Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-b1hu-326y-gbdm

Summary

Aliases

alias	CVE-2024-35255

alias	GHSA-m5vv-6r4h-3vj9

Fixed_packages

url	pkg:maven/com.azure/azure-identity@1.12.2
purl	pkg:maven/com.azure/azure-identity@1.12.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.azure/azure-identity@1.12.2

url	pkg:maven/com.microsoft.azure/msal4j@1.15.1
purl	pkg:maven/com.microsoft.azure/msal4j@1.15.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.microsoft.azure/msal4j@1.15.1

url	pkg:npm/%40azure/identity@4.2.1
purl	pkg:npm/%40azure/identity@4.2.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/%2540azure/identity@4.2.1

url	pkg:npm/%40azure/msal-node@2.9.2
purl	pkg:npm/%40azure/msal-node@2.9.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/%2540azure/msal-node@2.9.2

url	pkg:nuget/Azure.Identity@1.11.4
purl	pkg:nuget/Azure.Identity@1.11.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Azure.Identity@1.11.4

url	pkg:nuget/Microsoft.Identity.Client@4.60.4
purl	pkg:nuget/Microsoft.Identity.Client@4.60.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.Identity.Client@4.60.4

url	pkg:nuget/Microsoft.Identity.Client@4.61.3
purl	pkg:nuget/Microsoft.Identity.Client@4.61.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.Identity.Client@4.61.3

url	pkg:pypi/azure-identity@1.16.1
purl	pkg:pypi/azure-identity@1.16.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/azure-identity@1.16.1

Affected_packages

url pkg:maven/com.microsoft.azure/msal4j@1.14.4-beta

purl pkg:maven/com.microsoft.azure/msal4j@1.14.4-beta

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b1hu-326y-gbdm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.microsoft.azure/msal4j@1.14.4-beta

url pkg:npm/%40azure/msal-node@2.7.0

purl pkg:npm/%40azure/msal-node@2.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b1hu-326y-gbdm

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540azure/msal-node@2.7.0

url pkg:nuget/Microsoft.Identity.Client@4.49.1

purl pkg:nuget/Microsoft.Identity.Client@4.49.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b1hu-326y-gbdm

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.Identity.Client@4.49.1

url pkg:nuget/Microsoft.Identity.Client@4.61.0

purl pkg:nuget/Microsoft.Identity.Client@4.61.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b1hu-326y-gbdm

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.Identity.Client@4.61.0

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35255.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35255.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-35255

reference_id

reference_type

scores

value	0.00221
scoring_system	epss
scoring_elements	0.44729
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-35255

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4806#issuecomment-2178960340
reference_id
reference_type
scores
url	https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4806#issuecomment-2178960340

reference_url	https://github.com/Azure/azure-sdk-for-go/commit/50774cd9709905523136fb05e8c85a50e8984499
reference_id
reference_type
scores
url	https://github.com/Azure/azure-sdk-for-go/commit/50774cd9709905523136fb05e8c85a50e8984499

reference_url	https://github.com/Azure/azure-sdk-for-java/commit/5bf020d6ea056de40e2738e3647a4e06f902c18d
reference_id
reference_type
scores
url	https://github.com/Azure/azure-sdk-for-java/commit/5bf020d6ea056de40e2738e3647a4e06f902c18d

reference_url	https://github.com/Azure/azure-sdk-for-js/commit/c6aa75d312ae463e744163cedfd8fc480cc8d492
reference_id
reference_type
scores
url	https://github.com/Azure/azure-sdk-for-js/commit/c6aa75d312ae463e744163cedfd8fc480cc8d492

reference_url	https://github.com/Azure/azure-sdk-for-net/commit/9279a4f38bf69b457cfb9b354f210e0a540a5c53
reference_id
reference_type
scores
url	https://github.com/Azure/azure-sdk-for-net/commit/9279a4f38bf69b457cfb9b354f210e0a540a5c53

reference_url	https://github.com/Azure/azure-sdk-for-python/commit/cb065acd7d0f957327dc4f02d1646d4e51a94178
reference_id
reference_type
scores
url	https://github.com/Azure/azure-sdk-for-python/commit/cb065acd7d0f957327dc4f02d1646d4e51a94178

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2295081
reference_id	2295081
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2295081

reference_url	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35255
reference_id	CVE-2024-35255
reference_type
scores
url	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35255

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2024-35255
reference_id	CVE-2024-35255
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2024-35255

reference_url

https://github.com/advisories/GHSA-m5vv-6r4h-3vj9

reference_id

GHSA-m5vv-6r4h-3vj9

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m5vv-6r4h-3vj9

reference_url	https://access.redhat.com/errata/RHSA-2024:7052
reference_id	RHSA-2024:7052
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:7052

reference_url	https://access.redhat.com/errata/RHSA-2025:0536
reference_id	RHSA-2025:0536
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0536

Weaknesses

cwe_id	362
name	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
description	The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b1hu-326y-gbdm

Vulnerability Instance