Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-61dw-bszt-7be4
Summaryslixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin (Persistent Storage of Private Data via PubSub) options profile, used for the configuration of default access model that can result in all of the contacts of the victim can see private data having been published to a PEP node. This attack appears to be exploitable if the user of this library publishes any private data on PEP, the node isn't configured to be private. This vulnerability appears to have been fixed in commit 7cd73b594e8122dddf847953fcfc85ab4d316416 which is included in slixmpp 1.4.2.
Aliases
0
alias CVE-2019-1000021
1
alias GHSA-4g62-mfwx-4q48
2
alias PYSEC-2019-121
Fixed_packages
0
url pkg:pypi/slixmpp@1.4.2
purl pkg:pypi/slixmpp@1.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-get1-2fht-u7bu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/slixmpp@1.4.2
Affected_packages
0
url pkg:pypi/slixmpp@1.0
purl pkg:pypi/slixmpp@1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4gvs-chkc-juef
1
vulnerability VCID-61dw-bszt-7be4
2
vulnerability VCID-get1-2fht-u7bu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/slixmpp@1.0
1
url pkg:pypi/slixmpp@1.0.post1
purl pkg:pypi/slixmpp@1.0.post1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4gvs-chkc-juef
1
vulnerability VCID-61dw-bszt-7be4
2
vulnerability VCID-get1-2fht-u7bu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/slixmpp@1.0.post1
2
url pkg:pypi/slixmpp@1.0.post2
purl pkg:pypi/slixmpp@1.0.post2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4gvs-chkc-juef
1
vulnerability VCID-61dw-bszt-7be4
2
vulnerability VCID-get1-2fht-u7bu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/slixmpp@1.0.post2
3
url pkg:pypi/slixmpp@1.0.post3
purl pkg:pypi/slixmpp@1.0.post3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4gvs-chkc-juef
1
vulnerability VCID-61dw-bszt-7be4
2
vulnerability VCID-get1-2fht-u7bu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/slixmpp@1.0.post3
4
url pkg:pypi/slixmpp@1.0.post4
purl pkg:pypi/slixmpp@1.0.post4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4gvs-chkc-juef
1
vulnerability VCID-61dw-bszt-7be4
2
vulnerability VCID-get1-2fht-u7bu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/slixmpp@1.0.post4
5
url pkg:pypi/slixmpp@1.0.post5
purl pkg:pypi/slixmpp@1.0.post5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4gvs-chkc-juef
1
vulnerability VCID-61dw-bszt-7be4
2
vulnerability VCID-get1-2fht-u7bu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/slixmpp@1.0.post5
6
url pkg:pypi/slixmpp@1.1
purl pkg:pypi/slixmpp@1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4gvs-chkc-juef
1
vulnerability VCID-61dw-bszt-7be4
2
vulnerability VCID-get1-2fht-u7bu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/slixmpp@1.1
7
url pkg:pypi/slixmpp@1.2
purl pkg:pypi/slixmpp@1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4gvs-chkc-juef
1
vulnerability VCID-61dw-bszt-7be4
2
vulnerability VCID-get1-2fht-u7bu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/slixmpp@1.2
8
url pkg:pypi/slixmpp@1.2.1
purl pkg:pypi/slixmpp@1.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4gvs-chkc-juef
1
vulnerability VCID-61dw-bszt-7be4
2
vulnerability VCID-get1-2fht-u7bu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/slixmpp@1.2.1
9
url pkg:pypi/slixmpp@1.2.2
purl pkg:pypi/slixmpp@1.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4gvs-chkc-juef
1
vulnerability VCID-61dw-bszt-7be4
2
vulnerability VCID-get1-2fht-u7bu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/slixmpp@1.2.2
10
url pkg:pypi/slixmpp@1.2.3
purl pkg:pypi/slixmpp@1.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4gvs-chkc-juef
1
vulnerability VCID-61dw-bszt-7be4
2
vulnerability VCID-get1-2fht-u7bu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/slixmpp@1.2.3
11
url pkg:pypi/slixmpp@1.2.4
purl pkg:pypi/slixmpp@1.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-61dw-bszt-7be4
1
vulnerability VCID-get1-2fht-u7bu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/slixmpp@1.2.4
12
url pkg:pypi/slixmpp@1.2.4.post1
purl pkg:pypi/slixmpp@1.2.4.post1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-61dw-bszt-7be4
1
vulnerability VCID-get1-2fht-u7bu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/slixmpp@1.2.4.post1
13
url pkg:pypi/slixmpp@1.3.0
purl pkg:pypi/slixmpp@1.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-61dw-bszt-7be4
1
vulnerability VCID-get1-2fht-u7bu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/slixmpp@1.3.0
14
url pkg:pypi/slixmpp@1.4.0
purl pkg:pypi/slixmpp@1.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-61dw-bszt-7be4
1
vulnerability VCID-get1-2fht-u7bu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/slixmpp@1.4.0
15
url pkg:pypi/slixmpp@1.4.1
purl pkg:pypi/slixmpp@1.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-61dw-bszt-7be4
1
vulnerability VCID-get1-2fht-u7bu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/slixmpp@1.4.1
References
0
reference_url https://github.com/poezio/slixmpp
reference_id
reference_type
scores
url https://github.com/poezio/slixmpp
1
reference_url https://github.com/poezio/slixmpp/commit/7cd73b594e8122dddf847953fcfc85ab4d316416
reference_id
reference_type
scores
url https://github.com/poezio/slixmpp/commit/7cd73b594e8122dddf847953fcfc85ab4d316416
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/slixmpp/PYSEC-2019-121.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/slixmpp/PYSEC-2019-121.yaml
3
reference_url https://lab.louiz.org/poezio/slixmpp/commit/7cd73b594e8122dddf847953fcfc85ab4d316416
reference_id
reference_type
scores
url https://lab.louiz.org/poezio/slixmpp/commit/7cd73b594e8122dddf847953fcfc85ab4d316416
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GKBXN7EAAR7ENEZUBKV6C6MP6QBXYTWT
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GKBXN7EAAR7ENEZUBKV6C6MP6QBXYTWT
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GKBXN7EAAR7ENEZUBKV6C6MP6QBXYTWT/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GKBXN7EAAR7ENEZUBKV6C6MP6QBXYTWT/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WIBP4LD2V4TBJSLZXDUAGQMD6CUI2TZR
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WIBP4LD2V4TBJSLZXDUAGQMD6CUI2TZR
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WIBP4LD2V4TBJSLZXDUAGQMD6CUI2TZR/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WIBP4LD2V4TBJSLZXDUAGQMD6CUI2TZR/
8
reference_url https://xmpp.org/extensions/xep-0223.html#howitworks
reference_id
reference_type
scores
url https://xmpp.org/extensions/xep-0223.html#howitworks
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-1000021
reference_id CVE-2019-1000021
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-1000021
10
reference_url https://github.com/advisories/GHSA-4g62-mfwx-4q48
reference_id GHSA-4g62-mfwx-4q48
reference_type
scores
url https://github.com/advisories/GHSA-4g62-mfwx-4q48
Weaknesses
0
cwe_id 284
name Improper Access Control
description The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-61dw-bszt-7be4