Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/django@1.7b4
Typepypi
Namespace
Namedjango
Version1.7b4
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.7rc3
Latest_non_vulnerable_version6.0.5
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-71t1-69yq-c7h6
vulnerability_id VCID-71t1-69yq-c7h6
summary Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
1
reference_url http://secunia.com/advisories/61281
reference_id
reference_type
scores
url http://secunia.com/advisories/61281
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/1abcf3a808b35abae5d425ed4d44cb6e886dc769
reference_id
reference_type
scores
url https://github.com/django/django/commit/1abcf3a808b35abae5d425ed4d44cb6e886dc769
4
reference_url https://github.com/django/django/commit/28e23306aa53bbbb8fb87db85f99d970b051026c
reference_id
reference_type
scores
url https://github.com/django/django/commit/28e23306aa53bbbb8fb87db85f99d970b051026c
5
reference_url https://github.com/django/django/commit/4001ec8698f577b973c5a540801d8a0bbea1205b
reference_id
reference_type
scores
url https://github.com/django/django/commit/4001ec8698f577b973c5a540801d8a0bbea1205b
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2014-19.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2014-19.yaml
7
reference_url https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued
8
reference_url https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/
9
reference_url http://ubuntu.com/usn/usn-2212-1
reference_id
reference_type
scores
url http://ubuntu.com/usn/usn-2212-1
10
reference_url http://www.debian.org/security/2014/dsa-2934
reference_id
reference_type
scores
url http://www.debian.org/security/2014/dsa-2934
11
reference_url http://www.openwall.com/lists/oss-security/2014/05/14/10
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2014/05/14/10
12
reference_url http://www.openwall.com/lists/oss-security/2014/05/15/3
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2014/05/15/3
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-1418
reference_id CVE-2014-1418
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2014-1418
14
reference_url https://github.com/advisories/GHSA-q7q2-qf2q-rw3w
reference_id GHSA-q7q2-qf2q-rw3w
reference_type
scores
url https://github.com/advisories/GHSA-q7q2-qf2q-rw3w
fixed_packages
0
url pkg:pypi/django@1.4.13
purl pkg:pypi/django@1.4.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-7rz2-nqdn-hycc
4
vulnerability VCID-8gus-er59-1qak
5
vulnerability VCID-8v2c-7739-2ugp
6
vulnerability VCID-912q-3eks-4yfm
7
vulnerability VCID-9mpt-zxaw-kkeg
8
vulnerability VCID-bahz-gfxv-e3b2
9
vulnerability VCID-dh12-js4b-h7fw
10
vulnerability VCID-jfya-694v-myar
11
vulnerability VCID-kq8u-td31-uqaa
12
vulnerability VCID-ksh8-pazn-dbca
13
vulnerability VCID-mccp-khb9-qkb7
14
vulnerability VCID-r7tk-79xy-jkhj
15
vulnerability VCID-rxxr-sseq-k7a9
16
vulnerability VCID-ta66-7qrm-sbhu
17
vulnerability VCID-th75-ys47-d3h8
18
vulnerability VCID-u4a7-uvcb-9kf8
19
vulnerability VCID-u6sd-648r-qbdb
20
vulnerability VCID-vdpf-jddk-syda
21
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.13
1
url pkg:pypi/django@1.5.8
purl pkg:pypi/django@1.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-7rz2-nqdn-hycc
4
vulnerability VCID-8gus-er59-1qak
5
vulnerability VCID-8v2c-7739-2ugp
6
vulnerability VCID-912q-3eks-4yfm
7
vulnerability VCID-9mpt-zxaw-kkeg
8
vulnerability VCID-bahz-gfxv-e3b2
9
vulnerability VCID-dh12-js4b-h7fw
10
vulnerability VCID-jfya-694v-myar
11
vulnerability VCID-ksh8-pazn-dbca
12
vulnerability VCID-mccp-khb9-qkb7
13
vulnerability VCID-r7tk-79xy-jkhj
14
vulnerability VCID-rxxr-sseq-k7a9
15
vulnerability VCID-ta66-7qrm-sbhu
16
vulnerability VCID-u4a7-uvcb-9kf8
17
vulnerability VCID-u6sd-648r-qbdb
18
vulnerability VCID-vdpf-jddk-syda
19
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5.8
2
url pkg:pypi/django@1.6.5
purl pkg:pypi/django@1.6.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-7rz2-nqdn-hycc
4
vulnerability VCID-8gus-er59-1qak
5
vulnerability VCID-8v2c-7739-2ugp
6
vulnerability VCID-912q-3eks-4yfm
7
vulnerability VCID-9mpt-zxaw-kkeg
8
vulnerability VCID-bahz-gfxv-e3b2
9
vulnerability VCID-dh12-js4b-h7fw
10
vulnerability VCID-jfya-694v-myar
11
vulnerability VCID-ksh8-pazn-dbca
12
vulnerability VCID-mccp-khb9-qkb7
13
vulnerability VCID-r7tk-79xy-jkhj
14
vulnerability VCID-rxxr-sseq-k7a9
15
vulnerability VCID-ta66-7qrm-sbhu
16
vulnerability VCID-u4a7-uvcb-9kf8
17
vulnerability VCID-u6sd-648r-qbdb
18
vulnerability VCID-vacy-878s-3kfb
19
vulnerability VCID-vdpf-jddk-syda
20
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.5
3
url pkg:pypi/django@1.7b4
purl pkg:pypi/django@1.7b4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7b4
aliases CVE-2014-1418, GHSA-q7q2-qf2q-rw3w, PYSEC-2014-19
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-71t1-69yq-c7h6
1
url VCID-9bqp-b6rw-mye7
vulnerability_id VCID-9bqp-b6rw-mye7
summary The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com."
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
1
reference_url http://secunia.com/advisories/61281
reference_id
reference_type
scores
url http://secunia.com/advisories/61281
2
reference_url https://github.com/django/django
reference_id
reference_type
scores
url https://github.com/django/django
3
reference_url https://github.com/django/django/commit/601107524523bca02376a0ddc1a06c6fdb8f22f3
reference_id
reference_type
scores
url https://github.com/django/django/commit/601107524523bca02376a0ddc1a06c6fdb8f22f3
4
reference_url https://github.com/django/django/commit/7feb54bbae3f637ab3c4dd4831d4385964f574df
reference_id
reference_type
scores
url https://github.com/django/django/commit/7feb54bbae3f637ab3c4dd4831d4385964f574df
5
reference_url https://github.com/django/django/commit/ad32c218850ad40972dcef57beb460f8c979dd6d
reference_id
reference_type
scores
url https://github.com/django/django/commit/ad32c218850ad40972dcef57beb460f8c979dd6d
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2014-20.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2014-20.yaml
7
reference_url https://web.archive.org/web/20200228171223/http://www.securityfocus.com/bid/67410
reference_id
reference_type
scores
url https://web.archive.org/web/20200228171223/http://www.securityfocus.com/bid/67410
8
reference_url https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued
9
reference_url https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/
10
reference_url http://ubuntu.com/usn/usn-2212-1
reference_id
reference_type
scores
url http://ubuntu.com/usn/usn-2212-1
11
reference_url http://www.debian.org/security/2014/dsa-2934
reference_id
reference_type
scores
url http://www.debian.org/security/2014/dsa-2934
12
reference_url http://www.openwall.com/lists/oss-security/2014/05/14/10
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2014/05/14/10
13
reference_url http://www.openwall.com/lists/oss-security/2014/05/15/3
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2014/05/15/3
14
reference_url http://www.securityfocus.com/bid/67410
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/67410
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3730
reference_id CVE-2014-3730
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2014-3730
16
reference_url https://github.com/advisories/GHSA-vq3h-3q7v-9prw
reference_id GHSA-vq3h-3q7v-9prw
reference_type
scores
url https://github.com/advisories/GHSA-vq3h-3q7v-9prw
fixed_packages
0
url pkg:pypi/django@1.4.13
purl pkg:pypi/django@1.4.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-7rz2-nqdn-hycc
4
vulnerability VCID-8gus-er59-1qak
5
vulnerability VCID-8v2c-7739-2ugp
6
vulnerability VCID-912q-3eks-4yfm
7
vulnerability VCID-9mpt-zxaw-kkeg
8
vulnerability VCID-bahz-gfxv-e3b2
9
vulnerability VCID-dh12-js4b-h7fw
10
vulnerability VCID-jfya-694v-myar
11
vulnerability VCID-kq8u-td31-uqaa
12
vulnerability VCID-ksh8-pazn-dbca
13
vulnerability VCID-mccp-khb9-qkb7
14
vulnerability VCID-r7tk-79xy-jkhj
15
vulnerability VCID-rxxr-sseq-k7a9
16
vulnerability VCID-ta66-7qrm-sbhu
17
vulnerability VCID-th75-ys47-d3h8
18
vulnerability VCID-u4a7-uvcb-9kf8
19
vulnerability VCID-u6sd-648r-qbdb
20
vulnerability VCID-vdpf-jddk-syda
21
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.13
1
url pkg:pypi/django@1.5.8
purl pkg:pypi/django@1.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-7rz2-nqdn-hycc
4
vulnerability VCID-8gus-er59-1qak
5
vulnerability VCID-8v2c-7739-2ugp
6
vulnerability VCID-912q-3eks-4yfm
7
vulnerability VCID-9mpt-zxaw-kkeg
8
vulnerability VCID-bahz-gfxv-e3b2
9
vulnerability VCID-dh12-js4b-h7fw
10
vulnerability VCID-jfya-694v-myar
11
vulnerability VCID-ksh8-pazn-dbca
12
vulnerability VCID-mccp-khb9-qkb7
13
vulnerability VCID-r7tk-79xy-jkhj
14
vulnerability VCID-rxxr-sseq-k7a9
15
vulnerability VCID-ta66-7qrm-sbhu
16
vulnerability VCID-u4a7-uvcb-9kf8
17
vulnerability VCID-u6sd-648r-qbdb
18
vulnerability VCID-vdpf-jddk-syda
19
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5.8
2
url pkg:pypi/django@1.6.5
purl pkg:pypi/django@1.6.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-5vmb-d4xp-zfgy
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-7rz2-nqdn-hycc
4
vulnerability VCID-8gus-er59-1qak
5
vulnerability VCID-8v2c-7739-2ugp
6
vulnerability VCID-912q-3eks-4yfm
7
vulnerability VCID-9mpt-zxaw-kkeg
8
vulnerability VCID-bahz-gfxv-e3b2
9
vulnerability VCID-dh12-js4b-h7fw
10
vulnerability VCID-jfya-694v-myar
11
vulnerability VCID-ksh8-pazn-dbca
12
vulnerability VCID-mccp-khb9-qkb7
13
vulnerability VCID-r7tk-79xy-jkhj
14
vulnerability VCID-rxxr-sseq-k7a9
15
vulnerability VCID-ta66-7qrm-sbhu
16
vulnerability VCID-u4a7-uvcb-9kf8
17
vulnerability VCID-u6sd-648r-qbdb
18
vulnerability VCID-vacy-878s-3kfb
19
vulnerability VCID-vdpf-jddk-syda
20
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.5
3
url pkg:pypi/django@1.7b4
purl pkg:pypi/django@1.7b4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7b4
aliases CVE-2014-3730, GHSA-vq3h-3q7v-9prw, PYSEC-2014-20
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9bqp-b6rw-mye7
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7b4