Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-qqqh-2rmp-zqaf

Summary multiple issues

Aliases

alias	CVE-2018-1999004

Fixed_packages

url	pkg:alpm/archlinux/jenkins@2.133-1
purl	pkg:alpm/archlinux/jenkins@2.133-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/jenkins@2.133-1

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.121.2

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.121.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jthe-rqfg-pqdv

vulnerability	VCID-kk6r-wvqb-hkgb

vulnerability	VCID-pjwp-nddk-1fc1

vulnerability	VCID-qget-rjgp-2uhd

vulnerability	VCID-vgjw-b4ca-tfeg

vulnerability	VCID-z7me-vtnk-3ydc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.121.2

url	pkg:maven/org.jenkins-ci.main/jenkins-core@2.133
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@2.133
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.133

Affected_packages

url pkg:alpm/archlinux/jenkins@2.132-1

purl pkg:alpm/archlinux/jenkins@2.132-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1nch-12z6-sfcs

vulnerability	VCID-8cdp-5da2-t7aa

vulnerability	VCID-jvsf-314a-efhq

vulnerability	VCID-jx39-jve4-6kfx

vulnerability	VCID-qqqh-2rmp-zqaf

vulnerability	VCID-unte-y6nw-eud2

vulnerability	VCID-xeue-btp7-1qd9

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/jenkins@2.132-1

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.121.1

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.121.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1nch-12z6-sfcs

vulnerability	VCID-8cdp-5da2-t7aa

vulnerability	VCID-jvsf-314a-efhq

vulnerability	VCID-jx39-jve4-6kfx

vulnerability	VCID-qqqh-2rmp-zqaf

vulnerability	VCID-unte-y6nw-eud2

vulnerability	VCID-xeue-btp7-1qd9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.121.1

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.122

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.122

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1nch-12z6-sfcs

vulnerability	VCID-8cdp-5da2-t7aa

vulnerability	VCID-jvsf-314a-efhq

vulnerability	VCID-qqqh-2rmp-zqaf

vulnerability	VCID-unte-y6nw-eud2

vulnerability	VCID-xeue-btp7-1qd9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.122

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.132

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.132

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1nch-12z6-sfcs

vulnerability	VCID-8cdp-5da2-t7aa

vulnerability	VCID-jvsf-314a-efhq

vulnerability	VCID-jx39-jve4-6kfx

vulnerability	VCID-qqqh-2rmp-zqaf

vulnerability	VCID-unte-y6nw-eud2

vulnerability	VCID-xeue-btp7-1qd9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.132

References

reference_url	https://jenkins.io/security/advisory/2018-07-18/#SECURITY-892
reference_id
reference_type
scores
url	https://jenkins.io/security/advisory/2018-07-18/#SECURITY-892

reference_url	https://security.archlinux.org/ASA-201807-14
reference_id	ASA-201807-14
reference_type
scores
url	https://security.archlinux.org/ASA-201807-14

reference_url

https://security.archlinux.org/AVG-738

reference_id

AVG-738

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-738

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-1999004
reference_id	CVE-2018-1999004
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-1999004

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	863
name	Incorrect Authorization
description	The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qqqh-2rmp-zqaf

Vulnerability Instance