juas
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.6.1650364520-1%3Farch=el8
3
url pkg:rpm/redhat/jenkins-2-plugins@4.7.1648800585-1?arch=el8
purl pkg:rpm/redhat/jenkins-2-plugins@4.7.1648800585-1?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3vqh-anad-xqbt
1
vulnerability VCID-41xr-8bvs-tucs
2
vulnerability VCID-a8d9-5365-qubn
3
vulnerability VCID-chux-mqkp-cfe5
4
vulnerability VCID-gv26-67cj-t3ae
5
vulnerability VCID-h57k-wsgx-4kbr
6
vulnerability VCID-hp27-w6wh-3ya6
7
vulnerability VCID-jj9c-e7k7-aqea
8
vulnerability VCID-m4y6-523t-v7ft
9
vulnerability VCID-msed-m3xv-rkfg
10
vulnerability VCID-s2j3-7pfj-buav
11
vulnerability VCID-x5nw-w14p-juas
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.7.1648800585-1%3Farch=el8
4
url pkg:rpm/redhat/jenkins-2-plugins@4.8.1646993358-1?arch=el8
purl pkg:rpm/redhat/jenkins-2-plugins@4.8.1646993358-1?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ftm-axhf-gbbd
1
vulnerability VCID-2jak-uh1e-zbfx
2
vulnerability VCID-3vqh-anad-xqbt
3
vulnerability VCID-41xr-8bvs-tucs
4
vulnerability VCID-a8d9-5365-qubn
5
vulnerability VCID-chux-mqkp-cfe5
6
vulnerability VCID-gv26-67cj-t3ae
7
vulnerability VCID-h57k-wsgx-4kbr
8
vulnerability VCID-hp27-w6wh-3ya6
9
vulnerability VCID-jj9c-e7k7-aqea
10
vulnerability VCID-m4y6-523t-v7ft
11
vulnerability VCID-msed-m3xv-rkfg
12
vulnerability VCID-s2j3-7pfj-buav
13
vulnerability VCID-x5nw-w14p-juas
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.8.1646993358-1%3Farch=el8
5
url pkg:rpm/redhat/jenkins-2-plugins@4.9.1647580879-1?arch=el8
purl pkg:rpm/redhat/jenkins-2-plugins@4.9.1647580879-1?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3vqh-anad-xqbt
1
vulnerability VCID-41xr-8bvs-tucs
2
vulnerability VCID-a8d9-5365-qubn
3
vulnerability VCID-chux-mqkp-cfe5
4
vulnerability VCID-gv26-67cj-t3ae
5
vulnerability VCID-h57k-wsgx-4kbr
6
vulnerability VCID-hp27-w6wh-3ya6
7
vulnerability VCID-jj9c-e7k7-aqea
8
vulnerability VCID-m4y6-523t-v7ft
9
vulnerability VCID-msed-m3xv-rkfg
10
vulnerability VCID-s2j3-7pfj-buav
11
vulnerability VCID-x5nw-w14p-juas
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.9.1647580879-1%3Farch=el8
6
url pkg:rpm/redhat/jenkins-2-plugins@4.10.1647505461-1?arch=el8
purl pkg:rpm/redhat/jenkins-2-plugins@4.10.1647505461-1?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3vqh-anad-xqbt
1
vulnerability VCID-41xr-8bvs-tucs
2
vulnerability VCID-a8d9-5365-qubn
3
vulnerability VCID-chux-mqkp-cfe5
4
vulnerability VCID-gv26-67cj-t3ae
5
vulnerability VCID-h57k-wsgx-4kbr
6
vulnerability VCID-hp27-w6wh-3ya6
7
vulnerability VCID-jj9c-e7k7-aqea
8
vulnerability VCID-m4y6-523t-v7ft
9
vulnerability VCID-msed-m3xv-rkfg
10
vulnerability VCID-s2j3-7pfj-buav
11
vulnerability VCID-x5nw-w14p-juas
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.10.1647505461-1%3Farch=el8
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25182.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25182.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25182
reference_id
reference_type
scores
0
value 0.00292
scoring_system epss
scoring_elements 0.52512
published_at 2026-05-07T12:55:00Z
1
value 0.00292
scoring_system epss
scoring_elements 0.52561
published_at 2026-04-13T12:55:00Z
2
value 0.00292
scoring_system epss
scoring_elements 0.52601
published_at 2026-04-16T12:55:00Z
3
value 0.00292
scoring_system epss
scoring_elements 0.52608
published_at 2026-04-18T12:55:00Z
4
value 0.00292
scoring_system epss
scoring_elements 0.52593
published_at 2026-04-21T12:55:00Z
5
value 0.00292
scoring_system epss
scoring_elements 0.52543
published_at 2026-04-24T12:55:00Z
6
value 0.00292
scoring_system epss
scoring_elements 0.52554
published_at 2026-04-26T12:55:00Z
7
value 0.00292
scoring_system epss
scoring_elements 0.52517
published_at 2026-04-29T12:55:00Z
8
value 0.00292
scoring_system epss
scoring_elements 0.52459
published_at 2026-05-05T12:55:00Z
9
value 0.00292
scoring_system epss
scoring_elements 0.52501
published_at 2026-04-02T12:55:00Z
10
value 0.00292
scoring_system epss
scoring_elements 0.52527
published_at 2026-04-04T12:55:00Z
11
value 0.00292
scoring_system epss
scoring_elements 0.52494
published_at 2026-04-07T12:55:00Z
12
value 0.00292
scoring_system epss
scoring_elements 0.52547
published_at 2026-04-08T12:55:00Z
13
value 0.00292
scoring_system epss
scoring_elements 0.52541
published_at 2026-04-09T12:55:00Z
14
value 0.00292
scoring_system epss
scoring_elements 0.52592
published_at 2026-04-11T12:55:00Z
15
value 0.00292
scoring_system epss
scoring_elements 0.52576
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25182
2
reference_url https://github.com/jenkinsci/workflow-cps-global-lib-plugin/commit/ace0de3c2d691662021ea10306eeb407da6b6365
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/workflow-cps-global-lib-plugin/commit/ace0de3c2d691662021ea10306eeb407da6b6365
3
reference_url https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2422
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-19T19:28:21Z/
url https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2422
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2055798
reference_id 2055798
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2055798
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25182
reference_id CVE-2022-25182
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25182
6
reference_url https://github.com/advisories/GHSA-7rcw-fwfh-2h2g
reference_id GHSA-7rcw-fwfh-2h2g
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7rcw-fwfh-2h2g
7
reference_url https://access.redhat.com/errata/RHSA-2022:0871
reference_id RHSA-2022:0871
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0871
8
reference_url https://access.redhat.com/errata/RHSA-2022:1021
reference_id RHSA-2022:1021
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1021
9
reference_url https://access.redhat.com/errata/RHSA-2022:1025
reference_id RHSA-2022:1025
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1025
10
reference_url https://access.redhat.com/errata/RHSA-2022:1248
reference_id RHSA-2022:1248
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1248
11
reference_url https://access.redhat.com/errata/RHSA-2022:1420
reference_id RHSA-2022:1420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1420
12
reference_url https://access.redhat.com/errata/RHSA-2022:1620
reference_id RHSA-2022:1620
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1620
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 78
name Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
description The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
3
cwe_id 693
name Protection Mechanism Failure
description The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
4
cwe_id 179
name Incorrect Behavior Order: Early Validation
description The product validates input before applying protection mechanisms that modify the input, which could allow an attacker to bypass the validation via dangerous inputs that only arise after the modification.
Exploits
Severity_range_score7.0 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-3vqh-anad-xqbt