Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-63fa-a4pr-wqh3
SummaryOpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri (e.g., rss:///../job.cache), letting a remote IPP client write RSS XML bytes outside CacheDir/rss (anywhere that is lp-writable). In particular, because CacheDir is group-writable by default (typically root:lp and mode 0770), the notifier (running as lp) can replace root-managed state files via temp-file + rename(). This PoC clobbers CacheDir/job.cache with RSS XML, and after restarting cupsd the scheduler fails to parse the job cache and previously queued jobs disappear. At time of publication, there are no publicly available patches.
Aliases
0
alias CVE-2026-34978
Fixed_packages
0
url pkg:deb/debian/cups@2.4.17-1
purl pkg:deb/debian/cups@2.4.17-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1
1
url pkg:deb/debian/cups@2.4.17-1?distro=trixie
purl pkg:deb/debian/cups@2.4.17-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1%3Fdistro=trixie
Affected_packages
0
url pkg:deb/debian/cups@2.3.3op2-3%2Bdeb11u8
purl pkg:deb/debian/cups@2.3.3op2-3%2Bdeb11u8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3etj-2m21-ffa1
1
vulnerability VCID-63fa-a4pr-wqh3
2
vulnerability VCID-993k-m3sq-gufu
3
vulnerability VCID-am36-6m5v-fkba
4
vulnerability VCID-b1yf-xuc1-ykak
5
vulnerability VCID-dx89-e1nn-w7gz
6
vulnerability VCID-hc4t-becn-rkcc
7
vulnerability VCID-jy1y-e1nk-p3b4
8
vulnerability VCID-ry9y-z4e4-yfdh
9
vulnerability VCID-vgtp-sjtt-73e9
10
vulnerability VCID-wr17-e776-bqh1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.3.3op2-3%252Bdeb11u8
1
url pkg:deb/debian/cups@2.3.3op2-3%2Bdeb11u8?distro=trixie
purl pkg:deb/debian/cups@2.3.3op2-3%2Bdeb11u8?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-63fa-a4pr-wqh3
1
vulnerability VCID-b1yf-xuc1-ykak
2
vulnerability VCID-dx89-e1nn-w7gz
3
vulnerability VCID-hc4t-becn-rkcc
4
vulnerability VCID-jy1y-e1nk-p3b4
5
vulnerability VCID-r1q4-2dq2-33ca
6
vulnerability VCID-ry9y-z4e4-yfdh
7
vulnerability VCID-vgtp-sjtt-73e9
8
vulnerability VCID-wr17-e776-bqh1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.3.3op2-3%252Bdeb11u8%3Fdistro=trixie
2
url pkg:deb/debian/cups@2.4.2-3%2Bdeb12u9
purl pkg:deb/debian/cups@2.4.2-3%2Bdeb12u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-63fa-a4pr-wqh3
1
vulnerability VCID-b1yf-xuc1-ykak
2
vulnerability VCID-dx89-e1nn-w7gz
3
vulnerability VCID-hc4t-becn-rkcc
4
vulnerability VCID-jy1y-e1nk-p3b4
5
vulnerability VCID-ry9y-z4e4-yfdh
6
vulnerability VCID-vgtp-sjtt-73e9
7
vulnerability VCID-wr17-e776-bqh1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.2-3%252Bdeb12u9
3
url pkg:deb/debian/cups@2.4.2-3%2Bdeb12u9?distro=trixie
purl pkg:deb/debian/cups@2.4.2-3%2Bdeb12u9?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-63fa-a4pr-wqh3
1
vulnerability VCID-b1yf-xuc1-ykak
2
vulnerability VCID-dx89-e1nn-w7gz
3
vulnerability VCID-hc4t-becn-rkcc
4
vulnerability VCID-jy1y-e1nk-p3b4
5
vulnerability VCID-r1q4-2dq2-33ca
6
vulnerability VCID-ry9y-z4e4-yfdh
7
vulnerability VCID-vgtp-sjtt-73e9
8
vulnerability VCID-wr17-e776-bqh1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.2-3%252Bdeb12u9%3Fdistro=trixie
4
url pkg:deb/debian/cups@2.4.10-3%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/cups@2.4.10-3%2Bdeb13u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-63fa-a4pr-wqh3
1
vulnerability VCID-b1yf-xuc1-ykak
2
vulnerability VCID-dx89-e1nn-w7gz
3
vulnerability VCID-hc4t-becn-rkcc
4
vulnerability VCID-jy1y-e1nk-p3b4
5
vulnerability VCID-r1q4-2dq2-33ca
6
vulnerability VCID-ry9y-z4e4-yfdh
7
vulnerability VCID-vgtp-sjtt-73e9
8
vulnerability VCID-wr17-e776-bqh1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.10-3%252Bdeb13u2%3Fdistro=trixie
5
url pkg:deb/debian/cups@2.4.10-3%2Bdeb13u2
purl pkg:deb/debian/cups@2.4.10-3%2Bdeb13u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-63fa-a4pr-wqh3
1
vulnerability VCID-b1yf-xuc1-ykak
2
vulnerability VCID-dx89-e1nn-w7gz
3
vulnerability VCID-hc4t-becn-rkcc
4
vulnerability VCID-jy1y-e1nk-p3b4
5
vulnerability VCID-ry9y-z4e4-yfdh
6
vulnerability VCID-vgtp-sjtt-73e9
7
vulnerability VCID-wr17-e776-bqh1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.10-3%252Bdeb13u2
6
url pkg:deb/debian/cups@2.4.16-1?distro=trixie
purl pkg:deb/debian/cups@2.4.16-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-63fa-a4pr-wqh3
1
vulnerability VCID-b1yf-xuc1-ykak
2
vulnerability VCID-dx89-e1nn-w7gz
3
vulnerability VCID-hc4t-becn-rkcc
4
vulnerability VCID-r1q4-2dq2-33ca
5
vulnerability VCID-ry9y-z4e4-yfdh
6
vulnerability VCID-vgtp-sjtt-73e9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.16-1%3Fdistro=trixie
7
url pkg:deb/debian/cups@2.4.16-1
purl pkg:deb/debian/cups@2.4.16-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-63fa-a4pr-wqh3
1
vulnerability VCID-b1yf-xuc1-ykak
2
vulnerability VCID-dx89-e1nn-w7gz
3
vulnerability VCID-hc4t-becn-rkcc
4
vulnerability VCID-ry9y-z4e4-yfdh
5
vulnerability VCID-vgtp-sjtt-73e9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.16-1
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34978.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34978.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34978
reference_id
reference_type
scores
0
value 0.00058
scoring_system epss
scoring_elements 0.18102
published_at 2026-04-08T12:55:00Z
1
value 0.00058
scoring_system epss
scoring_elements 0.18317
published_at 2026-04-04T12:55:00Z
2
value 0.00058
scoring_system epss
scoring_elements 0.18019
published_at 2026-04-07T12:55:00Z
3
value 0.00076
scoring_system epss
scoring_elements 0.22733
published_at 2026-04-18T12:55:00Z
4
value 0.00076
scoring_system epss
scoring_elements 0.22822
published_at 2026-04-12T12:55:00Z
5
value 0.00076
scoring_system epss
scoring_elements 0.22765
published_at 2026-04-13T12:55:00Z
6
value 0.00076
scoring_system epss
scoring_elements 0.2278
published_at 2026-04-16T12:55:00Z
7
value 0.00076
scoring_system epss
scoring_elements 0.22838
published_at 2026-04-09T12:55:00Z
8
value 0.00076
scoring_system epss
scoring_elements 0.22859
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34978
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34978
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34978
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716
reference_id 1132716
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454957
reference_id 2454957
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454957
6
reference_url https://github.com/OpenPrinting/cups/security/advisories/GHSA-f53q-7mxp-9gcr
reference_id GHSA-f53q-7mxp-9gcr
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:39:23Z/
url https://github.com/OpenPrinting/cups/security/advisories/GHSA-f53q-7mxp-9gcr
Weaknesses
0
cwe_id 22
name Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
description The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Exploits
Severity_range_score6.5 - 6.5
Exploitability0.5
Weighted_severity5.9
Risk_score3.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-63fa-a4pr-wqh3