Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-98jn-63fg-vuhd

Summary

Use of Insufficiently Random Values
In OPC Foundation OPC UA .NET Standard codebase, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua, which allows man in the middle attackers to reuse encrypted user credentials sent over the network.

Aliases

alias	CVE-2019-19135

alias	GHSA-pq4w-qm9g-qx68

Fixed_packages

url	pkg:maven/org.eclipse.milo/sdk-client@0.3.5
purl	pkg:maven/org.eclipse.milo/sdk-client@0.3.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.milo/sdk-client@0.3.5

url	pkg:maven/org.eclipse.milo/sdk-client@0.3.6
purl	pkg:maven/org.eclipse.milo/sdk-client@0.3.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.milo/sdk-client@0.3.6

url pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.359.31

purl pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.359.31

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1exs-awmh-nbez

vulnerability	VCID-2f8t-4xa9-ayaj

vulnerability	VCID-71es-vtau-57b8

vulnerability	VCID-f2ss-ztg4-nygp

vulnerability	VCID-fyhy-1rbr-r7de

vulnerability	VCID-jnkn-t16x-3ff3

vulnerability	VCID-sgqs-dkjr-2kcs

vulnerability	VCID-ut2d-vur4-w3f4

vulnerability	VCID-vesb-ny5q-sbcq

vulnerability	VCID-xv31-z8pr-q3hw

vulnerability	VCID-ydrm-wgj9-eqa8

vulnerability	VCID-yufa-vfdn-ffdh

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.359.31

Affected_packages

url pkg:maven/org.eclipse.milo/sdk-client@0.1.0

purl pkg:maven/org.eclipse.milo/sdk-client@0.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-98jn-63fg-vuhd

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.milo/sdk-client@0.1.0

url pkg:maven/org.eclipse.milo/sdk-client@0.1.1

purl pkg:maven/org.eclipse.milo/sdk-client@0.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-98jn-63fg-vuhd

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.milo/sdk-client@0.1.1

url pkg:maven/org.eclipse.milo/sdk-client@0.1.2

purl pkg:maven/org.eclipse.milo/sdk-client@0.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-98jn-63fg-vuhd

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.milo/sdk-client@0.1.2

url pkg:maven/org.eclipse.milo/sdk-client@0.1.3

purl pkg:maven/org.eclipse.milo/sdk-client@0.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-98jn-63fg-vuhd

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.milo/sdk-client@0.1.3

url pkg:maven/org.eclipse.milo/sdk-client@0.1.4

purl pkg:maven/org.eclipse.milo/sdk-client@0.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-98jn-63fg-vuhd

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.milo/sdk-client@0.1.4

url pkg:maven/org.eclipse.milo/sdk-client@0.1.5

purl pkg:maven/org.eclipse.milo/sdk-client@0.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-98jn-63fg-vuhd

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.milo/sdk-client@0.1.5

url pkg:maven/org.eclipse.milo/sdk-client@0.1.6

purl pkg:maven/org.eclipse.milo/sdk-client@0.1.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-98jn-63fg-vuhd

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.milo/sdk-client@0.1.6

url pkg:maven/org.eclipse.milo/sdk-client@0.2.0

purl pkg:maven/org.eclipse.milo/sdk-client@0.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-98jn-63fg-vuhd

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.milo/sdk-client@0.2.0

url pkg:maven/org.eclipse.milo/sdk-client@0.2.1

purl pkg:maven/org.eclipse.milo/sdk-client@0.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-98jn-63fg-vuhd

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.milo/sdk-client@0.2.1

url pkg:maven/org.eclipse.milo/sdk-client@0.2.2

purl pkg:maven/org.eclipse.milo/sdk-client@0.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-98jn-63fg-vuhd

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.milo/sdk-client@0.2.2

url pkg:maven/org.eclipse.milo/sdk-client@0.2.3

purl pkg:maven/org.eclipse.milo/sdk-client@0.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-98jn-63fg-vuhd

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.milo/sdk-client@0.2.3

url pkg:maven/org.eclipse.milo/sdk-client@0.2.4

purl pkg:maven/org.eclipse.milo/sdk-client@0.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-98jn-63fg-vuhd

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.milo/sdk-client@0.2.4

url pkg:maven/org.eclipse.milo/sdk-client@0.2.5

purl pkg:maven/org.eclipse.milo/sdk-client@0.2.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-98jn-63fg-vuhd

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.milo/sdk-client@0.2.5

url pkg:maven/org.eclipse.milo/sdk-client@0.3.0-M1

purl pkg:maven/org.eclipse.milo/sdk-client@0.3.0-M1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-98jn-63fg-vuhd

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.milo/sdk-client@0.3.0-M1

url pkg:maven/org.eclipse.milo/sdk-client@0.3.0

purl pkg:maven/org.eclipse.milo/sdk-client@0.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-98jn-63fg-vuhd

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.milo/sdk-client@0.3.0

url pkg:maven/org.eclipse.milo/sdk-client@0.3.1-M1

purl pkg:maven/org.eclipse.milo/sdk-client@0.3.1-M1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-98jn-63fg-vuhd

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.milo/sdk-client@0.3.1-M1

url pkg:maven/org.eclipse.milo/sdk-client@0.3.1

purl pkg:maven/org.eclipse.milo/sdk-client@0.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-98jn-63fg-vuhd

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.milo/sdk-client@0.3.1

url pkg:maven/org.eclipse.milo/sdk-client@0.3.2-M1

purl pkg:maven/org.eclipse.milo/sdk-client@0.3.2-M1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-98jn-63fg-vuhd

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.milo/sdk-client@0.3.2-M1

url pkg:maven/org.eclipse.milo/sdk-client@0.3.2

purl pkg:maven/org.eclipse.milo/sdk-client@0.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-98jn-63fg-vuhd

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.milo/sdk-client@0.3.2

url pkg:maven/org.eclipse.milo/sdk-client@0.3.3-RC1

purl pkg:maven/org.eclipse.milo/sdk-client@0.3.3-RC1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-98jn-63fg-vuhd

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.milo/sdk-client@0.3.3-RC1

url pkg:maven/org.eclipse.milo/sdk-client@0.3.3-RC2

purl pkg:maven/org.eclipse.milo/sdk-client@0.3.3-RC2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-98jn-63fg-vuhd

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.milo/sdk-client@0.3.3-RC2

url pkg:maven/org.eclipse.milo/sdk-client@0.3.3-RC3

purl pkg:maven/org.eclipse.milo/sdk-client@0.3.3-RC3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-98jn-63fg-vuhd

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.milo/sdk-client@0.3.3-RC3

url pkg:maven/org.eclipse.milo/sdk-client@0.3.3

purl pkg:maven/org.eclipse.milo/sdk-client@0.3.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-98jn-63fg-vuhd

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.milo/sdk-client@0.3.3

url pkg:maven/org.eclipse.milo/sdk-client@0.3.4

purl pkg:maven/org.eclipse.milo/sdk-client@0.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-98jn-63fg-vuhd

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.milo/sdk-client@0.3.4

url pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.357.28

purl pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.357.28

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1exs-awmh-nbez

vulnerability	VCID-2f8t-4xa9-ayaj

vulnerability	VCID-71es-vtau-57b8

vulnerability	VCID-84b4-yk12-43cs

vulnerability	VCID-98jn-63fg-vuhd

vulnerability	VCID-f2ss-ztg4-nygp

vulnerability	VCID-fyhy-1rbr-r7de

vulnerability	VCID-jnkn-t16x-3ff3

vulnerability	VCID-sgqs-dkjr-2kcs

vulnerability	VCID-ut2d-vur4-w3f4

vulnerability	VCID-vesb-ny5q-sbcq

vulnerability	VCID-xv31-z8pr-q3hw

vulnerability	VCID-ydrm-wgj9-eqa8

vulnerability	VCID-yufa-vfdn-ffdh

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.357.28

url pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.358.29-preview

purl pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.358.29-preview

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1exs-awmh-nbez

vulnerability	VCID-2f8t-4xa9-ayaj

vulnerability	VCID-71es-vtau-57b8

vulnerability	VCID-84b4-yk12-43cs

vulnerability	VCID-98jn-63fg-vuhd

vulnerability	VCID-f2ss-ztg4-nygp

vulnerability	VCID-fyhy-1rbr-r7de

vulnerability	VCID-jnkn-t16x-3ff3

vulnerability	VCID-sgqs-dkjr-2kcs

vulnerability	VCID-ut2d-vur4-w3f4

vulnerability	VCID-vesb-ny5q-sbcq

vulnerability	VCID-xv31-z8pr-q3hw

vulnerability	VCID-ydrm-wgj9-eqa8

vulnerability	VCID-yufa-vfdn-ffdh

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.358.29-preview

url pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.358.30

purl pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.358.30

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1exs-awmh-nbez

vulnerability	VCID-2f8t-4xa9-ayaj

vulnerability	VCID-71es-vtau-57b8

vulnerability	VCID-84b4-yk12-43cs

vulnerability	VCID-98jn-63fg-vuhd

vulnerability	VCID-f2ss-ztg4-nygp

vulnerability	VCID-fyhy-1rbr-r7de

vulnerability	VCID-jnkn-t16x-3ff3

vulnerability	VCID-sgqs-dkjr-2kcs

vulnerability	VCID-ut2d-vur4-w3f4

vulnerability	VCID-vesb-ny5q-sbcq

vulnerability	VCID-xv31-z8pr-q3hw

vulnerability	VCID-ydrm-wgj9-eqa8

vulnerability	VCID-yufa-vfdn-ffdh

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.358.30

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-19135

reference_id

reference_type

scores

value	0.00264
scoring_system	epss
scoring_elements	0.50011
published_at	2026-06-05T12:55:00Z

value	0.00264
scoring_system	epss
scoring_elements	0.4995
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-19135

reference_url

https://github.com/eclipse/milo/commit/cac0e710bf2b8bed9c602fc597e9de1d8903abed

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/eclipse/milo/commit/cac0e710bf2b8bed9c602fc597e9de1d8903abed

reference_url

https://opcfoundation.org/security-bulletins

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://opcfoundation.org/security-bulletins

reference_url	https://opcfoundation.org/security-bulletins/
reference_id
reference_type
scores
url	https://opcfoundation.org/security-bulletins/

reference_url

https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-19135

reference_id

CVE-2019-19135

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-19135

reference_url

https://github.com/advisories/GHSA-pq4w-qm9g-qx68

reference_id

GHSA-pq4w-qm9g-qx68

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pq4w-qm9g-qx68

reference_url

https://github.com/eclipse/milo/security/advisories/GHSA-pq4w-qm9g-qx68

reference_id

GHSA-pq4w-qm9g-qx68

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/eclipse/milo/security/advisories/GHSA-pq4w-qm9g-qx68

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	330
name	Use of Insufficiently Random Values
description	The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	522
name	Insufficiently Protected Credentials
description	The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-98jn-63fg-vuhd

Vulnerability Instance