Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-q2yu-yvd5-sbhs

Summary tlslite-ng version 0.7.3 and earlier, since commit d7b288316bca7bcdd082e6ccff5491e241305233 contains a CWE-354: Improper Validation of Integrity Check Value vulnerability in TLS implementation, tlslite/utils/constanttime.py: ct_check_cbc_mac_and_pad(); line "end_pos = data_len - 1 - mac.digest_size" that can result in an attacker manipulating the TLS ciphertext which will not be detected by receiving tlslite-ng. This attack appears to be exploitable via man in the middle on a network connection. This vulnerability appears to have been fixed after commit 3674815d1b0f7484454995e2737a352e0a6a93d8.

Aliases

alias	CVE-2018-1000159

alias	GHSA-cwh5-3cw7-4286

alias	PYSEC-2018-31

Fixed_packages

url pkg:pypi/tlslite-ng@0.7.4

purl pkg:pypi/tlslite-ng@0.7.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.4

Affected_packages

url pkg:pypi/tlslite-ng@0.5.0b1

purl pkg:pypi/tlslite-ng@0.5.0b1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.5.0b1

url pkg:pypi/tlslite-ng@0.5.0b2

purl pkg:pypi/tlslite-ng@0.5.0b2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.5.0b2

url pkg:pypi/tlslite-ng@0.5.0b3

purl pkg:pypi/tlslite-ng@0.5.0b3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.5.0b3

url pkg:pypi/tlslite-ng@0.5.0b4

purl pkg:pypi/tlslite-ng@0.5.0b4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.5.0b4

url pkg:pypi/tlslite-ng@0.5.0b5

purl pkg:pypi/tlslite-ng@0.5.0b5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.5.0b5

url pkg:pypi/tlslite-ng@0.5.0b6

purl pkg:pypi/tlslite-ng@0.5.0b6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.5.0b6

url pkg:pypi/tlslite-ng@0.5.0

purl pkg:pypi/tlslite-ng@0.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.5.0

url pkg:pypi/tlslite-ng@0.5.1

purl pkg:pypi/tlslite-ng@0.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.5.1

url pkg:pypi/tlslite-ng@0.5.2

purl pkg:pypi/tlslite-ng@0.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.5.2

url pkg:pypi/tlslite-ng@0.6.0a1

purl pkg:pypi/tlslite-ng@0.6.0a1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.6.0a1

url pkg:pypi/tlslite-ng@0.6.0a2

purl pkg:pypi/tlslite-ng@0.6.0a2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.6.0a2

url pkg:pypi/tlslite-ng@0.6.0a3

purl pkg:pypi/tlslite-ng@0.6.0a3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.6.0a3

url pkg:pypi/tlslite-ng@0.6.0a4

purl pkg:pypi/tlslite-ng@0.6.0a4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.6.0a4

url pkg:pypi/tlslite-ng@0.6.0a5

purl pkg:pypi/tlslite-ng@0.6.0a5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.6.0a5

url pkg:pypi/tlslite-ng@0.6.0b1

purl pkg:pypi/tlslite-ng@0.6.0b1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.6.0b1

url pkg:pypi/tlslite-ng@0.6.0

purl pkg:pypi/tlslite-ng@0.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.6.0

url pkg:pypi/tlslite-ng@0.7.0a1

purl pkg:pypi/tlslite-ng@0.7.0a1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.0a1

url pkg:pypi/tlslite-ng@0.7.0a2

purl pkg:pypi/tlslite-ng@0.7.0a2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.0a2

url pkg:pypi/tlslite-ng@0.7.0a3

purl pkg:pypi/tlslite-ng@0.7.0a3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.0a3

url pkg:pypi/tlslite-ng@0.7.0a4

purl pkg:pypi/tlslite-ng@0.7.0a4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.0a4

url pkg:pypi/tlslite-ng@0.7.0a5

purl pkg:pypi/tlslite-ng@0.7.0a5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.0a5

url pkg:pypi/tlslite-ng@0.7.0a6

purl pkg:pypi/tlslite-ng@0.7.0a6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.0a6

url pkg:pypi/tlslite-ng@0.7.0a7

purl pkg:pypi/tlslite-ng@0.7.0a7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.0a7

url pkg:pypi/tlslite-ng@0.7.0a8

purl pkg:pypi/tlslite-ng@0.7.0a8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.0a8

url pkg:pypi/tlslite-ng@0.7.0a9

purl pkg:pypi/tlslite-ng@0.7.0a9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.0a9

url pkg:pypi/tlslite-ng@0.7.0b1

purl pkg:pypi/tlslite-ng@0.7.0b1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.0b1

url pkg:pypi/tlslite-ng@0.7.0

purl pkg:pypi/tlslite-ng@0.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.0

url pkg:pypi/tlslite-ng@0.7.1

purl pkg:pypi/tlslite-ng@0.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.1

url pkg:pypi/tlslite-ng@0.7.2

purl pkg:pypi/tlslite-ng@0.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.2

url pkg:pypi/tlslite-ng@0.7.3

purl pkg:pypi/tlslite-ng@0.7.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.3

References

reference_url	https://github.com/advisories/GHSA-cwh5-3cw7-4286
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-cwh5-3cw7-4286

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/tlslite-ng/PYSEC-2018-31.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/tlslite-ng/PYSEC-2018-31.yaml

reference_url	https://github.com/tlsfuzzer/tlslite-ng/pull/234/commits/3674815d1b0f7484454995e2737a352e0a6a93d8
reference_id
reference_type
scores
url	https://github.com/tlsfuzzer/tlslite-ng/pull/234/commits/3674815d1b0f7484454995e2737a352e0a6a93d8

reference_url	https://github.com/tomato42/tlslite-ng
reference_id
reference_type
scores
url	https://github.com/tomato42/tlslite-ng

reference_url	https://github.com/tomato42/tlslite-ng/pull/234
reference_id
reference_type
scores
url	https://github.com/tomato42/tlslite-ng/pull/234

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-1000159
reference_id	CVE-2018-1000159
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-1000159

Weaknesses

cwe_id	354
name	Improper Validation of Integrity Check Value
description	The product does not validate or incorrectly validates the integrity check values or checksums of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q2yu-yvd5-sbhs

Vulnerability Instance