Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-26bs-85hq-ufac
Summary
Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider
Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients.

Apache Kafka Clients accept configuration data for customizing behavior, and includes ConfigProvider plugins in order to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider implementations which include the ability to read from disk or environment variables.
In applications where Apache Kafka Clients configurations can be specified by an untrusted party, attackers may use these ConfigProviders to read arbitrary contents of the disk and environment variables.

In particular, this flaw may be used in Apache Kafka Connect to escalate from REST API access to filesystem/environment access, which may be undesirable in certain environments, including SaaS products.
This issue affects Apache Kafka Clients: from from 2.3.0 through 3.5.2, 3.6.0 through 3.6.2, and 3.7.0.


Users with affected applications are recommended to upgrade kafka-clients to version >=3.8.0, and set the JVM system property "org.apache.kafka.automatic.config.providers=none".
Users of Kafka Connect with one of the listed ConfigProvider implementations specified in their worker config are also recommended to add appropriate "allowlist.pattern" and "allowed.paths" to restrict their operation to appropriate bounds.


For users of Kafka Clients or Kafka Connect in environments that trust users with disk and environment variable access, it is not recommended to set the system property.
For users of the Kafka Broker, Kafka MirrorMaker 2.0, Kafka Streams, and Kafka command-line tools, it is not recommended to set the system property.
Aliases
0
alias CVE-2024-31141
1
alias GHSA-2x2g-32r7-p4x8
Fixed_packages
0
url pkg:maven/org.apache.kafka/kafka-clients@3.7.1
purl pkg:maven/org.apache.kafka/kafka-clients@3.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n6nz-5x6j-yke3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka-clients@3.7.1
Affected_packages
0
url pkg:maven/org.apache.kafka/kafka-clients@2.3.0
purl pkg:maven/org.apache.kafka/kafka-clients@2.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26bs-85hq-ufac
1
vulnerability VCID-3jvm-ph93-bfch
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka-clients@2.3.0
1
url pkg:maven/org.apache.kafka/kafka-clients@2.3.1
purl pkg:maven/org.apache.kafka/kafka-clients@2.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26bs-85hq-ufac
1
vulnerability VCID-3jvm-ph93-bfch
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka-clients@2.3.1
2
url pkg:maven/org.apache.kafka/kafka-clients@2.4.0
purl pkg:maven/org.apache.kafka/kafka-clients@2.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26bs-85hq-ufac
1
vulnerability VCID-3jvm-ph93-bfch
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka-clients@2.4.0
3
url pkg:maven/org.apache.kafka/kafka-clients@2.4.1
purl pkg:maven/org.apache.kafka/kafka-clients@2.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26bs-85hq-ufac
1
vulnerability VCID-3jvm-ph93-bfch
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka-clients@2.4.1
4
url pkg:maven/org.apache.kafka/kafka-clients@2.5.0
purl pkg:maven/org.apache.kafka/kafka-clients@2.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26bs-85hq-ufac
1
vulnerability VCID-3jvm-ph93-bfch
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka-clients@2.5.0
5
url pkg:maven/org.apache.kafka/kafka-clients@2.5.1
purl pkg:maven/org.apache.kafka/kafka-clients@2.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26bs-85hq-ufac
1
vulnerability VCID-3jvm-ph93-bfch
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka-clients@2.5.1
6
url pkg:maven/org.apache.kafka/kafka-clients@2.6.0
purl pkg:maven/org.apache.kafka/kafka-clients@2.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26bs-85hq-ufac
1
vulnerability VCID-3jvm-ph93-bfch
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka-clients@2.6.0
7
url pkg:maven/org.apache.kafka/kafka-clients@2.6.1
purl pkg:maven/org.apache.kafka/kafka-clients@2.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26bs-85hq-ufac
1
vulnerability VCID-3jvm-ph93-bfch
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka-clients@2.6.1
8
url pkg:maven/org.apache.kafka/kafka-clients@2.6.2
purl pkg:maven/org.apache.kafka/kafka-clients@2.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26bs-85hq-ufac
1
vulnerability VCID-3jvm-ph93-bfch
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka-clients@2.6.2
9
url pkg:maven/org.apache.kafka/kafka-clients@2.6.3
purl pkg:maven/org.apache.kafka/kafka-clients@2.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26bs-85hq-ufac
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka-clients@2.6.3
10
url pkg:maven/org.apache.kafka/kafka-clients@2.7.0
purl pkg:maven/org.apache.kafka/kafka-clients@2.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26bs-85hq-ufac
1
vulnerability VCID-3jvm-ph93-bfch
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka-clients@2.7.0
11
url pkg:maven/org.apache.kafka/kafka-clients@2.7.1
purl pkg:maven/org.apache.kafka/kafka-clients@2.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26bs-85hq-ufac
1
vulnerability VCID-3jvm-ph93-bfch
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka-clients@2.7.1
12
url pkg:maven/org.apache.kafka/kafka-clients@2.7.2
purl pkg:maven/org.apache.kafka/kafka-clients@2.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26bs-85hq-ufac
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka-clients@2.7.2
13
url pkg:maven/org.apache.kafka/kafka-clients@2.8.0
purl pkg:maven/org.apache.kafka/kafka-clients@2.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26bs-85hq-ufac
1
vulnerability VCID-3jvm-ph93-bfch
2
vulnerability VCID-ja6g-epa4-qbhn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka-clients@2.8.0
14
url pkg:maven/org.apache.kafka/kafka-clients@2.8.1
purl pkg:maven/org.apache.kafka/kafka-clients@2.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26bs-85hq-ufac
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka-clients@2.8.1
15
url pkg:maven/org.apache.kafka/kafka-clients@2.8.2
purl pkg:maven/org.apache.kafka/kafka-clients@2.8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26bs-85hq-ufac
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka-clients@2.8.2
16
url pkg:maven/org.apache.kafka/kafka-clients@3.0.0
purl pkg:maven/org.apache.kafka/kafka-clients@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26bs-85hq-ufac
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka-clients@3.0.0
17
url pkg:maven/org.apache.kafka/kafka-clients@3.0.1
purl pkg:maven/org.apache.kafka/kafka-clients@3.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26bs-85hq-ufac
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka-clients@3.0.1
18
url pkg:maven/org.apache.kafka/kafka-clients@3.0.2
purl pkg:maven/org.apache.kafka/kafka-clients@3.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26bs-85hq-ufac
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka-clients@3.0.2
19
url pkg:maven/org.apache.kafka/kafka-clients@3.1.0
purl pkg:maven/org.apache.kafka/kafka-clients@3.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26bs-85hq-ufac
1
vulnerability VCID-n6nz-5x6j-yke3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka-clients@3.1.0
20
url pkg:maven/org.apache.kafka/kafka-clients@3.1.1
purl pkg:maven/org.apache.kafka/kafka-clients@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26bs-85hq-ufac
1
vulnerability VCID-n6nz-5x6j-yke3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka-clients@3.1.1
21
url pkg:maven/org.apache.kafka/kafka-clients@3.1.2
purl pkg:maven/org.apache.kafka/kafka-clients@3.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26bs-85hq-ufac
1
vulnerability VCID-n6nz-5x6j-yke3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka-clients@3.1.2
22
url pkg:maven/org.apache.kafka/kafka-clients@3.2.0
purl pkg:maven/org.apache.kafka/kafka-clients@3.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26bs-85hq-ufac
1
vulnerability VCID-n6nz-5x6j-yke3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka-clients@3.2.0
23
url pkg:maven/org.apache.kafka/kafka-clients@3.2.1
purl pkg:maven/org.apache.kafka/kafka-clients@3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26bs-85hq-ufac
1
vulnerability VCID-n6nz-5x6j-yke3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka-clients@3.2.1
24
url pkg:maven/org.apache.kafka/kafka-clients@3.2.2
purl pkg:maven/org.apache.kafka/kafka-clients@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26bs-85hq-ufac
1
vulnerability VCID-n6nz-5x6j-yke3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka-clients@3.2.2
25
url pkg:maven/org.apache.kafka/kafka-clients@3.2.3
purl pkg:maven/org.apache.kafka/kafka-clients@3.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26bs-85hq-ufac
1
vulnerability VCID-n6nz-5x6j-yke3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka-clients@3.2.3
26
url pkg:maven/org.apache.kafka/kafka-clients@3.3.0
purl pkg:maven/org.apache.kafka/kafka-clients@3.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26bs-85hq-ufac
1
vulnerability VCID-n6nz-5x6j-yke3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka-clients@3.3.0
27
url pkg:maven/org.apache.kafka/kafka-clients@3.3.1
purl pkg:maven/org.apache.kafka/kafka-clients@3.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26bs-85hq-ufac
1
vulnerability VCID-n6nz-5x6j-yke3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka-clients@3.3.1
28
url pkg:maven/org.apache.kafka/kafka-clients@3.3.2
purl pkg:maven/org.apache.kafka/kafka-clients@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26bs-85hq-ufac
1
vulnerability VCID-n6nz-5x6j-yke3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka-clients@3.3.2
29
url pkg:maven/org.apache.kafka/kafka-clients@3.4.0
purl pkg:maven/org.apache.kafka/kafka-clients@3.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26bs-85hq-ufac
1
vulnerability VCID-n6nz-5x6j-yke3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka-clients@3.4.0
30
url pkg:maven/org.apache.kafka/kafka-clients@3.4.1
purl pkg:maven/org.apache.kafka/kafka-clients@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26bs-85hq-ufac
1
vulnerability VCID-n6nz-5x6j-yke3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka-clients@3.4.1
31
url pkg:maven/org.apache.kafka/kafka-clients@3.5.0
purl pkg:maven/org.apache.kafka/kafka-clients@3.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26bs-85hq-ufac
1
vulnerability VCID-n6nz-5x6j-yke3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka-clients@3.5.0
32
url pkg:maven/org.apache.kafka/kafka-clients@3.5.1
purl pkg:maven/org.apache.kafka/kafka-clients@3.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26bs-85hq-ufac
1
vulnerability VCID-n6nz-5x6j-yke3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka-clients@3.5.1
33
url pkg:maven/org.apache.kafka/kafka-clients@3.5.2
purl pkg:maven/org.apache.kafka/kafka-clients@3.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26bs-85hq-ufac
1
vulnerability VCID-n6nz-5x6j-yke3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka-clients@3.5.2
34
url pkg:maven/org.apache.kafka/kafka-clients@3.6.0
purl pkg:maven/org.apache.kafka/kafka-clients@3.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26bs-85hq-ufac
1
vulnerability VCID-n6nz-5x6j-yke3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka-clients@3.6.0
35
url pkg:maven/org.apache.kafka/kafka-clients@3.6.1
purl pkg:maven/org.apache.kafka/kafka-clients@3.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26bs-85hq-ufac
1
vulnerability VCID-n6nz-5x6j-yke3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka-clients@3.6.1
36
url pkg:maven/org.apache.kafka/kafka-clients@3.6.2
purl pkg:maven/org.apache.kafka/kafka-clients@3.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26bs-85hq-ufac
1
vulnerability VCID-n6nz-5x6j-yke3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka-clients@3.6.2
37
url pkg:maven/org.apache.kafka/kafka-clients@3.7.0
purl pkg:maven/org.apache.kafka/kafka-clients@3.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-26bs-85hq-ufac
1
vulnerability VCID-n6nz-5x6j-yke3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.kafka/kafka-clients@3.7.0
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-31141.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-31141.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-31141
reference_id
reference_type
scores
0
value 0.00115
scoring_system epss
scoring_elements 0.3016
published_at 2026-04-09T12:55:00Z
1
value 0.00115
scoring_system epss
scoring_elements 0.30124
published_at 2026-04-08T12:55:00Z
2
value 0.00115
scoring_system epss
scoring_elements 0.30064
published_at 2026-04-07T12:55:00Z
3
value 0.00115
scoring_system epss
scoring_elements 0.30245
published_at 2026-04-04T12:55:00Z
4
value 0.00115
scoring_system epss
scoring_elements 0.30196
published_at 2026-04-02T12:55:00Z
5
value 0.00156
scoring_system epss
scoring_elements 0.36091
published_at 2026-04-24T12:55:00Z
6
value 0.00156
scoring_system epss
scoring_elements 0.36401
published_at 2026-04-11T12:55:00Z
7
value 0.00156
scoring_system epss
scoring_elements 0.36366
published_at 2026-04-12T12:55:00Z
8
value 0.00156
scoring_system epss
scoring_elements 0.36345
published_at 2026-04-13T12:55:00Z
9
value 0.00156
scoring_system epss
scoring_elements 0.36386
published_at 2026-04-16T12:55:00Z
10
value 0.00156
scoring_system epss
scoring_elements 0.36369
published_at 2026-04-18T12:55:00Z
11
value 0.00156
scoring_system epss
scoring_elements 0.36316
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-31141
2
reference_url https://github.com/apache/kafka
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/kafka
3
reference_url https://lists.apache.org/thread/9whdzfr0zwdhr364604w5ssnzmg4v2lv
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-19T14:14:13Z/
url https://lists.apache.org/thread/9whdzfr0zwdhr364604w5ssnzmg4v2lv
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-31141
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-31141
5
reference_url https://security.netapp.com/advisory/ntap-20250131-0001
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250131-0001
6
reference_url http://www.openwall.com/lists/oss-security/2024/11/18/5
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2024/11/18/5
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2327264
reference_id 2327264
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2327264
8
reference_url https://github.com/advisories/GHSA-2x2g-32r7-p4x8
reference_id GHSA-2x2g-32r7-p4x8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2x2g-32r7-p4x8
9
reference_url https://access.redhat.com/errata/RHSA-2024:10700
reference_id RHSA-2024:10700
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10700
Weaknesses
0
cwe_id 269
name Improper Privilege Management
description The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
1
cwe_id 73
name External Control of File Name or Path
description The product allows user input to control or influence paths or file names that are used in filesystem operations.
2
cwe_id 552
name Files or Directories Accessible to External Parties
description The product makes files or directories accessible to unauthorized actors, even though they should not be.
3
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
4
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-26bs-85hq-ufac