Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-1ax1-6pzg-87f8
Summary
Drupal core Open Redirect vulnerability
Drupal 7 has an Open Redirect vulnerability. For example, a user could be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL.

The vulnerability is caused by insufficient validation of the destination query parameter in the drupal_goto() function.

Other versions of Drupal core are not vulnerable.
Aliases
0
alias GHSA-6gf6-24h2-66j4
Fixed_packages
Affected_packages
0
url pkg:composer/drupal/core@7.0.0
purl pkg:composer/drupal/core@7.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ax1-6pzg-87f8
1
vulnerability VCID-349d-w26k-mqfw
2
vulnerability VCID-3fka-y25d-m7a3
3
vulnerability VCID-3hf4-tvxn-zyh4
4
vulnerability VCID-3s9f-prpy-hbcx
5
vulnerability VCID-3sr6-86jw-6fb9
6
vulnerability VCID-48ut-ykkc-83fx
7
vulnerability VCID-53h1-sj47-gugn
8
vulnerability VCID-5618-53yg-8qh4
9
vulnerability VCID-565p-mgqe-gkfc
10
vulnerability VCID-6ck5-9e5b-w3ay
11
vulnerability VCID-6m8x-cfzp-tkf4
12
vulnerability VCID-9ss3-mvt3-8bem
13
vulnerability VCID-9wt5-xe6d-n3cb
14
vulnerability VCID-bk92-66re-dkc5
15
vulnerability VCID-brsq-e734-ffch
16
vulnerability VCID-cucx-jfqf-pkd1
17
vulnerability VCID-cvxp-ctj9-guej
18
vulnerability VCID-djgn-ezxp-37eu
19
vulnerability VCID-en3b-g3f3-a3e3
20
vulnerability VCID-g1rp-twzp-63e1
21
vulnerability VCID-ga35-289v-vqhr
22
vulnerability VCID-gbz5-5frj-hber
23
vulnerability VCID-gzcu-sbks-wyfa
24
vulnerability VCID-jnu7-1j9c-dqck
25
vulnerability VCID-k1gx-nznx-7qd6
26
vulnerability VCID-kc7d-5k6x-77bp
27
vulnerability VCID-kwe1-gm4m-tkgf
28
vulnerability VCID-mhk6-9qdy-83f3
29
vulnerability VCID-mt37-qzh7-gyfv
30
vulnerability VCID-nd8n-5dsu-2fbp
31
vulnerability VCID-rdgr-yuu7-xkey
32
vulnerability VCID-rhj7-dy7q-jkhw
33
vulnerability VCID-s8u8-xbdk-87dj
34
vulnerability VCID-s9kv-9qfu-gbdq
35
vulnerability VCID-ssyn-dxp9-3kdq
36
vulnerability VCID-syrg-ckq7-cbd6
37
vulnerability VCID-u5wt-ndvn-3ffg
38
vulnerability VCID-v9v6-ae3e-g3hk
39
vulnerability VCID-vura-3gnb-rybs
40
vulnerability VCID-wabj-ty5p-pfd6
41
vulnerability VCID-we42-mkyk-hfer
42
vulnerability VCID-wwvq-399y-rfhc
43
vulnerability VCID-wzgs-fr3u-cbdn
44
vulnerability VCID-yare-57j9-j7cs
45
vulnerability VCID-yrzt-3m97-53ce
46
vulnerability VCID-zw3u-6ue7-efdf
47
vulnerability VCID-zxqc-67jp-uba7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.0.0
References
0
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2020-05-20-1.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2020-05-20-1.yaml
2
reference_url https://www.drupal.org/sa-core-2020-003
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-003
3
reference_url https://github.com/advisories/GHSA-6gf6-24h2-66j4
reference_id GHSA-6gf6-24h2-66j4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6gf6-24h2-66j4
Weaknesses
0
cwe_id 601
name URL Redirection to Untrusted Site ('Open Redirect')
description A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-1ax1-6pzg-87f8