Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-jjnq-w1uh-dudy
Summary
Incomplete List of Disallowed Inputs in Kubernetes
A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs.
Aliases
0
alias CVE-2021-25737
1
alias GHSA-mfv7-gq43-w965
Fixed_packages
0
url pkg:alpm/archlinux/kube-apiserver@1.21.1-1
purl pkg:alpm/archlinux/kube-apiserver@1.21.1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/kube-apiserver@1.21.1-1
1
url pkg:deb/debian/kubernetes@1.20.5%2Breally1.20.2-1?distro=trixie
purl pkg:deb/debian/kubernetes@1.20.5%2Breally1.20.2-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42kp-8t9h-dfat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.20.5%252Breally1.20.2-1%3Fdistro=trixie
2
url pkg:deb/debian/kubernetes@1.20.5%2Breally1.20.2-1.1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/kubernetes@1.20.5%2Breally1.20.2-1.1%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.20.5%252Breally1.20.2-1.1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/kubernetes@1.32.3%2Bds-2?distro=trixie
purl pkg:deb/debian/kubernetes@1.32.3%2Bds-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.32.3%252Bds-2%3Fdistro=trixie
4
url pkg:deb/debian/kubernetes@1.33.4%2Bds-1?distro=trixie
purl pkg:deb/debian/kubernetes@1.33.4%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.33.4%252Bds-1%3Fdistro=trixie
5
url pkg:golang/k8s.io/kubernetes@1.18.19
purl pkg:golang/k8s.io/kubernetes@1.18.19
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/k8s.io/kubernetes@1.18.19
6
url pkg:golang/k8s.io/kubernetes@1.19.11
purl pkg:golang/k8s.io/kubernetes@1.19.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/k8s.io/kubernetes@1.19.11
7
url pkg:golang/k8s.io/kubernetes@1.20.7
purl pkg:golang/k8s.io/kubernetes@1.20.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/k8s.io/kubernetes@1.20.7
8
url pkg:golang/k8s.io/kubernetes@1.21.1
purl pkg:golang/k8s.io/kubernetes@1.21.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/k8s.io/kubernetes@1.21.1
Affected_packages
0
url pkg:alpm/archlinux/kube-apiserver@1.21.0-1
purl pkg:alpm/archlinux/kube-apiserver@1.21.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jjnq-w1uh-dudy
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/kube-apiserver@1.21.0-1
1
url pkg:golang/k8s.io/kubernetes@1.21.0
purl pkg:golang/k8s.io/kubernetes@1.21.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jjnq-w1uh-dudy
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/k8s.io/kubernetes@1.21.0
2
url pkg:rpm/redhat/openshift@4.8.0-202107161820.p0.git.051ac4f.assembly.stream?arch=el7
purl pkg:rpm/redhat/openshift@4.8.0-202107161820.p0.git.051ac4f.assembly.stream?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jgn7-651b-p3cm
1
vulnerability VCID-jjnq-w1uh-dudy
2
vulnerability VCID-p2h1-hg14-3ke9
3
vulnerability VCID-w63n-2fx2-hyht
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift@4.8.0-202107161820.p0.git.051ac4f.assembly.stream%3Farch=el7
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25737.json
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25737.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-25737
reference_id
reference_type
scores
0
value 0.00379
scoring_system epss
scoring_elements 0.59401
published_at 2026-04-24T12:55:00Z
1
value 0.00379
scoring_system epss
scoring_elements 0.59426
published_at 2026-04-21T12:55:00Z
2
value 0.00379
scoring_system epss
scoring_elements 0.59444
published_at 2026-04-18T12:55:00Z
3
value 0.00379
scoring_system epss
scoring_elements 0.59438
published_at 2026-04-16T12:55:00Z
4
value 0.00379
scoring_system epss
scoring_elements 0.59406
published_at 2026-04-13T12:55:00Z
5
value 0.00379
scoring_system epss
scoring_elements 0.59424
published_at 2026-04-12T12:55:00Z
6
value 0.00379
scoring_system epss
scoring_elements 0.59441
published_at 2026-04-11T12:55:00Z
7
value 0.00379
scoring_system epss
scoring_elements 0.59422
published_at 2026-04-09T12:55:00Z
8
value 0.00379
scoring_system epss
scoring_elements 0.59408
published_at 2026-04-08T12:55:00Z
9
value 0.00379
scoring_system epss
scoring_elements 0.59293
published_at 2026-04-01T12:55:00Z
10
value 0.00379
scoring_system epss
scoring_elements 0.59357
published_at 2026-04-07T12:55:00Z
11
value 0.00379
scoring_system epss
scoring_elements 0.59367
published_at 2026-04-02T12:55:00Z
12
value 0.00379
scoring_system epss
scoring_elements 0.59391
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-25737
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25737
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25737
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/kubernetes/kubernetes
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes
5
reference_url https://github.com/kubernetes/kubernetes/issues/102106
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/issues/102106
6
reference_url https://groups.google.com/g/kubernetes-security-announce/c/xAiN3924thY
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/kubernetes-security-announce/c/xAiN3924thY
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25737
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-25737
8
reference_url https://security.netapp.com/advisory/ntap-20211004-0004
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20211004-0004
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1954917
reference_id 1954917
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1954917
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990793
reference_id 990793
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990793
11
reference_url https://security.archlinux.org/ASA-202106-29
reference_id ASA-202106-29
reference_type
scores
url https://security.archlinux.org/ASA-202106-29
12
reference_url https://security.archlinux.org/AVG-1970
reference_id AVG-1970
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1970
13
reference_url https://access.redhat.com/errata/RHSA-2021:2437
reference_id RHSA-2021:2437
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2437
Weaknesses
0
cwe_id 184
name Incomplete List of Disallowed Inputs
description The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete, leading to resultant weaknesses.
1
cwe_id 601
name URL Redirection to Untrusted Site ('Open Redirect')
description A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.
2
cwe_id 20
name Improper Input Validation
description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Exploits
Severity_range_score0.1 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-jjnq-w1uh-dudy