Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-348t-vqaj-kbef

Summary xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service

Aliases

alias	CVE-2017-1000061

Fixed_packages

url	pkg:deb/debian/xmlsec1@1.2.27-2
purl	pkg:deb/debian/xmlsec1@1.2.27-2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.2.27-2

url	pkg:deb/debian/xmlsec1@1.2.24-1?distro=trixie
purl	pkg:deb/debian/xmlsec1@1.2.24-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.2.24-1%3Fdistro=trixie

url	pkg:deb/debian/xmlsec1@1.2.31-1?distro=trixie
purl	pkg:deb/debian/xmlsec1@1.2.31-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.2.31-1%3Fdistro=trixie

url	pkg:deb/debian/xmlsec1@1.2.37-2?distro=trixie
purl	pkg:deb/debian/xmlsec1@1.2.37-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.2.37-2%3Fdistro=trixie

url	pkg:deb/debian/xmlsec1@1.2.41-1?distro=trixie
purl	pkg:deb/debian/xmlsec1@1.2.41-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.2.41-1%3Fdistro=trixie

url	pkg:deb/debian/xmlsec1@1.3.10-2?distro=trixie
purl	pkg:deb/debian/xmlsec1@1.3.10-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.3.10-2%3Fdistro=trixie

Affected_packages

url pkg:deb/debian/xmlsec1@1.2.14-1%2Bsqueeze1

purl pkg:deb/debian/xmlsec1@1.2.14-1%2Bsqueeze1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-348t-vqaj-kbef

vulnerability	VCID-be4a-5sff-u3ac

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.2.14-1%252Bsqueeze1

url pkg:deb/debian/xmlsec1@1.2.18-2

purl pkg:deb/debian/xmlsec1@1.2.18-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-348t-vqaj-kbef

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.2.18-2

url pkg:deb/debian/xmlsec1@1.2.20-2

purl pkg:deb/debian/xmlsec1@1.2.20-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-348t-vqaj-kbef

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.2.20-2

url pkg:deb/debian/xmlsec1@1.2.23-0.1

purl pkg:deb/debian/xmlsec1@1.2.23-0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-348t-vqaj-kbef

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.2.23-0.1

url pkg:deb/debian/xmlsec1@1.2.6-1

purl pkg:deb/debian/xmlsec1@1.2.6-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-348t-vqaj-kbef

vulnerability	VCID-be4a-5sff-u3ac

vulnerability	VCID-crrp-38db-67ez

vulnerability	VCID-pfcq-4wxh-ckdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.2.6-1

url pkg:deb/debian/xmlsec1@1.2.9-5

purl pkg:deb/debian/xmlsec1@1.2.9-5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-348t-vqaj-kbef

vulnerability	VCID-be4a-5sff-u3ac

vulnerability	VCID-crrp-38db-67ez

vulnerability	VCID-pfcq-4wxh-ckdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.2.9-5

url pkg:deb/debian/xmlsec1@1.2.9-5%2Blenny1

purl pkg:deb/debian/xmlsec1@1.2.9-5%2Blenny1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-348t-vqaj-kbef

vulnerability	VCID-be4a-5sff-u3ac

vulnerability	VCID-crrp-38db-67ez

vulnerability	VCID-pfcq-4wxh-ckdv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.2.9-5%252Blenny1

url pkg:rpm/redhat/xmlsec1@1.2.20-7?arch=el7_4

purl pkg:rpm/redhat/xmlsec1@1.2.20-7?arch=el7_4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-348t-vqaj-kbef

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/xmlsec1@1.2.20-7%3Farch=el7_4

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000061.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000061.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000061

reference_id

reference_type

scores

value	0.00591
scoring_system	epss
scoring_elements	0.69599
published_at	2026-06-04T12:55:00Z

value	0.00591
scoring_system	epss
scoring_elements	0.69638
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000061

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000061
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000061

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1437311
reference_id	1437311
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1437311

reference_url	https://access.redhat.com/errata/RHSA-2017:2492
reference_id	RHSA-2017:2492
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:2492

reference_url	https://usn.ubuntu.com/5674-1/
reference_id	USN-5674-1
reference_type
scores
url	https://usn.ubuntu.com/5674-1/

Weaknesses

cwe_id	611
name	Improper Restriction of XML External Entity Reference
description	The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

Exploits

Severity_range_score 6.5 - 6.5

Exploitability 0.5

Weighted_severity 5.9

Risk_score 3.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-348t-vqaj-kbef

Vulnerability Instance