Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-hgxa-jmn2-7udg
Summary(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file.
Aliases
0
alias CVE-2014-1859
1
alias GHSA-2fc2-6r4j-p65h
2
alias PYSEC-2018-34
Fixed_packages
0
url pkg:pypi/numpy@1.8.1
purl pkg:pypi/numpy@1.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
1
vulnerability VCID-d4gz-n249-4ucx
2
vulnerability VCID-vx94-afb7-ybdw
3
vulnerability VCID-xmpe-ucks-uubr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.8.1
Affected_packages
0
url pkg:pypi/numpy@0.9.6
purl pkg:pypi/numpy@0.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
1
vulnerability VCID-d4gz-n249-4ucx
2
vulnerability VCID-hgxa-jmn2-7udg
3
vulnerability VCID-tefk-aqbz-z3gh
4
vulnerability VCID-vx94-afb7-ybdw
5
vulnerability VCID-xmpe-ucks-uubr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@0.9.6
1
url pkg:pypi/numpy@0.9.8
purl pkg:pypi/numpy@0.9.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
1
vulnerability VCID-d4gz-n249-4ucx
2
vulnerability VCID-hgxa-jmn2-7udg
3
vulnerability VCID-tefk-aqbz-z3gh
4
vulnerability VCID-vx94-afb7-ybdw
5
vulnerability VCID-xmpe-ucks-uubr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@0.9.8
2
url pkg:pypi/numpy@1.0b1
purl pkg:pypi/numpy@1.0b1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
1
vulnerability VCID-d4gz-n249-4ucx
2
vulnerability VCID-hgxa-jmn2-7udg
3
vulnerability VCID-tefk-aqbz-z3gh
4
vulnerability VCID-vx94-afb7-ybdw
5
vulnerability VCID-xmpe-ucks-uubr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.0b1
3
url pkg:pypi/numpy@1.0b4
purl pkg:pypi/numpy@1.0b4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
1
vulnerability VCID-d4gz-n249-4ucx
2
vulnerability VCID-hgxa-jmn2-7udg
3
vulnerability VCID-tefk-aqbz-z3gh
4
vulnerability VCID-vx94-afb7-ybdw
5
vulnerability VCID-xmpe-ucks-uubr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.0b4
4
url pkg:pypi/numpy@1.0b5
purl pkg:pypi/numpy@1.0b5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
1
vulnerability VCID-d4gz-n249-4ucx
2
vulnerability VCID-hgxa-jmn2-7udg
3
vulnerability VCID-tefk-aqbz-z3gh
4
vulnerability VCID-vx94-afb7-ybdw
5
vulnerability VCID-xmpe-ucks-uubr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.0b5
5
url pkg:pypi/numpy@1.0rc1
purl pkg:pypi/numpy@1.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
1
vulnerability VCID-d4gz-n249-4ucx
2
vulnerability VCID-hgxa-jmn2-7udg
3
vulnerability VCID-tefk-aqbz-z3gh
4
vulnerability VCID-vx94-afb7-ybdw
5
vulnerability VCID-xmpe-ucks-uubr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.0rc1
6
url pkg:pypi/numpy@1.0rc2
purl pkg:pypi/numpy@1.0rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
1
vulnerability VCID-d4gz-n249-4ucx
2
vulnerability VCID-hgxa-jmn2-7udg
3
vulnerability VCID-tefk-aqbz-z3gh
4
vulnerability VCID-vx94-afb7-ybdw
5
vulnerability VCID-xmpe-ucks-uubr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.0rc2
7
url pkg:pypi/numpy@1.0rc3
purl pkg:pypi/numpy@1.0rc3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
1
vulnerability VCID-d4gz-n249-4ucx
2
vulnerability VCID-hgxa-jmn2-7udg
3
vulnerability VCID-tefk-aqbz-z3gh
4
vulnerability VCID-vx94-afb7-ybdw
5
vulnerability VCID-xmpe-ucks-uubr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.0rc3
8
url pkg:pypi/numpy@1.0
purl pkg:pypi/numpy@1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
1
vulnerability VCID-d4gz-n249-4ucx
2
vulnerability VCID-hgxa-jmn2-7udg
3
vulnerability VCID-tefk-aqbz-z3gh
4
vulnerability VCID-vx94-afb7-ybdw
5
vulnerability VCID-xmpe-ucks-uubr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.0
9
url pkg:pypi/numpy@1.0.3
purl pkg:pypi/numpy@1.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
1
vulnerability VCID-d4gz-n249-4ucx
2
vulnerability VCID-hgxa-jmn2-7udg
3
vulnerability VCID-tefk-aqbz-z3gh
4
vulnerability VCID-vx94-afb7-ybdw
5
vulnerability VCID-xmpe-ucks-uubr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.0.3
10
url pkg:pypi/numpy@1.0.4
purl pkg:pypi/numpy@1.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
1
vulnerability VCID-d4gz-n249-4ucx
2
vulnerability VCID-hgxa-jmn2-7udg
3
vulnerability VCID-tefk-aqbz-z3gh
4
vulnerability VCID-vx94-afb7-ybdw
5
vulnerability VCID-xmpe-ucks-uubr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.0.4
11
url pkg:pypi/numpy@1.1.1
purl pkg:pypi/numpy@1.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
1
vulnerability VCID-d4gz-n249-4ucx
2
vulnerability VCID-hgxa-jmn2-7udg
3
vulnerability VCID-tefk-aqbz-z3gh
4
vulnerability VCID-vx94-afb7-ybdw
5
vulnerability VCID-xmpe-ucks-uubr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.1.1
12
url pkg:pypi/numpy@1.2.0
purl pkg:pypi/numpy@1.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
1
vulnerability VCID-d4gz-n249-4ucx
2
vulnerability VCID-hgxa-jmn2-7udg
3
vulnerability VCID-tefk-aqbz-z3gh
4
vulnerability VCID-vx94-afb7-ybdw
5
vulnerability VCID-xmpe-ucks-uubr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.2.0
13
url pkg:pypi/numpy@1.2.1
purl pkg:pypi/numpy@1.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
1
vulnerability VCID-d4gz-n249-4ucx
2
vulnerability VCID-hgxa-jmn2-7udg
3
vulnerability VCID-tefk-aqbz-z3gh
4
vulnerability VCID-vx94-afb7-ybdw
5
vulnerability VCID-xmpe-ucks-uubr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.2.1
14
url pkg:pypi/numpy@1.3.0
purl pkg:pypi/numpy@1.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
1
vulnerability VCID-d4gz-n249-4ucx
2
vulnerability VCID-hgxa-jmn2-7udg
3
vulnerability VCID-tefk-aqbz-z3gh
4
vulnerability VCID-vx94-afb7-ybdw
5
vulnerability VCID-xmpe-ucks-uubr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.3.0
15
url pkg:pypi/numpy@1.4.0
purl pkg:pypi/numpy@1.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
1
vulnerability VCID-d4gz-n249-4ucx
2
vulnerability VCID-hgxa-jmn2-7udg
3
vulnerability VCID-tefk-aqbz-z3gh
4
vulnerability VCID-vx94-afb7-ybdw
5
vulnerability VCID-xmpe-ucks-uubr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.4.0
16
url pkg:pypi/numpy@1.4.1
purl pkg:pypi/numpy@1.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
1
vulnerability VCID-d4gz-n249-4ucx
2
vulnerability VCID-hgxa-jmn2-7udg
3
vulnerability VCID-tefk-aqbz-z3gh
4
vulnerability VCID-vx94-afb7-ybdw
5
vulnerability VCID-xmpe-ucks-uubr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.4.1
17
url pkg:pypi/numpy@1.5.0
purl pkg:pypi/numpy@1.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
1
vulnerability VCID-d4gz-n249-4ucx
2
vulnerability VCID-hgxa-jmn2-7udg
3
vulnerability VCID-tefk-aqbz-z3gh
4
vulnerability VCID-vx94-afb7-ybdw
5
vulnerability VCID-xmpe-ucks-uubr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.5.0
18
url pkg:pypi/numpy@1.5.1
purl pkg:pypi/numpy@1.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
1
vulnerability VCID-d4gz-n249-4ucx
2
vulnerability VCID-hgxa-jmn2-7udg
3
vulnerability VCID-tefk-aqbz-z3gh
4
vulnerability VCID-vx94-afb7-ybdw
5
vulnerability VCID-xmpe-ucks-uubr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.5.1
19
url pkg:pypi/numpy@1.6.0
purl pkg:pypi/numpy@1.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
1
vulnerability VCID-d4gz-n249-4ucx
2
vulnerability VCID-hgxa-jmn2-7udg
3
vulnerability VCID-tefk-aqbz-z3gh
4
vulnerability VCID-vx94-afb7-ybdw
5
vulnerability VCID-xmpe-ucks-uubr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.6.0
20
url pkg:pypi/numpy@1.6.1
purl pkg:pypi/numpy@1.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
1
vulnerability VCID-d4gz-n249-4ucx
2
vulnerability VCID-hgxa-jmn2-7udg
3
vulnerability VCID-tefk-aqbz-z3gh
4
vulnerability VCID-vx94-afb7-ybdw
5
vulnerability VCID-xmpe-ucks-uubr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.6.1
21
url pkg:pypi/numpy@1.6.2
purl pkg:pypi/numpy@1.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
1
vulnerability VCID-d4gz-n249-4ucx
2
vulnerability VCID-hgxa-jmn2-7udg
3
vulnerability VCID-tefk-aqbz-z3gh
4
vulnerability VCID-vx94-afb7-ybdw
5
vulnerability VCID-xmpe-ucks-uubr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.6.2
22
url pkg:pypi/numpy@1.7.0
purl pkg:pypi/numpy@1.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
1
vulnerability VCID-d4gz-n249-4ucx
2
vulnerability VCID-hgxa-jmn2-7udg
3
vulnerability VCID-tefk-aqbz-z3gh
4
vulnerability VCID-vx94-afb7-ybdw
5
vulnerability VCID-xmpe-ucks-uubr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.7.0
23
url pkg:pypi/numpy@1.7.1
purl pkg:pypi/numpy@1.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
1
vulnerability VCID-d4gz-n249-4ucx
2
vulnerability VCID-hgxa-jmn2-7udg
3
vulnerability VCID-tefk-aqbz-z3gh
4
vulnerability VCID-vx94-afb7-ybdw
5
vulnerability VCID-xmpe-ucks-uubr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.7.1
24
url pkg:pypi/numpy@1.7.2
purl pkg:pypi/numpy@1.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
1
vulnerability VCID-d4gz-n249-4ucx
2
vulnerability VCID-hgxa-jmn2-7udg
3
vulnerability VCID-tefk-aqbz-z3gh
4
vulnerability VCID-vx94-afb7-ybdw
5
vulnerability VCID-xmpe-ucks-uubr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.7.2
25
url pkg:pypi/numpy@1.8.0
purl pkg:pypi/numpy@1.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-86w7-qcmk-xyca
1
vulnerability VCID-d4gz-n249-4ucx
2
vulnerability VCID-hgxa-jmn2-7udg
3
vulnerability VCID-tefk-aqbz-z3gh
4
vulnerability VCID-vx94-afb7-ybdw
5
vulnerability VCID-xmpe-ucks-uubr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.8.0
References
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128358.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128358.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128781.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128781.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1859.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1859.json
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1062009
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1062009
5
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/91317
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/91317
6
reference_url https://github.com/advisories/GHSA-2fc2-6r4j-p65h
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-2fc2-6r4j-p65h
7
reference_url https://github.com/numpy/numpy
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/numpy/numpy
8
reference_url https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rst
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rst
9
reference_url https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15
10
reference_url https://github.com/numpy/numpy/pull/4262
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/numpy/numpy/pull/4262
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/numpy/PYSEC-2018-34.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/numpy/PYSEC-2018-34.yaml
12
reference_url https://web.archive.org/web/20200228165750/http://www.securityfocus.com/bid/65440
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228165750/http://www.securityfocus.com/bid/65440
13
reference_url http://www.openwall.com/lists/oss-security/2014/02/08/3
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/02/08/3
14
reference_url http://www.securityfocus.com/bid/65440
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/65440
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-1859
reference_id CVE-2014-1859
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-1859
Weaknesses
0
cwe_id 59
name Improper Link Resolution Before File Access ('Link Following')
description The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
3
cwe_id 377
name Insecure Temporary File
description Creating and using insecure temporary files can leave application and system data vulnerable to attack.
4
cwe_id 367
name Time-of-check Time-of-use (TOCTOU) Race Condition
description The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.
Exploits
Severity_range_score5.5 - 8.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-hgxa-jmn2-7udg