Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-yk4c-9hbr-13dz

Summary Code injection in ansible

Aliases

alias	CVE-2017-2809

alias	GHSA-c2w9-48qc-qpj4

alias	PYSEC-2017-5

Fixed_packages

url pkg:pypi/ansible@1.1

purl pkg:pypi/ansible@1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ggg-7w5s-r3g2

vulnerability	VCID-1u93-v71q-pbht

vulnerability	VCID-2atd-9e9a-vbgk

vulnerability	VCID-2ggn-yasq-5qg6

vulnerability	VCID-2mn4-wz9d-b7cu

vulnerability	VCID-2s19-y5sg-uyd7

vulnerability	VCID-3d73-q2yz-sqg7

vulnerability	VCID-5vvq-8gqh-cug2

vulnerability	VCID-6c93-cjxv-tqha

vulnerability	VCID-6fs2-bzr8-uyfx

vulnerability	VCID-6vx2-ergh-3fb5

vulnerability	VCID-74mp-e5z4-tbfe

vulnerability	VCID-7hmy-p927-akff

vulnerability	VCID-7qe9-zztp-2qcg

vulnerability	VCID-7ue1-2wu6-6kac

vulnerability	VCID-9cqv-1b34-6qeu

vulnerability	VCID-9hkf-5qv5-8kfc

vulnerability	VCID-9w4h-jq9s-g7a9

vulnerability	VCID-admn-xypq-dfd3

vulnerability	VCID-c6xz-7sbm-bkgg

vulnerability	VCID-cu9y-y9js-sfgs

vulnerability	VCID-e6k3-dnkn-uyc9

vulnerability	VCID-gehx-djwb-hyeu

vulnerability	VCID-gn4t-xdvs-bfa5

vulnerability	VCID-gqjp-g6rq-ufe4

vulnerability	VCID-hdq4-sau3-t3b7

vulnerability	VCID-hjab-3x7e-dugv

vulnerability	VCID-htd4-k6p6-7qhn

vulnerability	VCID-j7b4-vb5m-gqea

vulnerability	VCID-jk54-fyfx-jyd9

vulnerability	VCID-k1y6-9tte-17b1

vulnerability	VCID-kvx2-33ke-vfft

vulnerability	VCID-me3g-thr4-qbhc

vulnerability	VCID-mhqz-3aw4-qfcr

vulnerability	VCID-mmsh-dxa8-xqhg

vulnerability	VCID-mn11-s233-xycs

vulnerability	VCID-mpqq-wudg-jbbc

vulnerability	VCID-mr24-6aas-sybn

vulnerability	VCID-na4w-y2b6-bqg5

vulnerability	VCID-nfws-dgab-euh5

vulnerability	VCID-nkck-45s4-uqdg

vulnerability	VCID-p59n-33jf-mfag

vulnerability	VCID-pk1h-2p95-y7dj

vulnerability	VCID-q2mh-7zc6-3fgg

vulnerability	VCID-rgf5-469p-3yb6

vulnerability	VCID-rt9h-zyku-rye3

vulnerability	VCID-sbyy-fg58-jfeh

vulnerability	VCID-t1xr-3yfm-83hb

vulnerability	VCID-t3p1-ygpr-h7bw

vulnerability	VCID-t4tg-xx63-hfeu

vulnerability	VCID-u7nm-vqu5-pkaw

vulnerability	VCID-ur8z-srmt-17au

vulnerability	VCID-urab-49u6-jyha

vulnerability	VCID-v76s-gmp4-qucp

vulnerability	VCID-ve84-7ux8-8ff6

vulnerability	VCID-vg9v-rpvu-gkh4

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.1

url	pkg:pypi/ansible-vault@1.0.5
purl	pkg:pypi/ansible-vault@1.0.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/ansible-vault@1.0.5

Affected_packages

url pkg:pypi/ansible@1.0

purl pkg:pypi/ansible@1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ggg-7w5s-r3g2

vulnerability	VCID-1u93-v71q-pbht

vulnerability	VCID-2atd-9e9a-vbgk

vulnerability	VCID-2ggn-yasq-5qg6

vulnerability	VCID-2mn4-wz9d-b7cu

vulnerability	VCID-2s19-y5sg-uyd7

vulnerability	VCID-3d73-q2yz-sqg7

vulnerability	VCID-5vvq-8gqh-cug2

vulnerability	VCID-6c93-cjxv-tqha

vulnerability	VCID-6fs2-bzr8-uyfx

vulnerability	VCID-6vx2-ergh-3fb5

vulnerability	VCID-74mp-e5z4-tbfe

vulnerability	VCID-7hmy-p927-akff

vulnerability	VCID-7qe9-zztp-2qcg

vulnerability	VCID-7ue1-2wu6-6kac

vulnerability	VCID-9cqv-1b34-6qeu

vulnerability	VCID-9hkf-5qv5-8kfc

vulnerability	VCID-9w4h-jq9s-g7a9

vulnerability	VCID-admn-xypq-dfd3

vulnerability	VCID-c6xz-7sbm-bkgg

vulnerability	VCID-cu9y-y9js-sfgs

vulnerability	VCID-e6k3-dnkn-uyc9

vulnerability	VCID-gehx-djwb-hyeu

vulnerability	VCID-gn4t-xdvs-bfa5

vulnerability	VCID-gqjp-g6rq-ufe4

vulnerability	VCID-hdq4-sau3-t3b7

vulnerability	VCID-hjab-3x7e-dugv

vulnerability	VCID-htd4-k6p6-7qhn

vulnerability	VCID-j7b4-vb5m-gqea

vulnerability	VCID-jk54-fyfx-jyd9

vulnerability	VCID-k1y6-9tte-17b1

vulnerability	VCID-kvx2-33ke-vfft

vulnerability	VCID-me3g-thr4-qbhc

vulnerability	VCID-mhqz-3aw4-qfcr

vulnerability	VCID-mmsh-dxa8-xqhg

vulnerability	VCID-mn11-s233-xycs

vulnerability	VCID-mpqq-wudg-jbbc

vulnerability	VCID-mr24-6aas-sybn

vulnerability	VCID-na4w-y2b6-bqg5

vulnerability	VCID-nfws-dgab-euh5

vulnerability	VCID-nkck-45s4-uqdg

vulnerability	VCID-p59n-33jf-mfag

vulnerability	VCID-pk1h-2p95-y7dj

vulnerability	VCID-q2mh-7zc6-3fgg

vulnerability	VCID-rgf5-469p-3yb6

vulnerability	VCID-rt9h-zyku-rye3

vulnerability	VCID-sbyy-fg58-jfeh

vulnerability	VCID-t1xr-3yfm-83hb

vulnerability	VCID-t3p1-ygpr-h7bw

vulnerability	VCID-t4tg-xx63-hfeu

vulnerability	VCID-u7nm-vqu5-pkaw

vulnerability	VCID-ur8z-srmt-17au

vulnerability	VCID-urab-49u6-jyha

vulnerability	VCID-v76s-gmp4-qucp

vulnerability	VCID-ve84-7ux8-8ff6

vulnerability	VCID-vg9v-rpvu-gkh4

vulnerability	VCID-yk4c-9hbr-13dz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@1.0

url pkg:pypi/ansible-vault@1.0.0

purl pkg:pypi/ansible-vault@1.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-yk4c-9hbr-13dz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible-vault@1.0.0

url pkg:pypi/ansible-vault@1.0.1

purl pkg:pypi/ansible-vault@1.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-yk4c-9hbr-13dz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible-vault@1.0.1

url pkg:pypi/ansible-vault@1.0.2

purl pkg:pypi/ansible-vault@1.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-yk4c-9hbr-13dz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible-vault@1.0.2

url pkg:pypi/ansible-vault@1.0.3

purl pkg:pypi/ansible-vault@1.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-yk4c-9hbr-13dz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible-vault@1.0.3

url pkg:pypi/ansible-vault@1.0.4

purl pkg:pypi/ansible-vault@1.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-yk4c-9hbr-13dz

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible-vault@1.0.4

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-2809

reference_id

reference_type

scores

value	0.00465
scoring_system	epss
scoring_elements	0.64817
published_at	2026-06-11T12:55:00Z

value	0.00465
scoring_system	epss
scoring_elements	0.64926
published_at	2026-06-14T12:55:00Z

value	0.00465
scoring_system	epss
scoring_elements	0.6493
published_at	2026-06-13T12:55:00Z

value	0.00465
scoring_system	epss
scoring_elements	0.64917
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-2809

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/ansible-vault/PYSEC-2017-5.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/ansible-vault/PYSEC-2017-5.yaml

reference_url

https://github.com/tomoh1r/ansible-vault

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/tomoh1r/ansible-vault

reference_url

https://github.com/tomoh1r/ansible-vault/blob/v1.0.5/CHANGES.txt

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/tomoh1r/ansible-vault/blob/v1.0.5/CHANGES.txt

reference_url

https://github.com/tomoh1r/ansible-vault/commit/3f8f659ef443ab870bb19f95d43543470168ae04

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/tomoh1r/ansible-vault/commit/3f8f659ef443ab870bb19f95d43543470168ae04

reference_url

https://github.com/tomoh1r/ansible-vault/issues/4

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/tomoh1r/ansible-vault/issues/4

reference_url

https://web.archive.org/web/20171206173637/http://www.securityfocus.com/bid/100824

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20171206173637/http://www.securityfocus.com/bid/100824

reference_url

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0305

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0305

reference_url	http://www.securityfocus.com/bid/100824
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/100824

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-2809

reference_id

CVE-2017-2809

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-2809

reference_url

https://github.com/advisories/GHSA-c2w9-48qc-qpj4

reference_id

GHSA-c2w9-48qc-qpj4

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-c2w9-48qc-qpj4

Weaknesses

cwe_id	94
name	Improper Control of Generation of Code ('Code Injection')
description	The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	78
name	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
description	The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yk4c-9hbr-13dz

Vulnerability Instance