Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-cqz5-3btv-3fbq
Summary
Server-Side Request Forgery (SSRF)
A server-side request forgery vulnerability exists in the Jenkins GitHub Plugin in `GitHubPluginConfig.java` that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
Aliases
0
alias CVE-2018-1000184
1
alias GHSA-gh85-mq87-r7v3
Fixed_packages
Affected_packages
0
url pkg:maven/com.coravy.hudson.plugins.github/github@0.1
purl pkg:maven/com.coravy.hudson.plugins.github/github@0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9h4k-xjx5-afc8
1
vulnerability VCID-cqz5-3btv-3fbq
2
vulnerability VCID-g6yv-hh51-mfak
3
vulnerability VCID-tkye-gc3b-n3c5
4
vulnerability VCID-zh7t-qc1z-6few
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.coravy.hudson.plugins.github/github@0.1
1
url pkg:maven/com.coravy.hudson.plugins.github/github@0.2
purl pkg:maven/com.coravy.hudson.plugins.github/github@0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9h4k-xjx5-afc8
1
vulnerability VCID-cqz5-3btv-3fbq
2
vulnerability VCID-g6yv-hh51-mfak
3
vulnerability VCID-tkye-gc3b-n3c5
4
vulnerability VCID-zh7t-qc1z-6few
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.coravy.hudson.plugins.github/github@0.2
2
url pkg:maven/com.coravy.hudson.plugins.github/github@1.29.0
purl pkg:maven/com.coravy.hudson.plugins.github/github@1.29.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cqz5-3btv-3fbq
1
vulnerability VCID-g6yv-hh51-mfak
2
vulnerability VCID-tkye-gc3b-n3c5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.coravy.hudson.plugins.github/github@1.29.0
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000184.json
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000184.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1000184
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.0876
published_at 2026-05-07T12:55:00Z
1
value 0.0003
scoring_system epss
scoring_elements 0.08618
published_at 2026-05-05T12:55:00Z
2
value 0.0003
scoring_system epss
scoring_elements 0.08684
published_at 2026-04-29T12:55:00Z
3
value 0.0003
scoring_system epss
scoring_elements 0.08681
published_at 2026-04-26T12:55:00Z
4
value 0.0003
scoring_system epss
scoring_elements 0.08727
published_at 2026-04-24T12:55:00Z
5
value 0.0003
scoring_system epss
scoring_elements 0.08714
published_at 2026-04-21T12:55:00Z
6
value 0.0003
scoring_system epss
scoring_elements 0.08559
published_at 2026-04-18T12:55:00Z
7
value 0.0003
scoring_system epss
scoring_elements 0.08622
published_at 2026-04-01T12:55:00Z
8
value 0.0003
scoring_system epss
scoring_elements 0.08571
published_at 2026-04-16T12:55:00Z
9
value 0.0003
scoring_system epss
scoring_elements 0.08683
published_at 2026-04-13T12:55:00Z
10
value 0.0003
scoring_system epss
scoring_elements 0.08649
published_at 2026-04-02T12:55:00Z
11
value 0.0003
scoring_system epss
scoring_elements 0.08721
published_at 2026-04-11T12:55:00Z
12
value 0.0003
scoring_system epss
scoring_elements 0.08698
published_at 2026-04-12T12:55:00Z
13
value 0.0003
scoring_system epss
scoring_elements 0.08696
published_at 2026-04-08T12:55:00Z
14
value 0.0003
scoring_system epss
scoring_elements 0.08621
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1000184
2
reference_url https://github.com/jenkinsci/github-plugin
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/github-plugin
3
reference_url https://github.com/jenkinsci/github-plugin/commit/9a20b7d74ec1bfa8afe260571485dec286b454a2
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/github-plugin/commit/9a20b7d74ec1bfa8afe260571485dec286b454a2
4
reference_url https://jenkins.io/security/advisory/2018-06-04/#SECURITY-799
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2018-06-04/#SECURITY-799
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1585989
reference_id 1585989
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1585989
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:github:*:*:*:*:*:jenkins:*:*
reference_id cpe:2.3:a:jenkins:github:*:*:*:*:*:jenkins:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:github:*:*:*:*:*:jenkins:*:*
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1000184
reference_id CVE-2018-1000184
reference_type
scores
0
value 5.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:N
1
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
2
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1000184
8
reference_url https://github.com/advisories/GHSA-gh85-mq87-r7v3
reference_id GHSA-gh85-mq87-r7v3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gh85-mq87-r7v3
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 918
name Server-Side Request Forgery (SSRF)
description The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-cqz5-3btv-3fbq