Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/json@1.7
Typegem
Namespace
Namejson
Version1.7
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-ebq1-gkhe-pua7
vulnerability_id VCID-ebq1-gkhe-pua7
summary 
Denial of Service and SQL Injection
This package allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka.
references
0
reference_url http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html
3
reference_url http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2013-0686.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0686.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2013-0701.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0701.html
6
reference_url http://rhn.redhat.com/errata/RHSA-2013-1028.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1028.html
7
reference_url http://rhn.redhat.com/errata/RHSA-2013-1147.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1147.html
8
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0269.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0269.json
9
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-0269
reference_id
reference_type
scores
0
value 0.17317
scoring_system epss
scoring_elements 0.9502
published_at 2026-04-02T12:55:00Z
1
value 0.17317
scoring_system epss
scoring_elements 0.95059
published_at 2026-04-21T12:55:00Z
2
value 0.17317
scoring_system epss
scoring_elements 0.95057
published_at 2026-04-18T12:55:00Z
3
value 0.17317
scoring_system epss
scoring_elements 0.95054
published_at 2026-04-16T12:55:00Z
4
value 0.17317
scoring_system epss
scoring_elements 0.95041
published_at 2026-04-11T12:55:00Z
5
value 0.17317
scoring_system epss
scoring_elements 0.95036
published_at 2026-04-09T12:55:00Z
6
value 0.17317
scoring_system epss
scoring_elements 0.95032
published_at 2026-04-08T12:55:00Z
7
value 0.17317
scoring_system epss
scoring_elements 0.95024
published_at 2026-04-07T12:55:00Z
8
value 0.17317
scoring_system epss
scoring_elements 0.95009
published_at 2026-04-01T12:55:00Z
9
value 0.17317
scoring_system epss
scoring_elements 0.95021
published_at 2026-04-04T12:55:00Z
10
value 0.17317
scoring_system epss
scoring_elements 0.95045
published_at 2026-04-13T12:55:00Z
11
value 0.17317
scoring_system epss
scoring_elements 0.95043
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-0269
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0269
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0269
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0269
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0269
12
reference_url http://secunia.com/advisories/52075
reference_id
reference_type
scores
url http://secunia.com/advisories/52075
13
reference_url http://secunia.com/advisories/52774
reference_id
reference_type
scores
url http://secunia.com/advisories/52774
14
reference_url http://secunia.com/advisories/52902
reference_id
reference_type
scores
url http://secunia.com/advisories/52902
15
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/82010
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/82010
16
reference_url https://github.com/flori/json
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/flori/json
17
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2013-0269.yml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json/CVE-2013-0269.yml
18
reference_url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_YvCpLzL58
reference_id
reference_type
scores
url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_YvCpLzL58
19
reference_url https://groups.google.com/group/rubyonrails-security/msg/d8e0db6e08c81428?dmode=source&output=gplain
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/d8e0db6e08c81428?dmode=source&output=gplain
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-0269
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-0269
21
reference_url http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed
reference_id
reference_type
scores
url http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed
22
reference_url https://puppet.com/security/cve/cve-2013-0269
reference_id
reference_type
scores
url https://puppet.com/security/cve/cve-2013-0269
23
reference_url https://web.archive.org/web/20130228082541/http://www.securityfocus.com/bid/57899
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20130228082541/http://www.securityfocus.com/bid/57899
24
reference_url https://web.archive.org/web/20160331131233/http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20160331131233/http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed
25
reference_url https://web.archive.org/web/20160808163226/https://puppet.com/security/cve/cve-2013-0269
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20160808163226/https://puppet.com/security/cve/cve-2013-0269
26
reference_url http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released
27
reference_url http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/
28
reference_url http://www.openwall.com/lists/oss-security/2013/02/11/7
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/02/11/7
29
reference_url http://www.openwall.com/lists/oss-security/2013/02/11/8
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/02/11/8
30
reference_url http://www.osvdb.org/90074
reference_id
reference_type
scores
url http://www.osvdb.org/90074
31
reference_url http://www.securityfocus.com/bid/57899
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/57899
32
reference_url http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862
33
reference_url http://www.ubuntu.com/usn/USN-1733-1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1733-1
34
reference_url http://www.zweitag.de/en/blog/ruby-on-rails-vulnerable-to-mass-assignment-and-sql-injection
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.zweitag.de/en/blog/ruby-on-rails-vulnerable-to-mass-assignment-and-sql-injection
35
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700436
reference_id 700436
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700436
36
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=909029
reference_id 909029
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=909029
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.5.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubygems:json_gem:1.5.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.5.0:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.5.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubygems:json_gem:1.5.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.5.1:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.5.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubygems:json_gem:1.5.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.5.2:*:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.5.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubygems:json_gem:1.5.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.5.3:*:*:*:*:*:*:*
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.5.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubygems:json_gem:1.5.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.5.4:*:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubygems:json_gem:1.6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.0:*:*:*:*:*:*:*
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubygems:json_gem:1.6.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.1:*:*:*:*:*:*:*
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubygems:json_gem:1.6.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.2:*:*:*:*:*:*:*
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubygems:json_gem:1.6.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.3:*:*:*:*:*:*:*
46
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubygems:json_gem:1.6.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.4:*:*:*:*:*:*:*
47
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubygems:json_gem:1.6.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.5:*:*:*:*:*:*:*
48
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubygems:json_gem:1.6.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.6:*:*:*:*:*:*:*
49
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubygems:json_gem:1.6.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.6.7:*:*:*:*:*:*:*
50
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubygems:json_gem:1.7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.7.0:*:*:*:*:*:*:*
51
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.7.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubygems:json_gem:1.7.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.7.1:*:*:*:*:*:*:*
52
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.7.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubygems:json_gem:1.7.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.7.2:*:*:*:*:*:*:*
53
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.7.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubygems:json_gem:1.7.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.7.3:*:*:*:*:*:*:*
54
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.7.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubygems:json_gem:1.7.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.7.4:*:*:*:*:*:*:*
55
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.7.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubygems:json_gem:1.7.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.7.5:*:*:*:*:*:*:*
56
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.7.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubygems:json_gem:1.7.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubygems:json_gem:1.7.6:*:*:*:*:*:*:*
57
reference_url https://github.com/advisories/GHSA-x457-cw4h-hq5f
reference_id GHSA-x457-cw4h-hq5f
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x457-cw4h-hq5f
58
reference_url https://security.gentoo.org/glsa/201412-27
reference_id GLSA-201412-27
reference_type
scores
url https://security.gentoo.org/glsa/201412-27
59
reference_url https://access.redhat.com/errata/RHSA-2013:0686
reference_id RHSA-2013:0686
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0686
60
reference_url https://access.redhat.com/errata/RHSA-2013:0701
reference_id RHSA-2013:0701
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0701
61
reference_url https://access.redhat.com/errata/RHSA-2013:1028
reference_id RHSA-2013:1028
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1028
62
reference_url https://access.redhat.com/errata/RHSA-2013:1147
reference_id RHSA-2013:1147
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1147
63
reference_url https://access.redhat.com/errata/RHSA-2013:1185
reference_id RHSA-2013:1185
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1185
64
reference_url https://usn.ubuntu.com/1733-1/
reference_id USN-1733-1
reference_type
scores
url https://usn.ubuntu.com/1733-1/
fixed_packages
0
url pkg:gem/json@1.7.7
purl pkg:gem/json@1.7.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d6tn-s1q2-a3hc
1
vulnerability VCID-ebq1-gkhe-pua7
2
vulnerability VCID-xghz-9k48-bqej
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/json@1.7.7
aliases CVE-2013-0269, GHSA-x457-cw4h-hq5f, OSV-101137
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ebq1-gkhe-pua7
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/json@1.7