Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/drupal/core@8.3.0
Typecomposer
Namespacedrupal
Namecore
Version8.3.0
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version8.3.1
Latest_non_vulnerable_version11.2.8
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-2989-fmjz-nkby
vulnerability_id VCID-2989-fmjz-nkby
summary 
Missing Authorization
When creating a view, you can optionally use Ajax to update the displayed data via filter parameters. The views subsystem/module did not restrict access to the Ajax endpoint to only views configured to use Ajax. This is mitigated if you have access restrictions on the view. It is best practice to always include some form of access restrictions on all views, even if you are using another module to display them.
references
0
reference_url https://www.drupal.org/SA-CORE-2017-004
reference_id
reference_type
scores
url https://www.drupal.org/SA-CORE-2017-004
fixed_packages
0
url pkg:composer/drupal/core@8.3.0
purl pkg:composer/drupal/core@8.3.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.3.0
aliases CVE-2017-6923
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2989-fmjz-nkby
1
url VCID-mm13-6dhq-nqfb
vulnerability_id VCID-mm13-6dhq-nqfb
summary 
Improper Privilege Management
When using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments. This issue only affects sites that have the RESTful Web Services (rest) module enabled, the comment entity REST resource enabled, and where an attacker can access a user account on the site with permissions to post comments, or where anonymous users can post comments.
references
0
reference_url https://www.drupal.org/SA-CORE-2017-004
reference_id
reference_type
scores
url https://www.drupal.org/SA-CORE-2017-004
fixed_packages
0
url pkg:composer/drupal/core@8.3.0
purl pkg:composer/drupal/core@8.3.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.3.0
aliases CVE-2017-6924
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mm13-6dhq-nqfb
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.3.0