Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-xt2u-n7bw-nben

Summary In Apache Airflow 1.8.2 and earlier, an authenticated user can execute code remotely on the Airflow webserver by creating a special object.

Aliases

alias	CVE-2017-15720

alias	GHSA-8fg4-j562-mjrc

alias	PYSEC-2019-147

Fixed_packages

url pkg:pypi/apache-airflow@1.9.0

purl pkg:pypi/apache-airflow@1.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2fnz-jqpe-nuau

vulnerability	VCID-2xr2-w3hk-auck

vulnerability	VCID-2ysx-9hz5-fyfm

vulnerability	VCID-3h3z-bfsc-jqax

vulnerability	VCID-4dpy-dzpr-bbg7

vulnerability	VCID-4ga6-4111-dyc9

vulnerability	VCID-4xax-xw67-2qfv

vulnerability	VCID-4xdb-1kww-sfdh

vulnerability	VCID-56eq-awhd-d3fr

vulnerability	VCID-5cpd-kjpb-ekhv

vulnerability	VCID-5yxa-ubfq-fqdx

vulnerability	VCID-5zmy-2ape-7qfa

vulnerability	VCID-6c7g-ws6x-yygu

vulnerability	VCID-6gjt-zsju-47a3

vulnerability	VCID-6ksf-tekv-dud3

vulnerability	VCID-6vg9-hu9u-q7c3

vulnerability	VCID-71hr-1ews-9qa6

vulnerability	VCID-7zef-tgy9-kkh6

vulnerability	VCID-82kk-s7d6-f7he

vulnerability	VCID-835a-arqz-g7h7

vulnerability	VCID-91n6-evww-zybp

vulnerability	VCID-98yf-mvnw-d3b4

vulnerability	VCID-9jm4-t1je-vqhm

vulnerability	VCID-9tq4-v733-hug3

vulnerability	VCID-amac-hqnj-xfgz

vulnerability	VCID-b3w3-h9cm-ufgm

vulnerability	VCID-bwd5-3jt5-pyb8

vulnerability	VCID-cahz-4dy7-bbe9

vulnerability	VCID-dh4r-77xc-cbas

vulnerability	VCID-due7-n14c-akfx

vulnerability	VCID-ez45-qkb4-xkba

vulnerability	VCID-fbjk-2uvy-mqfc

vulnerability	VCID-frbp-mhhr-8bdt

vulnerability	VCID-gz6e-b7dz-5qdf

vulnerability	VCID-h6sp-398p-pbeg

vulnerability	VCID-hah6-e5fc-juc5

vulnerability	VCID-hy75-nfg7-zfae

vulnerability	VCID-j86y-n37n-n7ft

vulnerability	VCID-jq98-gxbc-pydt

vulnerability	VCID-kh46-xrgm-9udx

vulnerability	VCID-ks8d-9vr8-4feh

vulnerability	VCID-mcbu-b45m-k3ck

vulnerability	VCID-njyy-ywer-x7bf

vulnerability	VCID-p9we-cpy2-17h4

vulnerability	VCID-pe8h-9hgu-j3hx

vulnerability	VCID-pybp-gfy8-2qcr

vulnerability	VCID-pypb-cezm-rkb2

vulnerability	VCID-q83y-d2x7-m7hv

vulnerability	VCID-q84t-8dac-93dm

vulnerability	VCID-qehu-58hj-67gn

vulnerability	VCID-qmpd-946c-gqbc

vulnerability	VCID-qr9h-6dg8-gkh3

vulnerability	VCID-quaj-w9r3-qya8

vulnerability	VCID-reu2-2xcq-fqa4

vulnerability	VCID-ryct-uaw3-fyfc

vulnerability	VCID-suwt-h1ze-mydu

vulnerability	VCID-t3ap-dzfp-1bd6

vulnerability	VCID-t476-g5u5-1yeh

vulnerability	VCID-trd4-8vc9-ufab

vulnerability	VCID-u5wv-47m4-8yd6

vulnerability	VCID-x9ns-34nt-gfer

vulnerability	VCID-xh7u-8ze6-cqhk

vulnerability	VCID-xunf-mqrn-97f5

vulnerability	VCID-y7az-a4um-jqff

vulnerability	VCID-ydhm-m8vh-mber

vulnerability	VCID-z4w8-3mr1-63ed

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.9.0

Affected_packages

url pkg:pypi/apache-airflow@1.8.1

purl pkg:pypi/apache-airflow@1.8.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2fnz-jqpe-nuau

vulnerability	VCID-2xr2-w3hk-auck

vulnerability	VCID-2ysx-9hz5-fyfm

vulnerability	VCID-3h3z-bfsc-jqax

vulnerability	VCID-4dpy-dzpr-bbg7

vulnerability	VCID-4ga6-4111-dyc9

vulnerability	VCID-4xax-xw67-2qfv

vulnerability	VCID-4xdb-1kww-sfdh

vulnerability	VCID-56eq-awhd-d3fr

vulnerability	VCID-5cpd-kjpb-ekhv

vulnerability	VCID-5yxa-ubfq-fqdx

vulnerability	VCID-5zmy-2ape-7qfa

vulnerability	VCID-6c7g-ws6x-yygu

vulnerability	VCID-6gjt-zsju-47a3

vulnerability	VCID-6ksf-tekv-dud3

vulnerability	VCID-6vg9-hu9u-q7c3

vulnerability	VCID-71hr-1ews-9qa6

vulnerability	VCID-7zef-tgy9-kkh6

vulnerability	VCID-82kk-s7d6-f7he

vulnerability	VCID-835a-arqz-g7h7

vulnerability	VCID-8h35-s38x-buey

vulnerability	VCID-91n6-evww-zybp

vulnerability	VCID-98yf-mvnw-d3b4

vulnerability	VCID-9jm4-t1je-vqhm

vulnerability	VCID-9tq4-v733-hug3

vulnerability	VCID-amac-hqnj-xfgz

vulnerability	VCID-asrx-5a3k-r3gs

vulnerability	VCID-b3w3-h9cm-ufgm

vulnerability	VCID-bwd5-3jt5-pyb8

vulnerability	VCID-cahz-4dy7-bbe9

vulnerability	VCID-dh4r-77xc-cbas

vulnerability	VCID-due7-n14c-akfx

vulnerability	VCID-e737-kzbj-37gg

vulnerability	VCID-ez45-qkb4-xkba

vulnerability	VCID-fbjk-2uvy-mqfc

vulnerability	VCID-frbp-mhhr-8bdt

vulnerability	VCID-gz6e-b7dz-5qdf

vulnerability	VCID-h6sp-398p-pbeg

vulnerability	VCID-hah6-e5fc-juc5

vulnerability	VCID-hy75-nfg7-zfae

vulnerability	VCID-j86y-n37n-n7ft

vulnerability	VCID-jq98-gxbc-pydt

vulnerability	VCID-kh46-xrgm-9udx

vulnerability	VCID-ks8d-9vr8-4feh

vulnerability	VCID-mcbu-b45m-k3ck

vulnerability	VCID-njyy-ywer-x7bf

vulnerability	VCID-p9we-cpy2-17h4

vulnerability	VCID-pe8h-9hgu-j3hx

vulnerability	VCID-pybp-gfy8-2qcr

vulnerability	VCID-pypb-cezm-rkb2

vulnerability	VCID-q83y-d2x7-m7hv

vulnerability	VCID-q84t-8dac-93dm

vulnerability	VCID-qehu-58hj-67gn

vulnerability	VCID-qmpd-946c-gqbc

vulnerability	VCID-qr9h-6dg8-gkh3

vulnerability	VCID-quaj-w9r3-qya8

vulnerability	VCID-reu2-2xcq-fqa4

vulnerability	VCID-ryct-uaw3-fyfc

vulnerability	VCID-suwt-h1ze-mydu

vulnerability	VCID-t3ap-dzfp-1bd6

vulnerability	VCID-t476-g5u5-1yeh

vulnerability	VCID-trd4-8vc9-ufab

vulnerability	VCID-u5wv-47m4-8yd6

vulnerability	VCID-x9ns-34nt-gfer

vulnerability	VCID-xh7u-8ze6-cqhk

vulnerability	VCID-xt2u-n7bw-nben

vulnerability	VCID-xunf-mqrn-97f5

vulnerability	VCID-y7az-a4um-jqff

vulnerability	VCID-ydhm-m8vh-mber

vulnerability	VCID-z4w8-3mr1-63ed

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.8.1

url pkg:pypi/apache-airflow@1.8.2rc1

purl pkg:pypi/apache-airflow@1.8.2rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2fnz-jqpe-nuau

vulnerability	VCID-2xr2-w3hk-auck

vulnerability	VCID-2ysx-9hz5-fyfm

vulnerability	VCID-3h3z-bfsc-jqax

vulnerability	VCID-4dpy-dzpr-bbg7

vulnerability	VCID-4ga6-4111-dyc9

vulnerability	VCID-4xax-xw67-2qfv

vulnerability	VCID-4xdb-1kww-sfdh

vulnerability	VCID-56eq-awhd-d3fr

vulnerability	VCID-5cpd-kjpb-ekhv

vulnerability	VCID-5yxa-ubfq-fqdx

vulnerability	VCID-5zmy-2ape-7qfa

vulnerability	VCID-6c7g-ws6x-yygu

vulnerability	VCID-6gjt-zsju-47a3

vulnerability	VCID-6ksf-tekv-dud3

vulnerability	VCID-6vg9-hu9u-q7c3

vulnerability	VCID-71hr-1ews-9qa6

vulnerability	VCID-7zef-tgy9-kkh6

vulnerability	VCID-82kk-s7d6-f7he

vulnerability	VCID-835a-arqz-g7h7

vulnerability	VCID-8h35-s38x-buey

vulnerability	VCID-91n6-evww-zybp

vulnerability	VCID-98yf-mvnw-d3b4

vulnerability	VCID-9jm4-t1je-vqhm

vulnerability	VCID-9tq4-v733-hug3

vulnerability	VCID-amac-hqnj-xfgz

vulnerability	VCID-asrx-5a3k-r3gs

vulnerability	VCID-b3w3-h9cm-ufgm

vulnerability	VCID-bwd5-3jt5-pyb8

vulnerability	VCID-cahz-4dy7-bbe9

vulnerability	VCID-dh4r-77xc-cbas

vulnerability	VCID-due7-n14c-akfx

vulnerability	VCID-e737-kzbj-37gg

vulnerability	VCID-ez45-qkb4-xkba

vulnerability	VCID-fbjk-2uvy-mqfc

vulnerability	VCID-frbp-mhhr-8bdt

vulnerability	VCID-gz6e-b7dz-5qdf

vulnerability	VCID-h6sp-398p-pbeg

vulnerability	VCID-hah6-e5fc-juc5

vulnerability	VCID-hy75-nfg7-zfae

vulnerability	VCID-j86y-n37n-n7ft

vulnerability	VCID-jq98-gxbc-pydt

vulnerability	VCID-kh46-xrgm-9udx

vulnerability	VCID-ks8d-9vr8-4feh

vulnerability	VCID-mcbu-b45m-k3ck

vulnerability	VCID-njyy-ywer-x7bf

vulnerability	VCID-p9we-cpy2-17h4

vulnerability	VCID-pe8h-9hgu-j3hx

vulnerability	VCID-pybp-gfy8-2qcr

vulnerability	VCID-pypb-cezm-rkb2

vulnerability	VCID-q83y-d2x7-m7hv

vulnerability	VCID-q84t-8dac-93dm

vulnerability	VCID-qehu-58hj-67gn

vulnerability	VCID-qmpd-946c-gqbc

vulnerability	VCID-qr9h-6dg8-gkh3

vulnerability	VCID-quaj-w9r3-qya8

vulnerability	VCID-reu2-2xcq-fqa4

vulnerability	VCID-ryct-uaw3-fyfc

vulnerability	VCID-suwt-h1ze-mydu

vulnerability	VCID-t3ap-dzfp-1bd6

vulnerability	VCID-t476-g5u5-1yeh

vulnerability	VCID-trd4-8vc9-ufab

vulnerability	VCID-u5wv-47m4-8yd6

vulnerability	VCID-x9ns-34nt-gfer

vulnerability	VCID-xh7u-8ze6-cqhk

vulnerability	VCID-xt2u-n7bw-nben

vulnerability	VCID-xunf-mqrn-97f5

vulnerability	VCID-y7az-a4um-jqff

vulnerability	VCID-ydhm-m8vh-mber

vulnerability	VCID-z4w8-3mr1-63ed

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.8.2rc1

url pkg:pypi/apache-airflow@1.8.2

purl pkg:pypi/apache-airflow@1.8.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2fnz-jqpe-nuau

vulnerability	VCID-2xr2-w3hk-auck

vulnerability	VCID-2ysx-9hz5-fyfm

vulnerability	VCID-3h3z-bfsc-jqax

vulnerability	VCID-4dpy-dzpr-bbg7

vulnerability	VCID-4ga6-4111-dyc9

vulnerability	VCID-4xax-xw67-2qfv

vulnerability	VCID-4xdb-1kww-sfdh

vulnerability	VCID-56eq-awhd-d3fr

vulnerability	VCID-5cpd-kjpb-ekhv

vulnerability	VCID-5yxa-ubfq-fqdx

vulnerability	VCID-5zmy-2ape-7qfa

vulnerability	VCID-6c7g-ws6x-yygu

vulnerability	VCID-6gjt-zsju-47a3

vulnerability	VCID-6ksf-tekv-dud3

vulnerability	VCID-6vg9-hu9u-q7c3

vulnerability	VCID-71hr-1ews-9qa6

vulnerability	VCID-7zef-tgy9-kkh6

vulnerability	VCID-82kk-s7d6-f7he

vulnerability	VCID-835a-arqz-g7h7

vulnerability	VCID-8h35-s38x-buey

vulnerability	VCID-91n6-evww-zybp

vulnerability	VCID-98yf-mvnw-d3b4

vulnerability	VCID-9jm4-t1je-vqhm

vulnerability	VCID-9tq4-v733-hug3

vulnerability	VCID-amac-hqnj-xfgz

vulnerability	VCID-asrx-5a3k-r3gs

vulnerability	VCID-b3w3-h9cm-ufgm

vulnerability	VCID-bwd5-3jt5-pyb8

vulnerability	VCID-cahz-4dy7-bbe9

vulnerability	VCID-dh4r-77xc-cbas

vulnerability	VCID-due7-n14c-akfx

vulnerability	VCID-e737-kzbj-37gg

vulnerability	VCID-ez45-qkb4-xkba

vulnerability	VCID-fbjk-2uvy-mqfc

vulnerability	VCID-frbp-mhhr-8bdt

vulnerability	VCID-gz6e-b7dz-5qdf

vulnerability	VCID-h6sp-398p-pbeg

vulnerability	VCID-hah6-e5fc-juc5

vulnerability	VCID-hy75-nfg7-zfae

vulnerability	VCID-j86y-n37n-n7ft

vulnerability	VCID-jq98-gxbc-pydt

vulnerability	VCID-kh46-xrgm-9udx

vulnerability	VCID-ks8d-9vr8-4feh

vulnerability	VCID-mcbu-b45m-k3ck

vulnerability	VCID-njyy-ywer-x7bf

vulnerability	VCID-p9we-cpy2-17h4

vulnerability	VCID-pe8h-9hgu-j3hx

vulnerability	VCID-pybp-gfy8-2qcr

vulnerability	VCID-pypb-cezm-rkb2

vulnerability	VCID-q83y-d2x7-m7hv

vulnerability	VCID-q84t-8dac-93dm

vulnerability	VCID-qehu-58hj-67gn

vulnerability	VCID-qmpd-946c-gqbc

vulnerability	VCID-qr9h-6dg8-gkh3

vulnerability	VCID-quaj-w9r3-qya8

vulnerability	VCID-reu2-2xcq-fqa4

vulnerability	VCID-ryct-uaw3-fyfc

vulnerability	VCID-suwt-h1ze-mydu

vulnerability	VCID-t3ap-dzfp-1bd6

vulnerability	VCID-t476-g5u5-1yeh

vulnerability	VCID-trd4-8vc9-ufab

vulnerability	VCID-u5wv-47m4-8yd6

vulnerability	VCID-x9ns-34nt-gfer

vulnerability	VCID-xh7u-8ze6-cqhk

vulnerability	VCID-xt2u-n7bw-nben

vulnerability	VCID-xunf-mqrn-97f5

vulnerability	VCID-y7az-a4um-jqff

vulnerability	VCID-ydhm-m8vh-mber

vulnerability	VCID-z4w8-3mr1-63ed

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.8.2

References

reference_url	https://github.com/advisories/GHSA-8fg4-j562-mjrc
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-8fg4-j562-mjrc

reference_url	https://lists.apache.org/thread.html/ade4d54ebf614f68dc81a08891755e60ea58ba88e0209233eeea5f57@%3Cdev.airflow.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/ade4d54ebf614f68dc81a08891755e60ea58ba88e0209233eeea5f57@%3Cdev.airflow.apache.org%3E

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-15720
reference_id	CVE-2017-15720
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-15720

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	20
name	Improper Input Validation
description	The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xt2u-n7bw-nben

Vulnerability Instance