Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:nuget/Microsoft.AspNetCore.All@1.0.0
Typenuget
Namespace
NameMicrosoft.AspNetCore.All
Version1.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.0.0-preview1-final
Latest_non_vulnerable_version5.0.9
Affected_by_vulnerabilities
0
url VCID-1ur7-5ks2-7qcp
vulnerability_id VCID-1ur7-5ks2-7qcp
summary 
Weak Password Recovery Mechanism for Forgotten Password
ASP.NET Core allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability".
references
0
reference_url https://github.com/aspnet/Announcements/issues/295
reference_id
reference_type
scores
url https://github.com/aspnet/Announcements/issues/295
1
reference_url http://www.securityfocus.com/bid/103282
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/103282
2
reference_url http://www.securitytracker.com/id/1040525
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1040525
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-0787
reference_id CVE-2018-0787
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-0787
4
reference_url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0787
reference_id CVE-2018-0787
reference_type
scores
url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0787
5
reference_url https://github.com/advisories/GHSA-365p-96qv-xr7g
reference_id GHSA-365p-96qv-xr7g
reference_type
scores
url https://github.com/advisories/GHSA-365p-96qv-xr7g
fixed_packages
0
url pkg:nuget/Microsoft.AspNetCore.All@2.0.3
purl pkg:nuget/Microsoft.AspNetCore.All@2.0.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.0.3
aliases CVE-2018-0787, GHSA-365p-96qv-xr7g
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1ur7-5ks2-7qcp
1
url VCID-8g89-1cr9-gbc6
vulnerability_id VCID-8g89-1cr9-gbc6
summary 
Uncontrolled Resource Consumption
.NET Core, .NET Core, NET Core and PowerShell Core allow a denial of Service vulnerability due to how specially crafted requests are handled, aka ".NET Core Denial of Service Vulnerability".
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:0522
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:0522
1
reference_url https://github.com/dotnet/announcements/issues/62
reference_id
reference_type
scores
url https://github.com/dotnet/announcements/issues/62
2
reference_url http://www.securityfocus.com/bid/103225
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/103225
3
reference_url http://www.securitytracker.com/id/1040505
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1040505
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-0875
reference_id CVE-2018-0875
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-0875
5
reference_url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0875
reference_id CVE-2018-0875
reference_type
scores
url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0875
6
reference_url https://github.com/advisories/GHSA-xcvr-qv8h-m7xw
reference_id GHSA-xcvr-qv8h-m7xw
reference_type
scores
url https://github.com/advisories/GHSA-xcvr-qv8h-m7xw
fixed_packages
0
url pkg:nuget/Microsoft.AspNetCore.All@2.0.0-preview1-final
purl pkg:nuget/Microsoft.AspNetCore.All@2.0.0-preview1-final
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.0.0-preview1-final
1
url pkg:nuget/Microsoft.AspNetCore.All@2.0.3
purl pkg:nuget/Microsoft.AspNetCore.All@2.0.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.0.3
aliases CVE-2018-0875, GHSA-xcvr-qv8h-m7xw
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8g89-1cr9-gbc6
2
url VCID-dw22-bazh-4qa9
vulnerability_id VCID-dw22-bazh-4qa9
summary Microsoft Security Advisory CVE-2018-8292: .NET Core Information Disclosure Vulnerability
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2902
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2902
1
reference_url https://github.com/dotnet/announcements/issues/88
reference_id
reference_type
scores
url https://github.com/dotnet/announcements/issues/88
2
reference_url http://www.securityfocus.com/bid/105548
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/105548
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-8292
reference_id CVE-2018-8292
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-8292
4
reference_url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8292
reference_id CVE-2018-8292
reference_type
scores
url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8292
fixed_packages
0
url pkg:nuget/Microsoft.AspNetCore.All@2.1.1
purl pkg:nuget/Microsoft.AspNetCore.All@2.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3nh7-wm35-3kb2
1
vulnerability VCID-v6vu-9ybt-tqbc
2
vulnerability VCID-xgtm-9d66-rugc
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.1.1
aliases CVE-2018-8292
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dw22-bazh-4qa9
3
url VCID-ju3g-r5sj-4ueq
vulnerability_id VCID-ju3g-r5sj-4ueq
summary Microsoft Security Advisory CVE-2017-8700: CORS bypass can enable Information Disclosure
references
0
reference_url https://github.com/aspnet/Announcements/issues/279
reference_id
reference_type
scores
url https://github.com/aspnet/Announcements/issues/279
1
reference_url https://github.com/github/advisory-database/issues/302
reference_id
reference_type
scores
url https://github.com/github/advisory-database/issues/302
2
reference_url http://www.securityfocus.com/bid/101712
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/101712
3
reference_url http://www.securitytracker.com/id/1039793
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1039793
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-8700
reference_id CVE-2017-8700
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-8700
5
reference_url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8700
reference_id CVE-2017-8700
reference_type
scores
url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8700
6
reference_url https://github.com/advisories/GHSA-3rp6-rjw4-cq39
reference_id GHSA-3rp6-rjw4-cq39
reference_type
scores
url https://github.com/advisories/GHSA-3rp6-rjw4-cq39
fixed_packages
0
url pkg:nuget/Microsoft.AspNetCore.All@2.0.3
purl pkg:nuget/Microsoft.AspNetCore.All@2.0.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.0.3
aliases CVE-2017-8700, GHSA-3rp6-rjw4-cq39
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ju3g-r5sj-4ueq
4
url VCID-q249-gkbg-b3bs
vulnerability_id VCID-q249-gkbg-b3bs
summary Microsoft Security Advisory CVE-2018-8356: .NET Core Security Feature Bypass Vulnerability
references
0
reference_url https://github.com/dotnet/announcements/issues/73
reference_id
reference_type
scores
url https://github.com/dotnet/announcements/issues/73
1
reference_url https://github.com/github/advisory-database/issues/302
reference_id
reference_type
scores
url https://github.com/github/advisory-database/issues/302
2
reference_url http://www.securityfocus.com/bid/104664
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/104664
3
reference_url http://www.securitytracker.com/id/1041257
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1041257
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-8356
reference_id CVE-2018-8356
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-8356
5
reference_url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356
reference_id CVE-2018-8356
reference_type
scores
url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356
6
reference_url https://github.com/advisories/GHSA-p9wx-v264-q34p
reference_id GHSA-p9wx-v264-q34p
reference_type
scores
url https://github.com/advisories/GHSA-p9wx-v264-q34p
fixed_packages
0
url pkg:nuget/Microsoft.AspNetCore.All@2.0.3
purl pkg:nuget/Microsoft.AspNetCore.All@2.0.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.0.3
aliases CVE-2018-8356, GHSA-p9wx-v264-q34p
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q249-gkbg-b3bs
5
url VCID-tbhf-u22y-cfa1
vulnerability_id VCID-tbhf-u22y-cfa1
summary 
Privilege Escalation
ASP.NET Core allow an elevation of privilege vulnerability due to how ASP.NET web applications handle web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0784.
references
0
reference_url http://www.securityfocus.com/bid/103226
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/103226
1
reference_url http://www.securitytracker.com/id/1040504
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1040504
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-0808
reference_id CVE-2018-0808
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-0808
3
reference_url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0808
reference_id CVE-2018-0808
reference_type
scores
url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0808
fixed_packages
0
url pkg:nuget/Microsoft.AspNetCore.All@2.0.3
purl pkg:nuget/Microsoft.AspNetCore.All@2.0.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.0.3
aliases CVE-2018-0808
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tbhf-u22y-cfa1
6
url VCID-zrsj-apsr-wqh1
vulnerability_id VCID-zrsj-apsr-wqh1
summary Microsoft Security Advisory CVE-2018-8171: ASP.NET Core Security Feature Bypass Vulnerability
references
0
reference_url https://github.com/aspnet/Announcements/issues/310
reference_id
reference_type
scores
url https://github.com/aspnet/Announcements/issues/310
1
reference_url http://www.securityfocus.com/bid/104659
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/104659
2
reference_url http://www.securitytracker.com/id/1041267
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1041267
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-8171
reference_id CVE-2018-8171
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-8171
4
reference_url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171
reference_id CVE-2018-8171
reference_type
scores
url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171
5
reference_url https://github.com/advisories/GHSA-vhvh-528q-ff3p
reference_id GHSA-vhvh-528q-ff3p
reference_type
scores
url https://github.com/advisories/GHSA-vhvh-528q-ff3p
fixed_packages
0
url pkg:nuget/Microsoft.AspNetCore.All@2.0.3
purl pkg:nuget/Microsoft.AspNetCore.All@2.0.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.0.3
aliases CVE-2018-8171, GHSA-vhvh-528q-ff3p
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zrsj-apsr-wqh1
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@1.0.0