Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-ew5u-u3zx-87cv

Summary When downloading an update for an addon, the downloaded addon update's version was not verified to match the version selected from the manifest. If the manifest had been tampered with on the server, an attacker could trick the browser into downgrading the addon to a prior version.

Aliases

alias	CVE-2022-34471

Fixed_packages

Affected_packages

References

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-24

reference_id

mfsa2022-24

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-24

Weaknesses

Exploits

Severity_range_score 7.0 - 8.9

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ew5u-u3zx-87cv

Vulnerability Instance