Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-41c2-23ch-x7ft

Summary

URL Redirection to Untrusted Site ('Open Redirect')
A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka 'ASP.NET Core Spoofing Vulnerability'.

Aliases

alias	CVE-2019-1075

alias	GHSA-prrf-397v-83xh

Fixed_packages

url pkg:nuget/Microsoft.AspNetCore.All@2.1.12

purl pkg:nuget/Microsoft.AspNetCore.All@2.1.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-j761-wgke-97d8

vulnerability	VCID-n3cs-wjun-vfhe

vulnerability	VCID-pa95-mtgb-yuf2

vulnerability	VCID-wzeg-jdcg-tfct

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.1.12

url pkg:nuget/Microsoft.AspNetCore.All@2.2.1

purl pkg:nuget/Microsoft.AspNetCore.All@2.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-j761-wgke-97d8

vulnerability	VCID-n3cs-wjun-vfhe

vulnerability	VCID-pa95-mtgb-yuf2

vulnerability	VCID-wzeg-jdcg-tfct

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.2.1

url pkg:nuget/Microsoft.AspNetCore.All@2.2.6

purl pkg:nuget/Microsoft.AspNetCore.All@2.2.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-j761-wgke-97d8

vulnerability	VCID-n3cs-wjun-vfhe

vulnerability	VCID-pa95-mtgb-yuf2

vulnerability	VCID-wzeg-jdcg-tfct

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.2.6

url pkg:nuget/Microsoft.AspNetCore.App@2.1.12

purl pkg:nuget/Microsoft.AspNetCore.App@2.1.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9zu6-5d4v-f3ht

vulnerability	VCID-fm28-azef-buh6

vulnerability	VCID-j761-wgke-97d8

vulnerability	VCID-n3cs-wjun-vfhe

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App@2.1.12

url	pkg:nuget/Microsoft.AspNetCore.App@2.2.6
purl	pkg:nuget/Microsoft.AspNetCore.App@2.2.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App@2.2.6

url	pkg:nuget/Microsoft.AspNetCore.Server.HttpSys@2.1.12
purl	pkg:nuget/Microsoft.AspNetCore.Server.HttpSys@2.1.12
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.Server.HttpSys@2.1.12

url	pkg:nuget/Microsoft.AspNetCore.Server.HttpSys@2.2.6
purl	pkg:nuget/Microsoft.AspNetCore.Server.HttpSys@2.2.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.Server.HttpSys@2.2.6

url	pkg:nuget/Microsoft.AspNetCore.Server.IIS@2.2.6
purl	pkg:nuget/Microsoft.AspNetCore.Server.IIS@2.2.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.Server.IIS@2.2.6

Affected_packages

url pkg:nuget/Microsoft.AspNetCore.All@2.1.0

purl pkg:nuget/Microsoft.AspNetCore.All@2.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gtv-nubh-73a9

vulnerability	VCID-41c2-23ch-x7ft

vulnerability	VCID-5crw-96ay-a7b7

vulnerability	VCID-9zu6-5d4v-f3ht

vulnerability	VCID-aqyy-zs6z-v7ar

vulnerability	VCID-cja1-29th-9qbf

vulnerability	VCID-ct2x-rftj-tydp

vulnerability	VCID-eeub-ree5-dyez

vulnerability	VCID-fm28-azef-buh6

vulnerability	VCID-j761-wgke-97d8

vulnerability	VCID-mrdj-nvz7-xyet

vulnerability	VCID-n3cs-wjun-vfhe

vulnerability	VCID-pa95-mtgb-yuf2

vulnerability	VCID-wzeg-jdcg-tfct

vulnerability	VCID-z54f-eupv-n7be

vulnerability	VCID-zdjb-98e7-6bgn

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.1.0

url pkg:nuget/Microsoft.AspNetCore.All@2.2.0

purl pkg:nuget/Microsoft.AspNetCore.All@2.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gtv-nubh-73a9

vulnerability	VCID-41c2-23ch-x7ft

vulnerability	VCID-4dn7-wv8k-57gu

vulnerability	VCID-cja1-29th-9qbf

vulnerability	VCID-j761-wgke-97d8

vulnerability	VCID-mrdj-nvz7-xyet

vulnerability	VCID-n3cs-wjun-vfhe

vulnerability	VCID-pa95-mtgb-yuf2

vulnerability	VCID-wzeg-jdcg-tfct

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.2.0

url pkg:nuget/Microsoft.AspNetCore.App@2.1.0

purl pkg:nuget/Microsoft.AspNetCore.App@2.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gtv-nubh-73a9

vulnerability	VCID-41c2-23ch-x7ft

vulnerability	VCID-9zu6-5d4v-f3ht

vulnerability	VCID-ct2x-rftj-tydp

vulnerability	VCID-fm28-azef-buh6

vulnerability	VCID-j761-wgke-97d8

vulnerability	VCID-n3cs-wjun-vfhe

vulnerability	VCID-z54f-eupv-n7be

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App@2.1.0

url pkg:nuget/Microsoft.AspNetCore.App@2.1.1

purl pkg:nuget/Microsoft.AspNetCore.App@2.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gtv-nubh-73a9

vulnerability	VCID-41c2-23ch-x7ft

vulnerability	VCID-9zu6-5d4v-f3ht

vulnerability	VCID-ct2x-rftj-tydp

vulnerability	VCID-fm28-azef-buh6

vulnerability	VCID-j761-wgke-97d8

vulnerability	VCID-n3cs-wjun-vfhe

vulnerability	VCID-z54f-eupv-n7be

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App@2.1.1

url pkg:nuget/Microsoft.AspNetCore.App@2.1.2

purl pkg:nuget/Microsoft.AspNetCore.App@2.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gtv-nubh-73a9

vulnerability	VCID-41c2-23ch-x7ft

vulnerability	VCID-9zu6-5d4v-f3ht

vulnerability	VCID-fm28-azef-buh6

vulnerability	VCID-j761-wgke-97d8

vulnerability	VCID-n3cs-wjun-vfhe

vulnerability	VCID-z54f-eupv-n7be

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App@2.1.2

url pkg:nuget/Microsoft.AspNetCore.App@2.1.3

purl pkg:nuget/Microsoft.AspNetCore.App@2.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gtv-nubh-73a9

vulnerability	VCID-41c2-23ch-x7ft

vulnerability	VCID-9zu6-5d4v-f3ht

vulnerability	VCID-fm28-azef-buh6

vulnerability	VCID-j761-wgke-97d8

vulnerability	VCID-n3cs-wjun-vfhe

vulnerability	VCID-z54f-eupv-n7be

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App@2.1.3

url pkg:nuget/Microsoft.AspNetCore.App@2.1.4

purl pkg:nuget/Microsoft.AspNetCore.App@2.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gtv-nubh-73a9

vulnerability	VCID-41c2-23ch-x7ft

vulnerability	VCID-9zu6-5d4v-f3ht

vulnerability	VCID-fm28-azef-buh6

vulnerability	VCID-j761-wgke-97d8

vulnerability	VCID-n3cs-wjun-vfhe

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App@2.1.4

url pkg:nuget/Microsoft.AspNetCore.App@2.1.5

purl pkg:nuget/Microsoft.AspNetCore.App@2.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gtv-nubh-73a9

vulnerability	VCID-41c2-23ch-x7ft

vulnerability	VCID-9zu6-5d4v-f3ht

vulnerability	VCID-fm28-azef-buh6

vulnerability	VCID-j761-wgke-97d8

vulnerability	VCID-n3cs-wjun-vfhe

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App@2.1.5

url pkg:nuget/Microsoft.AspNetCore.App@2.1.6

purl pkg:nuget/Microsoft.AspNetCore.App@2.1.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gtv-nubh-73a9

vulnerability	VCID-41c2-23ch-x7ft

vulnerability	VCID-9zu6-5d4v-f3ht

vulnerability	VCID-fm28-azef-buh6

vulnerability	VCID-j761-wgke-97d8

vulnerability	VCID-n3cs-wjun-vfhe

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App@2.1.6

url pkg:nuget/Microsoft.AspNetCore.App@2.1.7

purl pkg:nuget/Microsoft.AspNetCore.App@2.1.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-41c2-23ch-x7ft

vulnerability	VCID-9zu6-5d4v-f3ht

vulnerability	VCID-fm28-azef-buh6

vulnerability	VCID-j761-wgke-97d8

vulnerability	VCID-n3cs-wjun-vfhe

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App@2.1.7

url pkg:nuget/Microsoft.AspNetCore.App@2.1.8

purl pkg:nuget/Microsoft.AspNetCore.App@2.1.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-41c2-23ch-x7ft

vulnerability	VCID-9zu6-5d4v-f3ht

vulnerability	VCID-fm28-azef-buh6

vulnerability	VCID-j761-wgke-97d8

vulnerability	VCID-n3cs-wjun-vfhe

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App@2.1.8

url pkg:nuget/Microsoft.AspNetCore.App@2.1.9

purl pkg:nuget/Microsoft.AspNetCore.App@2.1.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-41c2-23ch-x7ft

vulnerability	VCID-9zu6-5d4v-f3ht

vulnerability	VCID-fm28-azef-buh6

vulnerability	VCID-j761-wgke-97d8

vulnerability	VCID-n3cs-wjun-vfhe

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App@2.1.9

url pkg:nuget/Microsoft.AspNetCore.App@2.1.10

purl pkg:nuget/Microsoft.AspNetCore.App@2.1.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-41c2-23ch-x7ft

vulnerability	VCID-9zu6-5d4v-f3ht

vulnerability	VCID-fm28-azef-buh6

vulnerability	VCID-j761-wgke-97d8

vulnerability	VCID-n3cs-wjun-vfhe

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App@2.1.10

url pkg:nuget/Microsoft.AspNetCore.App@2.1.11

purl pkg:nuget/Microsoft.AspNetCore.App@2.1.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-41c2-23ch-x7ft

vulnerability	VCID-9zu6-5d4v-f3ht

vulnerability	VCID-fm28-azef-buh6

vulnerability	VCID-j761-wgke-97d8

vulnerability	VCID-n3cs-wjun-vfhe

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App@2.1.11

url pkg:nuget/Microsoft.AspNetCore.App@2.2.0

purl pkg:nuget/Microsoft.AspNetCore.App@2.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1gtv-nubh-73a9

vulnerability	VCID-41c2-23ch-x7ft

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App@2.2.0

url pkg:nuget/Microsoft.AspNetCore.App@2.2.1

purl pkg:nuget/Microsoft.AspNetCore.App@2.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-41c2-23ch-x7ft

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App@2.2.1

url pkg:nuget/Microsoft.AspNetCore.App@2.2.2

purl pkg:nuget/Microsoft.AspNetCore.App@2.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-41c2-23ch-x7ft

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App@2.2.2

url pkg:nuget/Microsoft.AspNetCore.App@2.2.3

purl pkg:nuget/Microsoft.AspNetCore.App@2.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-41c2-23ch-x7ft

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App@2.2.3

url pkg:nuget/Microsoft.AspNetCore.App@2.2.4

purl pkg:nuget/Microsoft.AspNetCore.App@2.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-41c2-23ch-x7ft

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App@2.2.4

url pkg:nuget/Microsoft.AspNetCore.App@2.2.5

purl pkg:nuget/Microsoft.AspNetCore.App@2.2.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-41c2-23ch-x7ft

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App@2.2.5

url pkg:nuget/Microsoft.AspNetCore.Server.HttpSys@2.1.0

purl pkg:nuget/Microsoft.AspNetCore.Server.HttpSys@2.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-41c2-23ch-x7ft

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.Server.HttpSys@2.1.0

url pkg:nuget/Microsoft.AspNetCore.Server.HttpSys@2.1.1

purl pkg:nuget/Microsoft.AspNetCore.Server.HttpSys@2.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-41c2-23ch-x7ft

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.Server.HttpSys@2.1.1

url pkg:nuget/Microsoft.AspNetCore.Server.HttpSys@2.2.0

purl pkg:nuget/Microsoft.AspNetCore.Server.HttpSys@2.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-41c2-23ch-x7ft

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.Server.HttpSys@2.2.0

url pkg:nuget/Microsoft.AspNetCore.Server.IIS@2.2.0

purl pkg:nuget/Microsoft.AspNetCore.Server.IIS@2.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-41c2-23ch-x7ft

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.Server.IIS@2.2.0

url pkg:nuget/Microsoft.AspNetCore.Server.IIS@2.2.1

purl pkg:nuget/Microsoft.AspNetCore.Server.IIS@2.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-41c2-23ch-x7ft

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.Server.IIS@2.2.1

url pkg:nuget/Microsoft.AspNetCore.Server.IIS@2.2.2

purl pkg:nuget/Microsoft.AspNetCore.Server.IIS@2.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-41c2-23ch-x7ft

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.Server.IIS@2.2.2

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-1075

reference_id

reference_type

scores

value	0.00417
scoring_system	epss
scoring_elements	0.61692
published_at	2026-04-07T12:55:00Z

value	0.00417
scoring_system	epss
scoring_elements	0.61777
published_at	2026-04-21T12:55:00Z

value	0.00417
scoring_system	epss
scoring_elements	0.61794
published_at	2026-04-18T12:55:00Z

value	0.00417
scoring_system	epss
scoring_elements	0.61788
published_at	2026-04-16T12:55:00Z

value	0.00417
scoring_system	epss
scoring_elements	0.61746
published_at	2026-04-13T12:55:00Z

value	0.00417
scoring_system	epss
scoring_elements	0.61765
published_at	2026-04-12T12:55:00Z

value	0.00417
scoring_system	epss
scoring_elements	0.61778
published_at	2026-04-11T12:55:00Z

value	0.00417
scoring_system	epss
scoring_elements	0.61756
published_at	2026-04-09T12:55:00Z

value	0.00417
scoring_system	epss
scoring_elements	0.61617
published_at	2026-04-01T12:55:00Z

value	0.00417
scoring_system	epss
scoring_elements	0.61691
published_at	2026-04-02T12:55:00Z

value	0.00417
scoring_system	epss
scoring_elements	0.61741
published_at	2026-04-08T12:55:00Z

value	0.00417
scoring_system	epss
scoring_elements	0.61721
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-1075

reference_url

https://github.com/aspnet/Announcements/issues/373

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/aspnet/Announcements/issues/373

reference_url

https://github.com/github/advisory-database/issues/302

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/github/advisory-database/issues/302

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-1075

reference_id

CVE-2019-1075

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-1075

reference_url

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1075

reference_id

CVE-2019-1075

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1075

reference_url

https://github.com/advisories/GHSA-prrf-397v-83xh

reference_id

GHSA-prrf-397v-83xh

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-prrf-397v-83xh

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	601
name	URL Redirection to Untrusted Site ('Open Redirect')
description	A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-41c2-23ch-x7ft

Vulnerability Instance