Django REST framework
Api Root
Package List
Package Instance
Format
json
api
admin
Package Instance
Lookup for vulnerable packages by Package URL.
Purl
pkg:pypi/django-piston@0.2.0
Type
pypi
Namespace
Name
django-piston
Version
0.2.0
Qualifiers
Subpath
Is_vulnerable
true
Next_non_vulnerable_version
0.2.3
Latest_non_vulnerable_version
0.2.3
Affected_by_vulnerabilities
0
url
VCID-cbuh-dhqc-z7fh
vulnerability_id
VCID-cbuh-dhqc-z7fh
summary
emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method.
references
0
reference_url
https://bitbucket.org/jespern/django-piston
reference_id
reference_type
scores
url
https://bitbucket.org/jespern/django-piston
1
reference_url
https://bitbucket.org/jespern/django-piston/commits/91bdaec89543
reference_id
reference_type
scores
url
https://bitbucket.org/jespern/django-piston/commits/91bdaec89543
2
reference_url
https://bitbucket.org/jespern/django-piston/commits/91bdaec89543/
reference_id
reference_type
scores
url
https://bitbucket.org/jespern/django-piston/commits/91bdaec89543/
3
reference_url
https://bugzilla.redhat.com/show_bug.cgi?id=750658
reference_id
reference_type
scores
url
https://bugzilla.redhat.com/show_bug.cgi?id=750658
4
reference_url
https://github.com/advisories/GHSA-pvhp-v9qp-xf5r
reference_id
reference_type
scores
url
https://github.com/advisories/GHSA-pvhp-v9qp-xf5r
5
reference_url
https://github.com/pypa/advisory-database/tree/main/vulns/django-piston/PYSEC-2014-24.yaml
reference_id
reference_type
scores
url
https://github.com/pypa/advisory-database/tree/main/vulns/django-piston/PYSEC-2014-24.yaml
6
reference_url
https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases
reference_id
reference_type
scores
url
https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases
7
reference_url
https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases/
reference_id
reference_type
scores
url
https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases/
8
reference_url
http://www.debian.org/security/2011/dsa-2344
reference_id
reference_type
scores
url
http://www.debian.org/security/2011/dsa-2344
9
reference_url
http://www.openwall.com/lists/oss-security/2011/11/01/10
reference_id
reference_type
scores
url
http://www.openwall.com/lists/oss-security/2011/11/01/10
10
reference_url
https://nvd.nist.gov/vuln/detail/CVE-2011-4103
reference_id
CVE-2011-4103
reference_type
scores
url
https://nvd.nist.gov/vuln/detail/CVE-2011-4103
fixed_packages
0
url
pkg:pypi/django-piston@0.2.2.1
purl
pkg:pypi/django-piston@0.2.2.1
is_vulnerable
true
affected_by_vulnerabilities
0
vulnerability
VCID-cbuh-dhqc-z7fh
resource_url
http://public2.vulnerablecode.io/packages/pkg:pypi/django-piston@0.2.2.1
1
url
pkg:pypi/django-piston@0.2.3
purl
pkg:pypi/django-piston@0.2.3
is_vulnerable
false
affected_by_vulnerabilities
resource_url
http://public2.vulnerablecode.io/packages/pkg:pypi/django-piston@0.2.3
aliases
CVE-2011-4103, GHSA-pvhp-v9qp-xf5r, PYSEC-2014-24
risk_score
null
exploitability
null
weighted_severity
null
resource_url
http://public2.vulnerablecode.io/vulnerabilities/VCID-cbuh-dhqc-z7fh
Fixing_vulnerabilities
Risk_score
null
Resource_url
http://public2.vulnerablecode.io/packages/pkg:pypi/django-piston@0.2.0
×
Create
None
×
Edit
None