Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-sbe1-cx8r-aba1
Summary
On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.

If you’re not using Windows or haven’t changed the temporary directory location then you aren’t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.

This issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix “700” for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions.
Aliases
0
alias CVE-2024-4030
Fixed_packages
0
url pkg:deb/debian/python2.7@0?distro=bullseye
purl pkg:deb/debian/python2.7@0?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python2.7@0%3Fdistro=bullseye
1
url pkg:deb/debian/python2.7@2.7.18-8%2Bdeb11u1?distro=bullseye
purl pkg:deb/debian/python2.7@2.7.18-8%2Bdeb11u1?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python2.7@2.7.18-8%252Bdeb11u1%3Fdistro=bullseye
2
url pkg:deb/debian/python3.11@0?distro=bookworm
purl pkg:deb/debian/python3.11@0?distro=bookworm
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.11@0%3Fdistro=bookworm
3
url pkg:deb/debian/python3.11@3.11.2-6%2Bdeb12u6?distro=bookworm
purl pkg:deb/debian/python3.11@3.11.2-6%2Bdeb12u6?distro=bookworm
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.11@3.11.2-6%252Bdeb12u6%3Fdistro=bookworm
4
url pkg:deb/debian/python3.9@0?distro=bullseye
purl pkg:deb/debian/python3.9@0?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@0%3Fdistro=bullseye
5
url pkg:deb/debian/python3.9@3.9.2-1?distro=bullseye
purl pkg:deb/debian/python3.9@3.9.2-1?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@3.9.2-1%3Fdistro=bullseye
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-4030
reference_id
reference_type
scores
0
value 0.00025
scoring_system epss
scoring_elements 0.06846
published_at 2026-04-09T12:55:00Z
1
value 0.00025
scoring_system epss
scoring_elements 0.06916
published_at 2026-04-21T12:55:00Z
2
value 0.00025
scoring_system epss
scoring_elements 0.06772
published_at 2026-04-18T12:55:00Z
3
value 0.00025
scoring_system epss
scoring_elements 0.0678
published_at 2026-04-16T12:55:00Z
4
value 0.00025
scoring_system epss
scoring_elements 0.06723
published_at 2026-04-02T12:55:00Z
5
value 0.00025
scoring_system epss
scoring_elements 0.06838
published_at 2026-04-13T12:55:00Z
6
value 0.00025
scoring_system epss
scoring_elements 0.06844
published_at 2026-04-12T12:55:00Z
7
value 0.00025
scoring_system epss
scoring_elements 0.0685
published_at 2026-04-11T12:55:00Z
8
value 0.00025
scoring_system epss
scoring_elements 0.0677
published_at 2026-04-04T12:55:00Z
9
value 0.00025
scoring_system epss
scoring_elements 0.06756
published_at 2026-04-07T12:55:00Z
10
value 0.00025
scoring_system epss
scoring_elements 0.06808
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-4030
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/python/cpython/issues/118486
reference_id 118486
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/
url https://github.com/python/cpython/issues/118486
3
reference_url https://github.com/python/cpython/commit/35c799d79177b962ddace2fa068101465570a29a
reference_id 35c799d79177b962ddace2fa068101465570a29a
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/
url https://github.com/python/cpython/commit/35c799d79177b962ddace2fa068101465570a29a
4
reference_url https://github.com/python/cpython/commit/5130731c9e779b97d00a24f54cdce73ce9975dfd
reference_id 5130731c9e779b97d00a24f54cdce73ce9975dfd
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/
url https://github.com/python/cpython/commit/5130731c9e779b97d00a24f54cdce73ce9975dfd
5
reference_url https://github.com/python/cpython/commit/66f8bb76a15e64a1bb7688b177ed29e26230fdee
reference_id 66f8bb76a15e64a1bb7688b177ed29e26230fdee
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/
url https://github.com/python/cpython/commit/66f8bb76a15e64a1bb7688b177ed29e26230fdee
6
reference_url https://github.com/python/cpython/commit/6d0850c4c8188035643586ab4d8ec2468abd699e
reference_id 6d0850c4c8188035643586ab4d8ec2468abd699e
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/
url https://github.com/python/cpython/commit/6d0850c4c8188035643586ab4d8ec2468abd699e
7
reference_url https://github.com/python/cpython/commit/81939dad77001556c527485d31a2d0f4a759033e
reference_id 81939dad77001556c527485d31a2d0f4a759033e
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/
url https://github.com/python/cpython/commit/81939dad77001556c527485d31a2d0f4a759033e
8
reference_url https://github.com/python/cpython/commit/8ed546679524140d8282175411fd141fe7df070d
reference_id 8ed546679524140d8282175411fd141fe7df070d
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/
url https://github.com/python/cpython/commit/8ed546679524140d8282175411fd141fe7df070d
9
reference_url https://github.com/python/cpython/commit/91e3669e01245185569d09e9e6e11641282971ee
reference_id 91e3669e01245185569d09e9e6e11641282971ee
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/
url https://github.com/python/cpython/commit/91e3669e01245185569d09e9e6e11641282971ee
10
reference_url https://github.com/python/cpython/commit/94591dca510c796c7d40e9b4167ea56f2fdf28ca
reference_id 94591dca510c796c7d40e9b4167ea56f2fdf28ca
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/
url https://github.com/python/cpython/commit/94591dca510c796c7d40e9b4167ea56f2fdf28ca
11
reference_url https://github.com/python/cpython/commit/c8f868dc52f98011d0f9b459b6487920bfb0ac4d
reference_id c8f868dc52f98011d0f9b459b6487920bfb0ac4d
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/
url https://github.com/python/cpython/commit/c8f868dc52f98011d0f9b459b6487920bfb0ac4d
12
reference_url https://github.com/python/cpython/commit/d86b49411753bf2c83291e3a14ae43fefded2f84
reference_id d86b49411753bf2c83291e3a14ae43fefded2f84
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/
url https://github.com/python/cpython/commit/d86b49411753bf2c83291e3a14ae43fefded2f84
13
reference_url https://github.com/python/cpython/commit/e1dfa978b1ad210d551385ad8073ec6154f53763
reference_id e1dfa978b1ad210d551385ad8073ec6154f53763
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/
url https://github.com/python/cpython/commit/e1dfa978b1ad210d551385ad8073ec6154f53763
14
reference_url https://github.com/python/cpython/commit/eb29e2f5905da93333d1ce78bc98b151e763ff46
reference_id eb29e2f5905da93333d1ce78bc98b151e763ff46
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/
url https://github.com/python/cpython/commit/eb29e2f5905da93333d1ce78bc98b151e763ff46
15
reference_url https://security.netapp.com/advisory/ntap-20240705-0005/
reference_id ntap-20240705-0005
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/
url https://security.netapp.com/advisory/ntap-20240705-0005/
16
reference_url https://mail.python.org/archives/list/security-announce@python.org/thread/PRGS5OR3N3PNPT4BMV2VAGN5GMUI5636/
reference_id PRGS5OR3N3PNPT4BMV2VAGN5GMUI5636
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/
url https://mail.python.org/archives/list/security-announce@python.org/thread/PRGS5OR3N3PNPT4BMV2VAGN5GMUI5636/
Weaknesses
0
cwe_id 276
name Incorrect Default Permissions
description During installation, installed file permissions are set to allow anyone to modify those files.
Exploits
Severity_range_score4.4 - 7.1
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-sbe1-cx8r-aba1