Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-nv7k-zxyu-e3fz

Summary The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter.

Aliases

alias	CVE-2015-5303

alias	GHSA-m94p-8942-pm49

alias	PYSEC-2016-35

Fixed_packages

url pkg:pypi/tripleo-heat-templates@0.8.9

purl pkg:pypi/tripleo-heat-templates@0.8.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vxt7-kug2-nkbh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.8.9

url pkg:pypi/tripleo-heat-templates@0.8.10

purl pkg:pypi/tripleo-heat-templates@0.8.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vxt7-kug2-nkbh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.8.10

Affected_packages

url pkg:pypi/tripleo-heat-templates@0.5.6

purl pkg:pypi/tripleo-heat-templates@0.5.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nv7k-zxyu-e3fz

vulnerability	VCID-p48m-hmsy-n3d3

vulnerability	VCID-vxt7-kug2-nkbh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.5.6

url pkg:pypi/tripleo-heat-templates@0.6.0

purl pkg:pypi/tripleo-heat-templates@0.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nv7k-zxyu-e3fz

vulnerability	VCID-p48m-hmsy-n3d3

vulnerability	VCID-vxt7-kug2-nkbh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.6.0

url pkg:pypi/tripleo-heat-templates@0.6.1

purl pkg:pypi/tripleo-heat-templates@0.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nv7k-zxyu-e3fz

vulnerability	VCID-p48m-hmsy-n3d3

vulnerability	VCID-vxt7-kug2-nkbh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.6.1

url pkg:pypi/tripleo-heat-templates@0.6.2

purl pkg:pypi/tripleo-heat-templates@0.6.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nv7k-zxyu-e3fz

vulnerability	VCID-p48m-hmsy-n3d3

vulnerability	VCID-vxt7-kug2-nkbh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.6.2

url pkg:pypi/tripleo-heat-templates@0.6.3

purl pkg:pypi/tripleo-heat-templates@0.6.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nv7k-zxyu-e3fz

vulnerability	VCID-p48m-hmsy-n3d3

vulnerability	VCID-vxt7-kug2-nkbh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.6.3

url pkg:pypi/tripleo-heat-templates@0.6.4

purl pkg:pypi/tripleo-heat-templates@0.6.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nv7k-zxyu-e3fz

vulnerability	VCID-p48m-hmsy-n3d3

vulnerability	VCID-vxt7-kug2-nkbh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.6.4

url pkg:pypi/tripleo-heat-templates@0.7.0

purl pkg:pypi/tripleo-heat-templates@0.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nv7k-zxyu-e3fz

vulnerability	VCID-p48m-hmsy-n3d3

vulnerability	VCID-vxt7-kug2-nkbh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.7.0

url pkg:pypi/tripleo-heat-templates@0.7.1

purl pkg:pypi/tripleo-heat-templates@0.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nv7k-zxyu-e3fz

vulnerability	VCID-p48m-hmsy-n3d3

vulnerability	VCID-vxt7-kug2-nkbh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.7.1

url pkg:pypi/tripleo-heat-templates@0.7.2

purl pkg:pypi/tripleo-heat-templates@0.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nv7k-zxyu-e3fz

vulnerability	VCID-p48m-hmsy-n3d3

vulnerability	VCID-vxt7-kug2-nkbh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.7.2

url pkg:pypi/tripleo-heat-templates@0.7.3

purl pkg:pypi/tripleo-heat-templates@0.7.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nv7k-zxyu-e3fz

vulnerability	VCID-p48m-hmsy-n3d3

vulnerability	VCID-vxt7-kug2-nkbh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.7.3

url pkg:pypi/tripleo-heat-templates@0.7.4

purl pkg:pypi/tripleo-heat-templates@0.7.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nv7k-zxyu-e3fz

vulnerability	VCID-p48m-hmsy-n3d3

vulnerability	VCID-vxt7-kug2-nkbh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.7.4

url pkg:pypi/tripleo-heat-templates@0.7.5

purl pkg:pypi/tripleo-heat-templates@0.7.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nv7k-zxyu-e3fz

vulnerability	VCID-p48m-hmsy-n3d3

vulnerability	VCID-vxt7-kug2-nkbh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.7.5

url pkg:pypi/tripleo-heat-templates@0.7.6

purl pkg:pypi/tripleo-heat-templates@0.7.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nv7k-zxyu-e3fz

vulnerability	VCID-p48m-hmsy-n3d3

vulnerability	VCID-vxt7-kug2-nkbh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.7.6

url pkg:pypi/tripleo-heat-templates@0.7.7

purl pkg:pypi/tripleo-heat-templates@0.7.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nv7k-zxyu-e3fz

vulnerability	VCID-p48m-hmsy-n3d3

vulnerability	VCID-vxt7-kug2-nkbh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.7.7

url pkg:pypi/tripleo-heat-templates@0.7.8

purl pkg:pypi/tripleo-heat-templates@0.7.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nv7k-zxyu-e3fz

vulnerability	VCID-p48m-hmsy-n3d3

vulnerability	VCID-vxt7-kug2-nkbh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.7.8

url pkg:pypi/tripleo-heat-templates@0.7.9

purl pkg:pypi/tripleo-heat-templates@0.7.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nv7k-zxyu-e3fz

vulnerability	VCID-p48m-hmsy-n3d3

vulnerability	VCID-vxt7-kug2-nkbh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.7.9

url pkg:pypi/tripleo-heat-templates@0.8.0

purl pkg:pypi/tripleo-heat-templates@0.8.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nv7k-zxyu-e3fz

vulnerability	VCID-p48m-hmsy-n3d3

vulnerability	VCID-vxt7-kug2-nkbh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.8.0

url pkg:pypi/tripleo-heat-templates@0.8.1

purl pkg:pypi/tripleo-heat-templates@0.8.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nv7k-zxyu-e3fz

vulnerability	VCID-p48m-hmsy-n3d3

vulnerability	VCID-vxt7-kug2-nkbh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.8.1

url pkg:pypi/tripleo-heat-templates@0.8.2

purl pkg:pypi/tripleo-heat-templates@0.8.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nv7k-zxyu-e3fz

vulnerability	VCID-p48m-hmsy-n3d3

vulnerability	VCID-vxt7-kug2-nkbh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.8.2

url pkg:pypi/tripleo-heat-templates@0.8.3

purl pkg:pypi/tripleo-heat-templates@0.8.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nv7k-zxyu-e3fz

vulnerability	VCID-p48m-hmsy-n3d3

vulnerability	VCID-vxt7-kug2-nkbh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.8.3

url pkg:pypi/tripleo-heat-templates@0.8.4

purl pkg:pypi/tripleo-heat-templates@0.8.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nv7k-zxyu-e3fz

vulnerability	VCID-p48m-hmsy-n3d3

vulnerability	VCID-vxt7-kug2-nkbh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.8.4

url pkg:pypi/tripleo-heat-templates@0.8.5

purl pkg:pypi/tripleo-heat-templates@0.8.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nv7k-zxyu-e3fz

vulnerability	VCID-p48m-hmsy-n3d3

vulnerability	VCID-vxt7-kug2-nkbh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.8.5

url pkg:pypi/tripleo-heat-templates@0.8.6

purl pkg:pypi/tripleo-heat-templates@0.8.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nv7k-zxyu-e3fz

vulnerability	VCID-p48m-hmsy-n3d3

vulnerability	VCID-vxt7-kug2-nkbh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.8.6

url pkg:pypi/tripleo-heat-templates@0.8.7

purl pkg:pypi/tripleo-heat-templates@0.8.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nv7k-zxyu-e3fz

vulnerability	VCID-vxt7-kug2-nkbh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.8.7

url pkg:pypi/tripleo-heat-templates@0.8.8

purl pkg:pypi/tripleo-heat-templates@0.8.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nv7k-zxyu-e3fz

vulnerability	VCID-vxt7-kug2-nkbh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.8.8

References

reference_url	https://access.redhat.com/errata/RHSA-2015:2650
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2650

reference_url	https://bugs.launchpad.net/tripleo/+bug/1516027
reference_id
reference_type
scores
url	https://bugs.launchpad.net/tripleo/+bug/1516027

reference_url	https://github.com/openstack/tripleo-heat-templates
reference_id
reference_type
scores
url	https://github.com/openstack/tripleo-heat-templates

reference_url	https://github.com/openstack/tripleo-heat-templates/commit/1a0c7d97165c1b38dc9f78b82ac6ec8519fcf80c
reference_id
reference_type
scores
url	https://github.com/openstack/tripleo-heat-templates/commit/1a0c7d97165c1b38dc9f78b82ac6ec8519fcf80c

reference_url	https://github.com/openstack/tripleo-heat-templates/commit/293f19b2a41386e1eea47a9e6add24b006c69c42
reference_id
reference_type
scores
url	https://github.com/openstack/tripleo-heat-templates/commit/293f19b2a41386e1eea47a9e6add24b006c69c42

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/tripleo-heat-templates/PYSEC-2016-35.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/tripleo-heat-templates/PYSEC-2016-35.yaml

reference_url	https://opendev.org/openstack/tripleo-heat-templates/commit/1a0c7d97165c1b38dc9f78b82ac6ec8519fcf80c
reference_id
reference_type
scores
url	https://opendev.org/openstack/tripleo-heat-templates/commit/1a0c7d97165c1b38dc9f78b82ac6ec8519fcf80c

reference_url	https://opendev.org/openstack/tripleo-heat-templates/commit/293f19b2a41386e1eea47a9e6add24b006c69c42
reference_id
reference_type
scores
url	https://opendev.org/openstack/tripleo-heat-templates/commit/293f19b2a41386e1eea47a9e6add24b006c69c42

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2015-5303
reference_id	CVE-2015-5303
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2015-5303

reference_url	https://github.com/advisories/GHSA-m94p-8942-pm49
reference_id	GHSA-m94p-8942-pm49
reference_type
scores
url	https://github.com/advisories/GHSA-m94p-8942-pm49

Weaknesses

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nv7k-zxyu-e3fz

Vulnerability Instance