Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-2yaw-hhv6-fygg
SummaryDjango 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission.
Aliases
0
alias CVE-2016-2048
1
alias PYSEC-2016-14
Fixed_packages
0
url pkg:pypi/django@1.9.2
purl pkg:pypi/django@1.9.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kza-a88p-kfg7
1
vulnerability VCID-6wah-r8vr-5qc4
2
vulnerability VCID-8gus-er59-1qak
3
vulnerability VCID-9mpt-zxaw-kkeg
4
vulnerability VCID-ksh8-pazn-dbca
5
vulnerability VCID-qy2a-mvpz-q7eh
6
vulnerability VCID-rruq-9scz-vbg8
7
vulnerability VCID-upbz-vg19-rugv
8
vulnerability VCID-vdpf-jddk-syda
9
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.2
Affected_packages
0
url pkg:pypi/django@1.9
purl pkg:pypi/django@1.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yaw-hhv6-fygg
1
vulnerability VCID-3kza-a88p-kfg7
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-8gus-er59-1qak
4
vulnerability VCID-9mpt-zxaw-kkeg
5
vulnerability VCID-ksh8-pazn-dbca
6
vulnerability VCID-qy2a-mvpz-q7eh
7
vulnerability VCID-rruq-9scz-vbg8
8
vulnerability VCID-upbz-vg19-rugv
9
vulnerability VCID-vdpf-jddk-syda
10
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9
1
url pkg:pypi/django@1.9.1
purl pkg:pypi/django@1.9.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yaw-hhv6-fygg
1
vulnerability VCID-3kza-a88p-kfg7
2
vulnerability VCID-6wah-r8vr-5qc4
3
vulnerability VCID-8gus-er59-1qak
4
vulnerability VCID-9mpt-zxaw-kkeg
5
vulnerability VCID-ksh8-pazn-dbca
6
vulnerability VCID-qy2a-mvpz-q7eh
7
vulnerability VCID-rruq-9scz-vbg8
8
vulnerability VCID-upbz-vg19-rugv
9
vulnerability VCID-vdpf-jddk-syda
10
vulnerability VCID-weqb-fxu4-17e7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.9.1
References
0
reference_url https://www.djangoproject.com/weblog/2016/feb/01/releases-192-and-189/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2016/feb/01/releases-192-and-189/
1
reference_url http://www.securityfocus.com/bid/82329
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/82329
2
reference_url http://www.securitytracker.com/id/1034894
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1034894
Weaknesses
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-2yaw-hhv6-fygg