Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-qpcc-4pq3-vud1
SummaryWhen Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code.
Aliases
0
alias CVE-2021-29952
Fixed_packages
0
url pkg:alpm/archlinux/firefox@88.0.1-1
purl pkg:alpm/archlinux/firefox@88.0.1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cmv4-drz9-f7gw
1
vulnerability VCID-jhvk-fysh-dfhe
2
vulnerability VCID-jmp4-ng3z-63fj
3
vulnerability VCID-maga-jq3w-1bfk
4
vulnerability VCID-rkmm-7vbf-vych
5
vulnerability VCID-spde-234b-t3ac
6
vulnerability VCID-tuzz-quet-97eq
7
vulnerability VCID-v576-hwvf-tfa7
8
vulnerability VCID-vcky-7nap-tybf
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@88.0.1-1
1
url pkg:deb/debian/firefox@88.0.1-1?distro=sid
purl pkg:deb/debian/firefox@88.0.1-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@88.0.1-1%3Fdistro=sid
2
url pkg:deb/debian/firefox@151.0.3-1?distro=sid
purl pkg:deb/debian/firefox@151.0.3-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid
Affected_packages
0
url pkg:alpm/archlinux/firefox@88.0-1
purl pkg:alpm/archlinux/firefox@88.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qpcc-4pq3-vud1
1
vulnerability VCID-z1sm-aubn-afcb
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@88.0-1
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29952.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29952.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29952
reference_id
reference_type
scores
0
value 0.00286
scoring_system epss
scoring_elements 0.5226
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29952
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1961494
reference_id 1961494
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1961494
3
reference_url https://security.archlinux.org/ASA-202105-5
reference_id ASA-202105-5
reference_type
scores
url https://security.archlinux.org/ASA-202105-5
4
reference_url https://security.archlinux.org/AVG-1917
reference_id AVG-1917
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1917
5
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2021-20
reference_id mfsa2021-20
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2021-20
Weaknesses
0
cwe_id 367
name Time-of-check Time-of-use (TOCTOU) Race Condition
description The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.
Exploits
Severity_range_score7.0 - 10.0
Exploitability0.5
Weighted_severity9.0
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-qpcc-4pq3-vud1