Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-8wu8-qh8m-7ubm
Summary
Duplicate Advisory: ReDos vulnerability of XMLFeedSpider
## Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-cc65-xxvf-f7r9. This link is maintained to preserve external references.

## Original Description
Parts of the Scrapy API were found to be vulnerable to a ReDoS attack. Handling a malicious response could cause extreme CPU and memory usage during the parsing of its content, due to the use of vulnerable regular expressions for that parsing.
Aliases
0
alias GHSA-7c9g-vj9m-8pm6
Fixed_packages
0
url pkg:pypi/scrapy@1.8.4
purl pkg:pypi/scrapy@1.8.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1k4b-pr5k-s7e5
1
vulnerability VCID-64nx-aruy-q7gy
2
vulnerability VCID-dc1m-rt7j-w3af
3
vulnerability VCID-nekz-z7zw-mfgz
4
vulnerability VCID-t5cn-a543-nyag
5
vulnerability VCID-urb1-hv1z-duga
6
vulnerability VCID-veaw-n6vt-zfgu
7
vulnerability VCID-x9ee-za9y-3fcb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@1.8.4
1
url pkg:pypi/scrapy@2.11.1
purl pkg:pypi/scrapy@2.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1k4b-pr5k-s7e5
1
vulnerability VCID-dc1m-rt7j-w3af
2
vulnerability VCID-nekz-z7zw-mfgz
3
vulnerability VCID-t5cn-a543-nyag
4
vulnerability VCID-urb1-hv1z-duga
5
vulnerability VCID-veaw-n6vt-zfgu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2.11.1
Affected_packages
0
url pkg:pypi/scrapy@2
purl pkg:pypi/scrapy@2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-64nx-aruy-q7gy
1
vulnerability VCID-8wu8-qh8m-7ubm
2
vulnerability VCID-kgf5-wu3r-pqc6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/scrapy@2
References
0
reference_url https://github.com/scrapy/scrapy/commit/479619b340f197a8f24c5db45bc068fb8755f2c5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/scrapy/scrapy/commit/479619b340f197a8f24c5db45bc068fb8755f2c5
1
reference_url https://huntr.com/bounties/271f94f2-1e05-4616-ac43-41752389e26b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://huntr.com/bounties/271f94f2-1e05-4616-ac43-41752389e26b
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-1892
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-1892
3
reference_url https://github.com/advisories/GHSA-7c9g-vj9m-8pm6
reference_id GHSA-7c9g-vj9m-8pm6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7c9g-vj9m-8pm6
Weaknesses
0
cwe_id 1333
name Inefficient Regular Expression Complexity
description The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.
Exploits
Severity_range_score7.0 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-8wu8-qh8m-7ubm