Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-upkp-utz9-mqej

Summary

Information Exposure
The tab switching cookie is not properly escaped.

Aliases

alias	GMS-2015-12

Fixed_packages

url pkg:pypi/djangorestframework@2.4.5

purl pkg:pypi/djangorestframework@2.4.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-95q1-5qy3-vydk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/djangorestframework@2.4.5

url pkg:pypi/djangorestframework@3.1.1

purl pkg:pypi/djangorestframework@3.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-95q1-5qy3-vydk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/djangorestframework@3.1.1

Affected_packages

url pkg:pypi/djangorestframework@2.4.0

purl pkg:pypi/djangorestframework@2.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-95q1-5qy3-vydk

vulnerability	VCID-upkp-utz9-mqej

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/djangorestframework@2.4.0

url pkg:pypi/djangorestframework@3.0.0

purl pkg:pypi/djangorestframework@3.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-95q1-5qy3-vydk

vulnerability	VCID-upkp-utz9-mqej

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/djangorestframework@3.0.0

References

reference_url	https://github.com/encode/django-rest-framework/blob/3.6.4/docs/topics/release-notes.md#311
reference_id
reference_type
scores
url	https://github.com/encode/django-rest-framework/blob/3.6.4/docs/topics/release-notes.md#311

reference_url	https://github.com/encode/django-rest-framework/commit/58f9603f703138cbd6749c64dd7da2d41468fc99
reference_id
reference_type
scores
url	https://github.com/encode/django-rest-framework/commit/58f9603f703138cbd6749c64dd7da2d41468fc99

reference_url	https://github.com/encode/django-rest-framework/commit/7872d0acbffeea5f4420aae5627f8767c6418ba3
reference_id
reference_type
scores
url	https://github.com/encode/django-rest-framework/commit/7872d0acbffeea5f4420aae5627f8767c6418ba3

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-upkp-utz9-mqej

Vulnerability Instance