Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-rd74-3snq-7bhx
Summary
Exposure of Sensitive Information to an Unauthorized Actor
The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.
Aliases
0
alias CVE-2016-3086
1
alias GHSA-895m-ww55-59vw
Fixed_packages
0
url pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.6.5
purl pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.6.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a8xd-ukj7-tqbk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.6.5
1
url pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.7.3
purl pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-76cj-vggg-9bhe
1
vulnerability VCID-a8xd-ukj7-tqbk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.7.3
Affected_packages
0
url pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.6.0
purl pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a8xd-ukj7-tqbk
1
vulnerability VCID-rd74-3snq-7bhx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.6.0
1
url pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.6.1
purl pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a8xd-ukj7-tqbk
1
vulnerability VCID-rd74-3snq-7bhx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.6.1
2
url pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.6.2
purl pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a8xd-ukj7-tqbk
1
vulnerability VCID-rd74-3snq-7bhx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.6.2
3
url pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.6.3
purl pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a8xd-ukj7-tqbk
1
vulnerability VCID-rd74-3snq-7bhx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.6.3
4
url pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.6.4
purl pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.6.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a8xd-ukj7-tqbk
1
vulnerability VCID-rd74-3snq-7bhx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.6.4
5
url pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.7.0
purl pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a8xd-ukj7-tqbk
1
vulnerability VCID-rd74-3snq-7bhx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.7.0
6
url pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.7.1
purl pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a8xd-ukj7-tqbk
1
vulnerability VCID-rd74-3snq-7bhx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.7.1
7
url pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.7.2
purl pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a8xd-ukj7-tqbk
1
vulnerability VCID-rd74-3snq-7bhx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.7.2
References
0
reference_url http://mail-archives.apache.org/mod_mbox/hadoop-general/201701.mbox/%3C0ed32746-5a53-9051-5877-2b1abd88beb6%40apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://mail-archives.apache.org/mod_mbox/hadoop-general/201701.mbox/%3C0ed32746-5a53-9051-5877-2b1abd88beb6%40apache.org%3E
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-3086
reference_id
reference_type
scores
0
value 0.00428
scoring_system epss
scoring_elements 0.62476
published_at 2026-05-05T12:55:00Z
1
value 0.00428
scoring_system epss
scoring_elements 0.62514
published_at 2026-04-24T12:55:00Z
2
value 0.00428
scoring_system epss
scoring_elements 0.62521
published_at 2026-04-18T12:55:00Z
3
value 0.00428
scoring_system epss
scoring_elements 0.62504
published_at 2026-04-21T12:55:00Z
4
value 0.00428
scoring_system epss
scoring_elements 0.6253
published_at 2026-04-26T12:55:00Z
5
value 0.00428
scoring_system epss
scoring_elements 0.62527
published_at 2026-04-29T12:55:00Z
6
value 0.00428
scoring_system epss
scoring_elements 0.62364
published_at 2026-04-01T12:55:00Z
7
value 0.00428
scoring_system epss
scoring_elements 0.62422
published_at 2026-04-02T12:55:00Z
8
value 0.00428
scoring_system epss
scoring_elements 0.62453
published_at 2026-04-04T12:55:00Z
9
value 0.00428
scoring_system epss
scoring_elements 0.62419
published_at 2026-04-07T12:55:00Z
10
value 0.00428
scoring_system epss
scoring_elements 0.62471
published_at 2026-04-08T12:55:00Z
11
value 0.00428
scoring_system epss
scoring_elements 0.62486
published_at 2026-04-09T12:55:00Z
12
value 0.00428
scoring_system epss
scoring_elements 0.62506
published_at 2026-04-11T12:55:00Z
13
value 0.00428
scoring_system epss
scoring_elements 0.62495
published_at 2026-04-12T12:55:00Z
14
value 0.00428
scoring_system epss
scoring_elements 0.62472
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-3086
2
reference_url http://www.securityfocus.com/bid/95335
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/95335
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-3086
reference_id CVE-2016-3086
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-3086
4
reference_url https://github.com/advisories/GHSA-895m-ww55-59vw
reference_id GHSA-895m-ww55-59vw
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-895m-ww55-59vw
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 200
name Exposure of Sensitive Information to an Unauthorized Actor
description The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score9.0 - 10.0
Exploitability0.5
Weighted_severity9.0
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-rd74-3snq-7bhx