Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-esps-vak5-bqcp

Summary Unchecked JSON input can crash the servermore details

Aliases

alias	CVE-2015-5289

Fixed_packages

url pkg:deb/debian/postgresql-9.4@9.4.7-0%2Bdeb8u1~bpo70%2B2

purl pkg:deb/debian/postgresql-9.4@9.4.7-0%2Bdeb8u1~bpo70%2B2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3qrq-rc38-13ep

vulnerability	VCID-45vk-2xsq-cffk

vulnerability	VCID-723y-bsbd-6kfd

vulnerability	VCID-8bu8-zpfv-8bgg

vulnerability	VCID-9b6v-1bt1-dfgy

vulnerability	VCID-csfh-831q-rqfv

vulnerability	VCID-d362-bmcf-3kdz

vulnerability	VCID-qn5k-y64c-7ffc

vulnerability	VCID-um7d-pzhb-n3c9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/postgresql-9.4@9.4.7-0%252Bdeb8u1~bpo70%252B2

url	pkg:ebuild/dev-db/postgresql@9.1.23
purl	pkg:ebuild/dev-db/postgresql@9.1.23
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-db/postgresql@9.1.23

url	pkg:ebuild/dev-db/postgresql@9.2.18
purl	pkg:ebuild/dev-db/postgresql@9.2.18
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-db/postgresql@9.2.18

url	pkg:ebuild/dev-db/postgresql@9.3.14
purl	pkg:ebuild/dev-db/postgresql@9.3.14
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-db/postgresql@9.3.14

url	pkg:ebuild/dev-db/postgresql@9.4.9
purl	pkg:ebuild/dev-db/postgresql@9.4.9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-db/postgresql@9.4.9

url	pkg:ebuild/dev-db/postgresql@9.5.4
purl	pkg:ebuild/dev-db/postgresql@9.5.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-db/postgresql@9.5.4

url	pkg:generic/postgresql@9.3.10
purl	pkg:generic/postgresql@9.3.10
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:generic/postgresql@9.3.10

url	pkg:generic/postgresql@9.4.5
purl	pkg:generic/postgresql@9.4.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:generic/postgresql@9.4.5

Affected_packages

url pkg:deb/debian/postgresql-9.4@9.4.1-1

purl pkg:deb/debian/postgresql-9.4@9.4.1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qap-rdxz-4uer

vulnerability	VCID-3qrq-rc38-13ep

vulnerability	VCID-45vk-2xsq-cffk

vulnerability	VCID-625c-amyd-dybm

vulnerability	VCID-723y-bsbd-6kfd

vulnerability	VCID-8bu8-zpfv-8bgg

vulnerability	VCID-9b6v-1bt1-dfgy

vulnerability	VCID-csfh-831q-rqfv

vulnerability	VCID-d362-bmcf-3kdz

vulnerability	VCID-esps-vak5-bqcp

vulnerability	VCID-fd5z-bj21-m3a5

vulnerability	VCID-h58p-g575-bkg6

vulnerability	VCID-mebz-9qb7-5bd2

vulnerability	VCID-qn5k-y64c-7ffc

vulnerability	VCID-t864-ytjh-nyg1

vulnerability	VCID-um7d-pzhb-n3c9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/postgresql-9.4@9.4.1-1

url pkg:generic/postgresql@9.3.0

purl pkg:generic/postgresql@9.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qap-rdxz-4uer

vulnerability	VCID-3qrq-rc38-13ep

vulnerability	VCID-45vk-2xsq-cffk

vulnerability	VCID-625c-amyd-dybm

vulnerability	VCID-723y-bsbd-6kfd

vulnerability	VCID-7xfn-1fv3-1bgv

vulnerability	VCID-8bu8-zpfv-8bgg

vulnerability	VCID-8cbh-gwwy-n3eq

vulnerability	VCID-8j4f-u2tq-1qev

vulnerability	VCID-9b6v-1bt1-dfgy

vulnerability	VCID-a3sh-4t1e-tbh4

vulnerability	VCID-bqag-mh3g-fqe7

vulnerability	VCID-csfh-831q-rqfv

vulnerability	VCID-d362-bmcf-3kdz

vulnerability	VCID-esps-vak5-bqcp

vulnerability	VCID-f976-dd3s-fuc8

vulnerability	VCID-fd5z-bj21-m3a5

vulnerability	VCID-k38h-5crc-u3hr

vulnerability	VCID-kbgc-w2jw-auh8

vulnerability	VCID-mebz-9qb7-5bd2

vulnerability	VCID-nz16-gzhk-h3c1

vulnerability	VCID-pvxg-byvu-pbec

vulnerability	VCID-qn5k-y64c-7ffc

vulnerability	VCID-qnt9-qr7p-wkhy

vulnerability	VCID-raqj-ezua-skeb

vulnerability	VCID-reab-s9cu-yudn

vulnerability	VCID-sq2s-cvrs-7uhh

vulnerability	VCID-t864-ytjh-nyg1

vulnerability	VCID-w518-wkek-97ag

vulnerability	VCID-wcsh-zz5q-qqbf

vulnerability	VCID-z4t8-c8vc-ayhd

vulnerability	VCID-zbj3-7xug-43f6

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/postgresql@9.3.0

url pkg:generic/postgresql@9.4.0

purl pkg:generic/postgresql@9.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qap-rdxz-4uer

vulnerability	VCID-3qrq-rc38-13ep

vulnerability	VCID-45vk-2xsq-cffk

vulnerability	VCID-625c-amyd-dybm

vulnerability	VCID-723y-bsbd-6kfd

vulnerability	VCID-7xfn-1fv3-1bgv

vulnerability	VCID-8bu8-zpfv-8bgg

vulnerability	VCID-9b6v-1bt1-dfgy

vulnerability	VCID-a3sh-4t1e-tbh4

vulnerability	VCID-bb5j-e9vw-mbd1

vulnerability	VCID-bqag-mh3g-fqe7

vulnerability	VCID-csfh-831q-rqfv

vulnerability	VCID-d362-bmcf-3kdz

vulnerability	VCID-esps-vak5-bqcp

vulnerability	VCID-f976-dd3s-fuc8

vulnerability	VCID-fd5z-bj21-m3a5

vulnerability	VCID-k38h-5crc-u3hr

vulnerability	VCID-mebz-9qb7-5bd2

vulnerability	VCID-qn5k-y64c-7ffc

vulnerability	VCID-qnt9-qr7p-wkhy

vulnerability	VCID-raqj-ezua-skeb

vulnerability	VCID-sq2s-cvrs-7uhh

vulnerability	VCID-t864-ytjh-nyg1

vulnerability	VCID-um7d-pzhb-n3c9

vulnerability	VCID-wcsh-zz5q-qqbf

vulnerability	VCID-z4t8-c8vc-ayhd

vulnerability	VCID-zbj3-7xug-43f6

vulnerability	VCID-zrcc-w98g-gfhk

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/postgresql@9.4.0

url pkg:rpm/redhat/postgresql@9.2.14-1?arch=ael7b_1

purl pkg:rpm/redhat/postgresql@9.2.14-1?arch=ael7b_1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-esps-vak5-bqcp

vulnerability	VCID-fd5z-bj21-m3a5

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/postgresql@9.2.14-1%3Farch=ael7b_1

url pkg:rpm/redhat/postgresql92-postgresql@9.2.14-1?arch=el7

purl pkg:rpm/redhat/postgresql92-postgresql@9.2.14-1?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-esps-vak5-bqcp

vulnerability	VCID-fd5z-bj21-m3a5

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/postgresql92-postgresql@9.2.14-1%3Farch=el7

url pkg:rpm/redhat/postgresql92-postgresql@9.2.14-1?arch=el6

purl pkg:rpm/redhat/postgresql92-postgresql@9.2.14-1?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-esps-vak5-bqcp

vulnerability	VCID-fd5z-bj21-m3a5

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/postgresql92-postgresql@9.2.14-1%3Farch=el6

url pkg:rpm/redhat/rh-postgresql94-postgresql@9.4.5-1?arch=el7

purl pkg:rpm/redhat/rh-postgresql94-postgresql@9.4.5-1?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-esps-vak5-bqcp

vulnerability	VCID-fd5z-bj21-m3a5

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-postgresql94-postgresql@9.4.5-1%3Farch=el7

url pkg:rpm/redhat/rh-postgresql94-postgresql@9.4.5-1?arch=el6

purl pkg:rpm/redhat/rh-postgresql94-postgresql@9.4.5-1?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-esps-vak5-bqcp

vulnerability	VCID-fd5z-bj21-m3a5

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-postgresql94-postgresql@9.4.5-1%3Farch=el6

References

reference_url	http://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commit%3Bh=08fa47c4850cea32c3116665975bca219fbf2fe6
reference_id
reference_type
scores
url	http://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commit%3Bh=08fa47c4850cea32c3116665975bca219fbf2fe6

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172316.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172316.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169094.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169094.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html

reference_url	http://lists.opensuse.org/opensuse-updates/2015-11/msg00033.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2015-11/msg00033.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5289.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5289.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-5289

reference_id

reference_type

scores

value	0.09972
scoring_system	epss
scoring_elements	0.93062
published_at	2026-04-21T12:55:00Z

value	0.09972
scoring_system	epss
scoring_elements	0.93013
published_at	2026-04-01T12:55:00Z

value	0.09972
scoring_system	epss
scoring_elements	0.93052
published_at	2026-04-16T12:55:00Z

value	0.09972
scoring_system	epss
scoring_elements	0.93055
published_at	2026-04-18T12:55:00Z

value	0.09972
scoring_system	epss
scoring_elements	0.93022
published_at	2026-04-02T12:55:00Z

value	0.09972
scoring_system	epss
scoring_elements	0.93026
published_at	2026-04-04T12:55:00Z

value	0.09972
scoring_system	epss
scoring_elements	0.93025
published_at	2026-04-07T12:55:00Z

value	0.09972
scoring_system	epss
scoring_elements	0.93033
published_at	2026-04-08T12:55:00Z

value	0.09972
scoring_system	epss
scoring_elements	0.93038
published_at	2026-04-09T12:55:00Z

value	0.09972
scoring_system	epss
scoring_elements	0.93043
published_at	2026-04-11T12:55:00Z

value	0.09972
scoring_system	epss
scoring_elements	0.9304
published_at	2026-04-12T12:55:00Z

value	0.09972
scoring_system	epss
scoring_elements	0.93042
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-5289

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5288
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5288

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5289
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5289

reference_url	https://www.postgresql.org/about/news/2015-10-08-security-update-release-1615/
reference_id
reference_type
scores
url	https://www.postgresql.org/about/news/2015-10-08-security-update-release-1615/

reference_url

https://www.postgresql.org/support/security/CVE-2015-5289/

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	['AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H']

url

https://www.postgresql.org/support/security/CVE-2015-5289/

reference_url	http://www.debian.org/security/2015/dsa-3374
reference_id
reference_type
scores
url	http://www.debian.org/security/2015/dsa-3374

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

reference_url	http://www.postgresql.org/about/news/1615/
reference_id
reference_type
scores
url	http://www.postgresql.org/about/news/1615/

reference_url	http://www.postgresql.org/docs/9.3/static/release-9-3-10.html
reference_id
reference_type
scores
url	http://www.postgresql.org/docs/9.3/static/release-9-3-10.html

reference_url	http://www.postgresql.org/docs/9.4/static/release-9-4-5.html
reference_id
reference_type
scores
url	http://www.postgresql.org/docs/9.4/static/release-9-4-5.html

reference_url	http://www.securityfocus.com/bid/77048
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/77048

reference_url	http://www.securitytracker.com/id/1033775
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1033775

reference_url	http://www.ubuntu.com/usn/USN-2772-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2772-1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1270312
reference_id	1270312
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1270312

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:postgresql:postgresql::::::::
reference_id	cpe:2.3:a:postgresql:postgresql::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:postgresql:postgresql::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::-:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.04::::-:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::-:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-5289

reference_id

CVE-2015-5289

reference_type

scores

value	6.4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2015-5289

reference_url	https://security.gentoo.org/glsa/201701-33
reference_id	GLSA-201701-33
reference_type
scores
url	https://security.gentoo.org/glsa/201701-33

reference_url	https://access.redhat.com/errata/RHSA-2015:2077
reference_id	RHSA-2015:2077
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2077

reference_url	https://access.redhat.com/errata/RHSA-2015:2078
reference_id	RHSA-2015:2078
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2078

reference_url	https://access.redhat.com/errata/RHSA-2015:2083
reference_id	RHSA-2015:2083
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2083

reference_url	https://usn.ubuntu.com/2772-1/
reference_id	USN-2772-1
reference_type
scores
url	https://usn.ubuntu.com/2772-1/

Weaknesses

cwe_id	131
name	Incorrect Calculation of Buffer Size
description	The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

cwe_id	674
name	Uncontrolled Recursion
description	The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

cwe_id	119
name	Improper Restriction of Operations within the Bounds of a Memory Buffer
description	The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Exploits

Severity_range_score 5.9 - 6.4

Exploitability 0.5

Weighted_severity 5.8

Risk_score 2.9

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-esps-vak5-bqcp

Vulnerability Instance