Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-366w-42za-1qb1
Summary
Security researcher Juan Pablo Lopez Yacubian
reported that an attacker could call window.open() on an
invalid URL which looks similar to a legitimate URL and then
use document.write() to place content within the new
document, appearing to have come from the spoofed location.
Additionally, if the spoofed document was created by a document with a
valid SSL certificate, the SSL indicators would be carried over into
the spoofed document.  An attacker could use these issues to display
misleading location and SSL information for a malicious web page.
Aliases
0
alias CVE-2009-2654
Fixed_packages
0
url pkg:mozilla/Firefox@3.0.13
purl pkg:mozilla/Firefox@3.0.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.13
1
url pkg:mozilla/Firefox@3.5.2
purl pkg:mozilla/Firefox@3.5.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.2
Affected_packages
References
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2654
reference_id CVE-2009-2654
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2654
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2009-44
reference_id mfsa2009-44
reference_type
scores
0
value none
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2009-44
Weaknesses
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-366w-42za-1qb1