Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-w8yc-azv8-yuh1
Summary
False Positive
jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.
Aliases
0
alias CVE-2023-35116
Fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.16.0
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.16.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.16.0
Affected_packages
0
url pkg:rpm/redhat/jenkins@2.426.3.1706516352-3?arch=el8
purl pkg:rpm/redhat/jenkins@2.426.3.1706516352-3?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5781-s1ny-q7ey
1
vulnerability VCID-h7qt-3g1f-5ffr
2
vulnerability VCID-w8yc-azv8-yuh1
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins@2.426.3.1706516352-3%3Farch=el8
1
url pkg:rpm/redhat/jenkins-2-plugins@4.14.1706516441-1?arch=el8
purl pkg:rpm/redhat/jenkins-2-plugins@4.14.1706516441-1?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17sn-57uv-gkg3
1
vulnerability VCID-19j2-jvgt-mkg6
2
vulnerability VCID-2a3h-6wad-63gc
3
vulnerability VCID-5bu5-5b6n-nuft
4
vulnerability VCID-955x-hg4a-5kc3
5
vulnerability VCID-a1eu-yahc-ffgr
6
vulnerability VCID-fnpa-1sqy-u7hw
7
vulnerability VCID-h9yg-u3jh-mbfq
8
vulnerability VCID-j456-xdn6-xyej
9
vulnerability VCID-j584-bgww-z7fw
10
vulnerability VCID-j986-mtma-b3bw
11
vulnerability VCID-mm3e-4pej-byed
12
vulnerability VCID-quvj-3tpk-qug1
13
vulnerability VCID-w8yc-azv8-yuh1
14
vulnerability VCID-zxcj-h6nx-m7gq
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.14.1706516441-1%3Farch=el8
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-35116.json
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-35116.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-35116
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03269
published_at 2026-04-02T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.03279
published_at 2026-04-04T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.03288
published_at 2026-04-07T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.03294
published_at 2026-04-08T12:55:00Z
4
value 0.00015
scoring_system epss
scoring_elements 0.03315
published_at 2026-04-09T12:55:00Z
5
value 0.00016
scoring_system epss
scoring_elements 0.03749
published_at 2026-04-11T12:55:00Z
6
value 0.00016
scoring_system epss
scoring_elements 0.03727
published_at 2026-04-12T12:55:00Z
7
value 0.00016
scoring_system epss
scoring_elements 0.037
published_at 2026-04-13T12:55:00Z
8
value 0.00016
scoring_system epss
scoring_elements 0.03678
published_at 2026-04-16T12:55:00Z
9
value 0.00016
scoring_system epss
scoring_elements 0.03689
published_at 2026-04-18T12:55:00Z
10
value 0.00016
scoring_system epss
scoring_elements 0.03811
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-35116
2
reference_url https://github.com/FasterXML/jackson-databind/issues/3972
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/issues/3972
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2215214
reference_id 2215214
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2215214
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-35116
reference_id CVE-2023-35116
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-35116
5
reference_url https://access.redhat.com/errata/RHSA-2024:0719
reference_id RHSA-2024:0719
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0719
6
reference_url https://access.redhat.com/errata/RHSA-2024:0777
reference_id RHSA-2024:0777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0777
7
reference_url https://access.redhat.com/errata/RHSA-2024:1027
reference_id RHSA-2024:1027
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1027
8
reference_url https://access.redhat.com/errata/RHSA-2024:6893
reference_id RHSA-2024:6893
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6893
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 770
name Allocation of Resources Without Limits or Throttling
description The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score4.7 - 4.7
Exploitability0.5
Weighted_severity4.2
Risk_score2.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-w8yc-azv8-yuh1