Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-8h35-s38x-buey

Summary It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. Chrome will detect this as a reflected XSS attempt and prevent the page from loading. Firefox and other browsers don't, and are vulnerable to this attack. Mitigation: The fix for this is to upgrade to Apache Airflow 1.9.0 or above.

Aliases

alias	CVE-2017-12614

alias	GHSA-rv25-9wgj-xg75

alias	PYSEC-2018-45

Fixed_packages

url pkg:pypi/apache-airflow@1.9.0

purl pkg:pypi/apache-airflow@1.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2fnz-jqpe-nuau

vulnerability	VCID-2xr2-w3hk-auck

vulnerability	VCID-2ysx-9hz5-fyfm

vulnerability	VCID-3h3z-bfsc-jqax

vulnerability	VCID-4dpy-dzpr-bbg7

vulnerability	VCID-4ga6-4111-dyc9

vulnerability	VCID-4xax-xw67-2qfv

vulnerability	VCID-4xdb-1kww-sfdh

vulnerability	VCID-56eq-awhd-d3fr

vulnerability	VCID-5cpd-kjpb-ekhv

vulnerability	VCID-5yxa-ubfq-fqdx

vulnerability	VCID-5zmy-2ape-7qfa

vulnerability	VCID-6c7g-ws6x-yygu

vulnerability	VCID-6gjt-zsju-47a3

vulnerability	VCID-6ksf-tekv-dud3

vulnerability	VCID-6vg9-hu9u-q7c3

vulnerability	VCID-71hr-1ews-9qa6

vulnerability	VCID-7zef-tgy9-kkh6

vulnerability	VCID-82kk-s7d6-f7he

vulnerability	VCID-835a-arqz-g7h7

vulnerability	VCID-91n6-evww-zybp

vulnerability	VCID-98yf-mvnw-d3b4

vulnerability	VCID-9jm4-t1je-vqhm

vulnerability	VCID-9tq4-v733-hug3

vulnerability	VCID-amac-hqnj-xfgz

vulnerability	VCID-b3w3-h9cm-ufgm

vulnerability	VCID-bwd5-3jt5-pyb8

vulnerability	VCID-cahz-4dy7-bbe9

vulnerability	VCID-dh4r-77xc-cbas

vulnerability	VCID-due7-n14c-akfx

vulnerability	VCID-ez45-qkb4-xkba

vulnerability	VCID-fbjk-2uvy-mqfc

vulnerability	VCID-frbp-mhhr-8bdt

vulnerability	VCID-gz6e-b7dz-5qdf

vulnerability	VCID-h6sp-398p-pbeg

vulnerability	VCID-hah6-e5fc-juc5

vulnerability	VCID-hy75-nfg7-zfae

vulnerability	VCID-j86y-n37n-n7ft

vulnerability	VCID-jq98-gxbc-pydt

vulnerability	VCID-kh46-xrgm-9udx

vulnerability	VCID-ks8d-9vr8-4feh

vulnerability	VCID-mcbu-b45m-k3ck

vulnerability	VCID-njyy-ywer-x7bf

vulnerability	VCID-p9we-cpy2-17h4

vulnerability	VCID-pe8h-9hgu-j3hx

vulnerability	VCID-pybp-gfy8-2qcr

vulnerability	VCID-pypb-cezm-rkb2

vulnerability	VCID-q83y-d2x7-m7hv

vulnerability	VCID-q84t-8dac-93dm

vulnerability	VCID-qehu-58hj-67gn

vulnerability	VCID-qmpd-946c-gqbc

vulnerability	VCID-qr9h-6dg8-gkh3

vulnerability	VCID-quaj-w9r3-qya8

vulnerability	VCID-reu2-2xcq-fqa4

vulnerability	VCID-ryct-uaw3-fyfc

vulnerability	VCID-suwt-h1ze-mydu

vulnerability	VCID-t3ap-dzfp-1bd6

vulnerability	VCID-t476-g5u5-1yeh

vulnerability	VCID-trd4-8vc9-ufab

vulnerability	VCID-u5wv-47m4-8yd6

vulnerability	VCID-x9ns-34nt-gfer

vulnerability	VCID-xh7u-8ze6-cqhk

vulnerability	VCID-xunf-mqrn-97f5

vulnerability	VCID-y7az-a4um-jqff

vulnerability	VCID-ydhm-m8vh-mber

vulnerability	VCID-z4w8-3mr1-63ed

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.9.0

Affected_packages

url pkg:pypi/apache-airflow@1.8.1

purl pkg:pypi/apache-airflow@1.8.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2fnz-jqpe-nuau

vulnerability	VCID-2xr2-w3hk-auck

vulnerability	VCID-2ysx-9hz5-fyfm

vulnerability	VCID-3h3z-bfsc-jqax

vulnerability	VCID-4dpy-dzpr-bbg7

vulnerability	VCID-4ga6-4111-dyc9

vulnerability	VCID-4xax-xw67-2qfv

vulnerability	VCID-4xdb-1kww-sfdh

vulnerability	VCID-56eq-awhd-d3fr

vulnerability	VCID-5cpd-kjpb-ekhv

vulnerability	VCID-5yxa-ubfq-fqdx

vulnerability	VCID-5zmy-2ape-7qfa

vulnerability	VCID-6c7g-ws6x-yygu

vulnerability	VCID-6gjt-zsju-47a3

vulnerability	VCID-6ksf-tekv-dud3

vulnerability	VCID-6vg9-hu9u-q7c3

vulnerability	VCID-71hr-1ews-9qa6

vulnerability	VCID-7zef-tgy9-kkh6

vulnerability	VCID-82kk-s7d6-f7he

vulnerability	VCID-835a-arqz-g7h7

vulnerability	VCID-8h35-s38x-buey

vulnerability	VCID-91n6-evww-zybp

vulnerability	VCID-98yf-mvnw-d3b4

vulnerability	VCID-9jm4-t1je-vqhm

vulnerability	VCID-9tq4-v733-hug3

vulnerability	VCID-amac-hqnj-xfgz

vulnerability	VCID-asrx-5a3k-r3gs

vulnerability	VCID-b3w3-h9cm-ufgm

vulnerability	VCID-bwd5-3jt5-pyb8

vulnerability	VCID-cahz-4dy7-bbe9

vulnerability	VCID-dh4r-77xc-cbas

vulnerability	VCID-due7-n14c-akfx

vulnerability	VCID-e737-kzbj-37gg

vulnerability	VCID-ez45-qkb4-xkba

vulnerability	VCID-fbjk-2uvy-mqfc

vulnerability	VCID-frbp-mhhr-8bdt

vulnerability	VCID-gz6e-b7dz-5qdf

vulnerability	VCID-h6sp-398p-pbeg

vulnerability	VCID-hah6-e5fc-juc5

vulnerability	VCID-hy75-nfg7-zfae

vulnerability	VCID-j86y-n37n-n7ft

vulnerability	VCID-jq98-gxbc-pydt

vulnerability	VCID-kh46-xrgm-9udx

vulnerability	VCID-ks8d-9vr8-4feh

vulnerability	VCID-mcbu-b45m-k3ck

vulnerability	VCID-njyy-ywer-x7bf

vulnerability	VCID-p9we-cpy2-17h4

vulnerability	VCID-pe8h-9hgu-j3hx

vulnerability	VCID-pybp-gfy8-2qcr

vulnerability	VCID-pypb-cezm-rkb2

vulnerability	VCID-q83y-d2x7-m7hv

vulnerability	VCID-q84t-8dac-93dm

vulnerability	VCID-qehu-58hj-67gn

vulnerability	VCID-qmpd-946c-gqbc

vulnerability	VCID-qr9h-6dg8-gkh3

vulnerability	VCID-quaj-w9r3-qya8

vulnerability	VCID-reu2-2xcq-fqa4

vulnerability	VCID-ryct-uaw3-fyfc

vulnerability	VCID-suwt-h1ze-mydu

vulnerability	VCID-t3ap-dzfp-1bd6

vulnerability	VCID-t476-g5u5-1yeh

vulnerability	VCID-trd4-8vc9-ufab

vulnerability	VCID-u5wv-47m4-8yd6

vulnerability	VCID-x9ns-34nt-gfer

vulnerability	VCID-xh7u-8ze6-cqhk

vulnerability	VCID-xt2u-n7bw-nben

vulnerability	VCID-xunf-mqrn-97f5

vulnerability	VCID-y7az-a4um-jqff

vulnerability	VCID-ydhm-m8vh-mber

vulnerability	VCID-z4w8-3mr1-63ed

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.8.1

url pkg:pypi/apache-airflow@1.8.2rc1

purl pkg:pypi/apache-airflow@1.8.2rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2fnz-jqpe-nuau

vulnerability	VCID-2xr2-w3hk-auck

vulnerability	VCID-2ysx-9hz5-fyfm

vulnerability	VCID-3h3z-bfsc-jqax

vulnerability	VCID-4dpy-dzpr-bbg7

vulnerability	VCID-4ga6-4111-dyc9

vulnerability	VCID-4xax-xw67-2qfv

vulnerability	VCID-4xdb-1kww-sfdh

vulnerability	VCID-56eq-awhd-d3fr

vulnerability	VCID-5cpd-kjpb-ekhv

vulnerability	VCID-5yxa-ubfq-fqdx

vulnerability	VCID-5zmy-2ape-7qfa

vulnerability	VCID-6c7g-ws6x-yygu

vulnerability	VCID-6gjt-zsju-47a3

vulnerability	VCID-6ksf-tekv-dud3

vulnerability	VCID-6vg9-hu9u-q7c3

vulnerability	VCID-71hr-1ews-9qa6

vulnerability	VCID-7zef-tgy9-kkh6

vulnerability	VCID-82kk-s7d6-f7he

vulnerability	VCID-835a-arqz-g7h7

vulnerability	VCID-8h35-s38x-buey

vulnerability	VCID-91n6-evww-zybp

vulnerability	VCID-98yf-mvnw-d3b4

vulnerability	VCID-9jm4-t1je-vqhm

vulnerability	VCID-9tq4-v733-hug3

vulnerability	VCID-amac-hqnj-xfgz

vulnerability	VCID-asrx-5a3k-r3gs

vulnerability	VCID-b3w3-h9cm-ufgm

vulnerability	VCID-bwd5-3jt5-pyb8

vulnerability	VCID-cahz-4dy7-bbe9

vulnerability	VCID-dh4r-77xc-cbas

vulnerability	VCID-due7-n14c-akfx

vulnerability	VCID-e737-kzbj-37gg

vulnerability	VCID-ez45-qkb4-xkba

vulnerability	VCID-fbjk-2uvy-mqfc

vulnerability	VCID-frbp-mhhr-8bdt

vulnerability	VCID-gz6e-b7dz-5qdf

vulnerability	VCID-h6sp-398p-pbeg

vulnerability	VCID-hah6-e5fc-juc5

vulnerability	VCID-hy75-nfg7-zfae

vulnerability	VCID-j86y-n37n-n7ft

vulnerability	VCID-jq98-gxbc-pydt

vulnerability	VCID-kh46-xrgm-9udx

vulnerability	VCID-ks8d-9vr8-4feh

vulnerability	VCID-mcbu-b45m-k3ck

vulnerability	VCID-njyy-ywer-x7bf

vulnerability	VCID-p9we-cpy2-17h4

vulnerability	VCID-pe8h-9hgu-j3hx

vulnerability	VCID-pybp-gfy8-2qcr

vulnerability	VCID-pypb-cezm-rkb2

vulnerability	VCID-q83y-d2x7-m7hv

vulnerability	VCID-q84t-8dac-93dm

vulnerability	VCID-qehu-58hj-67gn

vulnerability	VCID-qmpd-946c-gqbc

vulnerability	VCID-qr9h-6dg8-gkh3

vulnerability	VCID-quaj-w9r3-qya8

vulnerability	VCID-reu2-2xcq-fqa4

vulnerability	VCID-ryct-uaw3-fyfc

vulnerability	VCID-suwt-h1ze-mydu

vulnerability	VCID-t3ap-dzfp-1bd6

vulnerability	VCID-t476-g5u5-1yeh

vulnerability	VCID-trd4-8vc9-ufab

vulnerability	VCID-u5wv-47m4-8yd6

vulnerability	VCID-x9ns-34nt-gfer

vulnerability	VCID-xh7u-8ze6-cqhk

vulnerability	VCID-xt2u-n7bw-nben

vulnerability	VCID-xunf-mqrn-97f5

vulnerability	VCID-y7az-a4um-jqff

vulnerability	VCID-ydhm-m8vh-mber

vulnerability	VCID-z4w8-3mr1-63ed

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.8.2rc1

url pkg:pypi/apache-airflow@1.8.2

purl pkg:pypi/apache-airflow@1.8.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2fnz-jqpe-nuau

vulnerability	VCID-2xr2-w3hk-auck

vulnerability	VCID-2ysx-9hz5-fyfm

vulnerability	VCID-3h3z-bfsc-jqax

vulnerability	VCID-4dpy-dzpr-bbg7

vulnerability	VCID-4ga6-4111-dyc9

vulnerability	VCID-4xax-xw67-2qfv

vulnerability	VCID-4xdb-1kww-sfdh

vulnerability	VCID-56eq-awhd-d3fr

vulnerability	VCID-5cpd-kjpb-ekhv

vulnerability	VCID-5yxa-ubfq-fqdx

vulnerability	VCID-5zmy-2ape-7qfa

vulnerability	VCID-6c7g-ws6x-yygu

vulnerability	VCID-6gjt-zsju-47a3

vulnerability	VCID-6ksf-tekv-dud3

vulnerability	VCID-6vg9-hu9u-q7c3

vulnerability	VCID-71hr-1ews-9qa6

vulnerability	VCID-7zef-tgy9-kkh6

vulnerability	VCID-82kk-s7d6-f7he

vulnerability	VCID-835a-arqz-g7h7

vulnerability	VCID-8h35-s38x-buey

vulnerability	VCID-91n6-evww-zybp

vulnerability	VCID-98yf-mvnw-d3b4

vulnerability	VCID-9jm4-t1je-vqhm

vulnerability	VCID-9tq4-v733-hug3

vulnerability	VCID-amac-hqnj-xfgz

vulnerability	VCID-asrx-5a3k-r3gs

vulnerability	VCID-b3w3-h9cm-ufgm

vulnerability	VCID-bwd5-3jt5-pyb8

vulnerability	VCID-cahz-4dy7-bbe9

vulnerability	VCID-dh4r-77xc-cbas

vulnerability	VCID-due7-n14c-akfx

vulnerability	VCID-e737-kzbj-37gg

vulnerability	VCID-ez45-qkb4-xkba

vulnerability	VCID-fbjk-2uvy-mqfc

vulnerability	VCID-frbp-mhhr-8bdt

vulnerability	VCID-gz6e-b7dz-5qdf

vulnerability	VCID-h6sp-398p-pbeg

vulnerability	VCID-hah6-e5fc-juc5

vulnerability	VCID-hy75-nfg7-zfae

vulnerability	VCID-j86y-n37n-n7ft

vulnerability	VCID-jq98-gxbc-pydt

vulnerability	VCID-kh46-xrgm-9udx

vulnerability	VCID-ks8d-9vr8-4feh

vulnerability	VCID-mcbu-b45m-k3ck

vulnerability	VCID-njyy-ywer-x7bf

vulnerability	VCID-p9we-cpy2-17h4

vulnerability	VCID-pe8h-9hgu-j3hx

vulnerability	VCID-pybp-gfy8-2qcr

vulnerability	VCID-pypb-cezm-rkb2

vulnerability	VCID-q83y-d2x7-m7hv

vulnerability	VCID-q84t-8dac-93dm

vulnerability	VCID-qehu-58hj-67gn

vulnerability	VCID-qmpd-946c-gqbc

vulnerability	VCID-qr9h-6dg8-gkh3

vulnerability	VCID-quaj-w9r3-qya8

vulnerability	VCID-reu2-2xcq-fqa4

vulnerability	VCID-ryct-uaw3-fyfc

vulnerability	VCID-suwt-h1ze-mydu

vulnerability	VCID-t3ap-dzfp-1bd6

vulnerability	VCID-t476-g5u5-1yeh

vulnerability	VCID-trd4-8vc9-ufab

vulnerability	VCID-u5wv-47m4-8yd6

vulnerability	VCID-x9ns-34nt-gfer

vulnerability	VCID-xh7u-8ze6-cqhk

vulnerability	VCID-xt2u-n7bw-nben

vulnerability	VCID-xunf-mqrn-97f5

vulnerability	VCID-y7az-a4um-jqff

vulnerability	VCID-ydhm-m8vh-mber

vulnerability	VCID-z4w8-3mr1-63ed

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.8.2

References

reference_url	https://github.com/apache/airflow
reference_id
reference_type
scores
url	https://github.com/apache/airflow

reference_url	https://github.com/apache/airflow/commit/e1a2d74c0045c9231f7a5365c956b8e048dd6af3
reference_id
reference_type
scores
url	https://github.com/apache/airflow/commit/e1a2d74c0045c9231f7a5365c956b8e048dd6af3

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2018-45.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2018-45.yaml

reference_url	https://lists.apache.org/thread.html/2c72480c76619c5e7793f0d213c34082f0598eaa4d212172f068940f@%3Cdev.airflow.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/2c72480c76619c5e7793f0d213c34082f0598eaa4d212172f068940f@%3Cdev.airflow.apache.org%3E

reference_url	https://devhub.checkmarx.com/cve-details/cve-2017-12614
reference_id	CVE-2017-12614
reference_type
scores
url	https://devhub.checkmarx.com/cve-details/cve-2017-12614

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-12614
reference_id	CVE-2017-12614
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-12614

reference_url	https://github.com/advisories/GHSA-rv25-9wgj-xg75
reference_id	GHSA-rv25-9wgj-xg75
reference_type
scores
url	https://github.com/advisories/GHSA-rv25-9wgj-xg75

Weaknesses

cwe_id	79
name	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description	The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8h35-s38x-buey

Vulnerability Instance