Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-4j15-2ffe-cuh9
Summary
Aliases
0
alias CVE-2024-37901
1
alias GHSA-h63h-5c77-77p5
Fixed_packages
0
url pkg:maven/org.xwiki.platform/xwiki-platform-search-ui@14.10.21
purl pkg:maven/org.xwiki.platform/xwiki-platform-search-ui@14.10.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-search-ui@14.10.21
1
url pkg:maven/org.xwiki.platform/xwiki-platform-search-ui@15.5.5
purl pkg:maven/org.xwiki.platform/xwiki-platform-search-ui@15.5.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-search-ui@15.5.5
2
url pkg:maven/org.xwiki.platform/xwiki-platform-search-ui@15.10.2
purl pkg:maven/org.xwiki.platform/xwiki-platform-search-ui@15.10.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-search-ui@15.10.2
Affected_packages
0
url pkg:maven/org.xwiki.platform/xwiki-platform-search-ui@9.2-rc-1
purl pkg:maven/org.xwiki.platform/xwiki-platform-search-ui@9.2-rc-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4j15-2ffe-cuh9
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-search-ui@9.2-rc-1
1
url pkg:maven/org.xwiki.platform/xwiki-platform-search-ui@15.0-rc-1
purl pkg:maven/org.xwiki.platform/xwiki-platform-search-ui@15.0-rc-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4j15-2ffe-cuh9
1
vulnerability VCID-au3r-n36j-wkeb
2
vulnerability VCID-dv6y-9uuj-67a4
3
vulnerability VCID-j7hm-1eg7-53e2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-search-ui@15.0-rc-1
2
url pkg:maven/org.xwiki.platform/xwiki-platform-search-ui@15.6-rc-1
purl pkg:maven/org.xwiki.platform/xwiki-platform-search-ui@15.6-rc-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4j15-2ffe-cuh9
1
vulnerability VCID-au3r-n36j-wkeb
2
vulnerability VCID-dv6y-9uuj-67a4
3
vulnerability VCID-j7hm-1eg7-53e2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-search-ui@15.6-rc-1
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-37901
reference_id
reference_type
scores
0
value 0.09745
scoring_system epss
scoring_elements 0.93074
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-37901
1
reference_url https://github.com/xwiki/xwiki-platform
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/xwiki/xwiki-platform
2
reference_url https://github.com/xwiki/xwiki-platform/commit/0b135760514fef73db748986a3311f3edd4a553b
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/xwiki/xwiki-platform/commit/0b135760514fef73db748986a3311f3edd4a553b
3
reference_url https://github.com/xwiki/xwiki-platform/commit/742cd4591642be4cdcaf68325f17540e0934e64e
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/xwiki/xwiki-platform/commit/742cd4591642be4cdcaf68325f17540e0934e64e
4
reference_url https://github.com/xwiki/xwiki-platform/commit/9ce3e0319869b6d8131fc4e0909736f7041566a4
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/xwiki/xwiki-platform/commit/9ce3e0319869b6d8131fc4e0909736f7041566a4
5
reference_url https://github.com/xwiki/xwiki-platform/commit/bbde8a4f564e3c28839440076334a9093e2b4834
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/xwiki/xwiki-platform/commit/bbde8a4f564e3c28839440076334a9093e2b4834
6
reference_url https://jira.xwiki.org/browse/XWIKI-21473
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://jira.xwiki.org/browse/XWIKI-21473
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-37901
reference_id CVE-2024-37901
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-37901
8
reference_url https://github.com/advisories/GHSA-h63h-5c77-77p5
reference_id GHSA-h63h-5c77-77p5
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h63h-5c77-77p5
9
reference_url https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h63h-5c77-77p5
reference_id GHSA-h63h-5c77-77p5
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h63h-5c77-77p5
Weaknesses
0
cwe_id 94
name Improper Control of Generation of Code ('Code Injection')
description The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
1
cwe_id 95
name Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
description The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. eval).
2
cwe_id 862
name Missing Authorization
description The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Exploits
Severity_range_score9.0 - 10.0
Exploitability0.5
Weighted_severity9.0
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-4j15-2ffe-cuh9