Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-b9ra-7vku-kuhu
Summary
Aliases
0
alias CVE-2026-34479
1
alias GHSA-h383-gmxw-35v2
Fixed_packages
0
url pkg:deb/debian/apache-log4j1.2@0?distro=trixie
purl pkg:deb/debian/apache-log4j1.2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache-log4j1.2@0%3Fdistro=trixie
1
url pkg:deb/debian/apache-log4j1.2@1.2.17-10%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/apache-log4j1.2@1.2.17-10%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache-log4j1.2@1.2.17-10%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/apache-log4j1.2@1.2.17-11?distro=trixie
purl pkg:deb/debian/apache-log4j1.2@1.2.17-11?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache-log4j1.2@1.2.17-11%3Fdistro=trixie
3
url pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.4
purl pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.25.4
Affected_packages
0
url pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.7
purl pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b9ra-7vku-kuhu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-1.2-api@2.7
1
url pkg:maven/org.apache.logging.log4j/log4j-1.2-api@3.0.0-beta1
purl pkg:maven/org.apache.logging.log4j/log4j-1.2-api@3.0.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b9ra-7vku-kuhu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-1.2-api@3.0.0-beta1
2
url pkg:maven/org.apache.logging.log4j/log4j-1.2-api@3.0.0-beta2
purl pkg:maven/org.apache.logging.log4j/log4j-1.2-api@3.0.0-beta2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b9ra-7vku-kuhu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-1.2-api@3.0.0-beta2
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34479.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34479.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34479
reference_id
reference_type
scores
0
value 0.00119
scoring_system epss
scoring_elements 0.30901
published_at 2026-04-11T12:55:00Z
1
value 0.00119
scoring_system epss
scoring_elements 0.30813
published_at 2026-04-13T12:55:00Z
2
value 0.00119
scoring_system epss
scoring_elements 0.30858
published_at 2026-04-12T12:55:00Z
3
value 0.00157
scoring_system epss
scoring_elements 0.36195
published_at 2026-04-24T12:55:00Z
4
value 0.00157
scoring_system epss
scoring_elements 0.36497
published_at 2026-04-16T12:55:00Z
5
value 0.00157
scoring_system epss
scoring_elements 0.3648
published_at 2026-04-18T12:55:00Z
6
value 0.00157
scoring_system epss
scoring_elements 0.36423
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34479
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34479
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34479
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/logging-log4j2
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/logging-log4j2
5
reference_url https://logging.apache.org/cyclonedx/vdr.xml
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:45:24Z/
url https://logging.apache.org/cyclonedx/vdr.xml
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34479
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34479
7
reference_url http://www.openwall.com/lists/oss-security/2026/04/10/8
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/04/10/8
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133848
reference_id 1133848
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133848
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2457313
reference_id 2457313
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2457313
10
reference_url https://github.com/apache/logging-log4j2/pull/4078
reference_id 4078
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:45:24Z/
url https://github.com/apache/logging-log4j2/pull/4078
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:log4j_1_2_api:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:log4j_1_2_api:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:log4j_1_2_api:*:*:*:*:*:*:*:*
12
reference_url https://lists.apache.org/thread/gd0hp6mj17rn3kj279vgy4p7kd4zz5on
reference_id gd0hp6mj17rn3kj279vgy4p7kd4zz5on
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:45:24Z/
url https://lists.apache.org/thread/gd0hp6mj17rn3kj279vgy4p7kd4zz5on
13
reference_url https://github.com/advisories/GHSA-h383-gmxw-35v2
reference_id GHSA-h383-gmxw-35v2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h383-gmxw-35v2
14
reference_url https://logging.apache.org/log4j/2.x/migrate-from-log4j1.html
reference_id migrate-from-log4j1.html
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:45:24Z/
url https://logging.apache.org/log4j/2.x/migrate-from-log4j1.html
15
reference_url https://logging.apache.org/security.html#CVE-2026-34479
reference_id security.html#CVE-2026-34479
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:45:24Z/
url https://logging.apache.org/security.html#CVE-2026-34479
Weaknesses
0
cwe_id 116
name Improper Encoding or Escaping of Output
description The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.
1
cwe_id 91
name XML Injection (aka Blind XPath Injection)
description The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-b9ra-7vku-kuhu