Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-2gcp-9sky-3ffp
Summary
Security researcher Mariusz Mlynski reported an issue with
spoofing of the location property. In this issue, writes to
location.hash can be used in concert with scripted history
navigation to cause a specific website to be loaded into the history object. The
baseURI can then be changed to this stored site, allowing an attacker to inject
a script or intercept posted data posted to a location specified with a relative
path.
In general these flaws cannot be exploited through email in the
Thunderbird and SeaMonkey products because scripting is disabled, but are
potentially a risk in browser or browser-like contexts in those products.
Aliases
0
alias CVE-2012-3992
Fixed_packages
0
url pkg:mozilla/Firefox@16.0.0
purl pkg:mozilla/Firefox@16.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@16.0.0
1
url pkg:mozilla/Firefox%20ESR@10.0.8
purl pkg:mozilla/Firefox%20ESR@10.0.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@10.0.8
2
url pkg:mozilla/SeaMonkey@2.13.0
purl pkg:mozilla/SeaMonkey@2.13.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.13.0
3
url pkg:mozilla/Thunderbird@16.0.0
purl pkg:mozilla/Thunderbird@16.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@16.0.0
4
url pkg:mozilla/Thunderbird%20ESR@10.0.8
purl pkg:mozilla/Thunderbird%20ESR@10.0.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird%2520ESR@10.0.8
Affected_packages
References
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3992
reference_id CVE-2012-3992
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3992
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2012-84
reference_id mfsa2012-84
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2012-84
Weaknesses
Exploits
Severity_range_score7.0 - 8.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-2gcp-9sky-3ffp