Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-ckmm-q8cj-8ba2
SummaryIn Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting (XSS) vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML via the POST JSON data of the /CodeCheckerService API.
Aliases
0
alias CVE-2021-44217
1
alias GHSA-fxmx-pfm2-85m2
2
alias PYSEC-2022-43181
Fixed_packages
0
url pkg:pypi/codechecker@6.18.2
purl pkg:pypi/codechecker@6.18.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-34z1-k1dg-uqhh
1
vulnerability VCID-6urc-avwv-vbdk
2
vulnerability VCID-8qpt-75sy-mbes
3
vulnerability VCID-dxb5-cwgk-6uhg
4
vulnerability VCID-gyx5-u4sy-syge
5
vulnerability VCID-h6wn-2dtj-q7hq
6
vulnerability VCID-hjn3-aj1e-1ybc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.18.2
Affected_packages
0
url pkg:pypi/codechecker@6.16.0a1
purl pkg:pypi/codechecker@6.16.0a1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-34z1-k1dg-uqhh
1
vulnerability VCID-6urc-avwv-vbdk
2
vulnerability VCID-8qpt-75sy-mbes
3
vulnerability VCID-ckmm-q8cj-8ba2
4
vulnerability VCID-dxb5-cwgk-6uhg
5
vulnerability VCID-gyx5-u4sy-syge
6
vulnerability VCID-h6wn-2dtj-q7hq
7
vulnerability VCID-hjn3-aj1e-1ybc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.16.0a1
1
url pkg:pypi/codechecker@6.16.0
purl pkg:pypi/codechecker@6.16.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-34z1-k1dg-uqhh
1
vulnerability VCID-6urc-avwv-vbdk
2
vulnerability VCID-8qpt-75sy-mbes
3
vulnerability VCID-ckmm-q8cj-8ba2
4
vulnerability VCID-dxb5-cwgk-6uhg
5
vulnerability VCID-gyx5-u4sy-syge
6
vulnerability VCID-h6wn-2dtj-q7hq
7
vulnerability VCID-hjn3-aj1e-1ybc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.16.0
2
url pkg:pypi/codechecker@6.17.0
purl pkg:pypi/codechecker@6.17.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-34z1-k1dg-uqhh
1
vulnerability VCID-6urc-avwv-vbdk
2
vulnerability VCID-8qpt-75sy-mbes
3
vulnerability VCID-ckmm-q8cj-8ba2
4
vulnerability VCID-dxb5-cwgk-6uhg
5
vulnerability VCID-gyx5-u4sy-syge
6
vulnerability VCID-h6wn-2dtj-q7hq
7
vulnerability VCID-hjn3-aj1e-1ybc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.17.0
3
url pkg:pypi/codechecker@6.18.0
purl pkg:pypi/codechecker@6.18.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-34z1-k1dg-uqhh
1
vulnerability VCID-6urc-avwv-vbdk
2
vulnerability VCID-8qpt-75sy-mbes
3
vulnerability VCID-ckmm-q8cj-8ba2
4
vulnerability VCID-dxb5-cwgk-6uhg
5
vulnerability VCID-gyx5-u4sy-syge
6
vulnerability VCID-h6wn-2dtj-q7hq
7
vulnerability VCID-hjn3-aj1e-1ybc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.18.0
4
url pkg:pypi/codechecker@6.18.1
purl pkg:pypi/codechecker@6.18.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-34z1-k1dg-uqhh
1
vulnerability VCID-6urc-avwv-vbdk
2
vulnerability VCID-8qpt-75sy-mbes
3
vulnerability VCID-ckmm-q8cj-8ba2
4
vulnerability VCID-dxb5-cwgk-6uhg
5
vulnerability VCID-gyx5-u4sy-syge
6
vulnerability VCID-h6wn-2dtj-q7hq
7
vulnerability VCID-hjn3-aj1e-1ybc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.18.1
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-44217
reference_id
reference_type
scores
0
value 0.00741
scoring_system epss
scoring_elements 0.73324
published_at 2026-06-04T12:55:00Z
1
value 0.00741
scoring_system epss
scoring_elements 0.73339
published_at 2026-06-08T12:55:00Z
2
value 0.00741
scoring_system epss
scoring_elements 0.73352
published_at 2026-06-07T12:55:00Z
3
value 0.00741
scoring_system epss
scoring_elements 0.73366
published_at 2026-06-06T12:55:00Z
4
value 0.00741
scoring_system epss
scoring_elements 0.7336
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-44217
1
reference_url https://codechecker-demo.eastus.cloudapp.azure.com
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://codechecker-demo.eastus.cloudapp.azure.com
2
reference_url https://codechecker-demo.eastus.cloudapp.azure.com/
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://codechecker-demo.eastus.cloudapp.azure.com/
3
reference_url https://github.com/Ericsson/codechecker
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Ericsson/codechecker
4
reference_url https://github.com/Ericsson/codechecker/commit/72ee51158e6d81150320223b85410c179b9ee2b1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Ericsson/codechecker/commit/72ee51158e6d81150320223b85410c179b9ee2b1
5
reference_url https://github.com/Ericsson/codechecker/pull/3549
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Ericsson/codechecker/pull/3549
6
reference_url https://github.com/Ericsson/codechecker/releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Ericsson/codechecker/releases
7
reference_url https://github.com/Ericsson/codechecker/releases/tag/v6.18.2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Ericsson/codechecker/releases/tag/v6.18.2
8
reference_url https://github.com/Hyperkopite/CVE-2021-44217/blob/main/README.md
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Hyperkopite/CVE-2021-44217/blob/main/README.md
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/codechecker-api/PYSEC-2022-43181.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/codechecker-api/PYSEC-2022-43181.yaml
10
reference_url https://user-images.githubusercontent.com/9525971/142965091-e118b012-a7fc-4c2f-ad0c-80aeed6f7ec9.png
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://user-images.githubusercontent.com/9525971/142965091-e118b012-a7fc-4c2f-ad0c-80aeed6f7ec9.png
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-44217
reference_id CVE-2021-44217
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-44217
12
reference_url https://github.com/advisories/GHSA-fxmx-pfm2-85m2
reference_id GHSA-fxmx-pfm2-85m2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fxmx-pfm2-85m2
Weaknesses
0
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-ckmm-q8cj-8ba2