Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-pcsz-xwb8-7yh4
SummaryVyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Starting in version 0.3.8 and prior to version 0.4.0b1, when looping over a `range` of the form `range(start, start + N)`, if `start` is negative, the execution will always revert. This issue is caused by an incorrect assertion inserted by the code generation of the range `stmt.parse_For_range()`. The issue arises when `start` is signed, instead of using `sle`, `le` is used and `start` is interpreted as an unsigned integer for the comparison. If it is a negative number, its 255th bit is set to `1` and is hence interpreted as a very large unsigned integer making the assertion always fail. Any contract having a `range(start, start + N)` where `start` is a signed integer with the possibility for `start` to be negative is affected. If a call goes through the loop while supplying a negative `start` the execution will revert. Version 0.4.0b1 fixes the issue.
Aliases
0
alias CVE-2024-32481
1
alias GHSA-ppx5-q359-pvwj
2
alias PYSEC-2024-246
Fixed_packages
0
url pkg:pypi/vyper@0.4.0b1
purl pkg:pypi/vyper@0.4.0b1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1r9c-w5zc-6ker
1
vulnerability VCID-djvb-mdjy-b7g5
2
vulnerability VCID-m355-31jd-1kfq
3
vulnerability VCID-qfyr-upmm-duea
4
vulnerability VCID-vz6u-kbjy-hkfc
5
vulnerability VCID-wc7x-rsqa-bkcm
6
vulnerability VCID-wmen-dnf4-2kef
7
vulnerability VCID-x4dz-scmh-b7dj
8
vulnerability VCID-zkhz-ckgg-hkat
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/vyper@0.4.0b1
1
url pkg:pypi/vyper@0.4.0
purl pkg:pypi/vyper@0.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1r9c-w5zc-6ker
1
vulnerability VCID-djvb-mdjy-b7g5
2
vulnerability VCID-m355-31jd-1kfq
3
vulnerability VCID-wc7x-rsqa-bkcm
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/vyper@0.4.0
Affected_packages
0
url pkg:pypi/vyper@0.3.8
purl pkg:pypi/vyper@0.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q3x-5eug-afdg
1
vulnerability VCID-1r9c-w5zc-6ker
2
vulnerability VCID-27ed-mhnf-ykgz
3
vulnerability VCID-7nbf-6rd9-2uap
4
vulnerability VCID-br4v-y1ka-wbh2
5
vulnerability VCID-c8rf-ec8a-gybs
6
vulnerability VCID-cp7n-z6w9-k3bn
7
vulnerability VCID-cpb5-3f58-5ueb
8
vulnerability VCID-djvb-mdjy-b7g5
9
vulnerability VCID-h6ck-r6j1-yuhp
10
vulnerability VCID-m355-31jd-1kfq
11
vulnerability VCID-pcsz-xwb8-7yh4
12
vulnerability VCID-qfyr-upmm-duea
13
vulnerability VCID-shx9-8v43-9qem
14
vulnerability VCID-sy1y-q8ym-f3ft
15
vulnerability VCID-vchm-6wyg-83hk
16
vulnerability VCID-vz6u-kbjy-hkfc
17
vulnerability VCID-wc7x-rsqa-bkcm
18
vulnerability VCID-wmen-dnf4-2kef
19
vulnerability VCID-x4dz-scmh-b7dj
20
vulnerability VCID-x6fh-e77r-pycx
21
vulnerability VCID-zkhz-ckgg-hkat
22
vulnerability VCID-zsnu-88np-fyet
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/vyper@0.3.8
1
url pkg:pypi/vyper@0.3.9
purl pkg:pypi/vyper@0.3.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q3x-5eug-afdg
1
vulnerability VCID-1r9c-w5zc-6ker
2
vulnerability VCID-7nbf-6rd9-2uap
3
vulnerability VCID-br4v-y1ka-wbh2
4
vulnerability VCID-c8rf-ec8a-gybs
5
vulnerability VCID-cp7n-z6w9-k3bn
6
vulnerability VCID-cpb5-3f58-5ueb
7
vulnerability VCID-djvb-mdjy-b7g5
8
vulnerability VCID-h6ck-r6j1-yuhp
9
vulnerability VCID-m355-31jd-1kfq
10
vulnerability VCID-pcsz-xwb8-7yh4
11
vulnerability VCID-qfyr-upmm-duea
12
vulnerability VCID-shx9-8v43-9qem
13
vulnerability VCID-sy1y-q8ym-f3ft
14
vulnerability VCID-vchm-6wyg-83hk
15
vulnerability VCID-vz6u-kbjy-hkfc
16
vulnerability VCID-wc7x-rsqa-bkcm
17
vulnerability VCID-wmen-dnf4-2kef
18
vulnerability VCID-x4dz-scmh-b7dj
19
vulnerability VCID-x6fh-e77r-pycx
20
vulnerability VCID-zkhz-ckgg-hkat
21
vulnerability VCID-zsnu-88np-fyet
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/vyper@0.3.9
2
url pkg:pypi/vyper@0.3.10rc1
purl pkg:pypi/vyper@0.3.10rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q3x-5eug-afdg
1
vulnerability VCID-1r9c-w5zc-6ker
2
vulnerability VCID-br4v-y1ka-wbh2
3
vulnerability VCID-c8rf-ec8a-gybs
4
vulnerability VCID-cp7n-z6w9-k3bn
5
vulnerability VCID-cpb5-3f58-5ueb
6
vulnerability VCID-djvb-mdjy-b7g5
7
vulnerability VCID-h6ck-r6j1-yuhp
8
vulnerability VCID-m355-31jd-1kfq
9
vulnerability VCID-pcsz-xwb8-7yh4
10
vulnerability VCID-qfyr-upmm-duea
11
vulnerability VCID-shx9-8v43-9qem
12
vulnerability VCID-vchm-6wyg-83hk
13
vulnerability VCID-vz6u-kbjy-hkfc
14
vulnerability VCID-wc7x-rsqa-bkcm
15
vulnerability VCID-wmen-dnf4-2kef
16
vulnerability VCID-x4dz-scmh-b7dj
17
vulnerability VCID-x6fh-e77r-pycx
18
vulnerability VCID-zkhz-ckgg-hkat
19
vulnerability VCID-zsnu-88np-fyet
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/vyper@0.3.10rc1
3
url pkg:pypi/vyper@0.3.10rc2
purl pkg:pypi/vyper@0.3.10rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q3x-5eug-afdg
1
vulnerability VCID-1r9c-w5zc-6ker
2
vulnerability VCID-br4v-y1ka-wbh2
3
vulnerability VCID-c8rf-ec8a-gybs
4
vulnerability VCID-cp7n-z6w9-k3bn
5
vulnerability VCID-cpb5-3f58-5ueb
6
vulnerability VCID-djvb-mdjy-b7g5
7
vulnerability VCID-h6ck-r6j1-yuhp
8
vulnerability VCID-m355-31jd-1kfq
9
vulnerability VCID-pcsz-xwb8-7yh4
10
vulnerability VCID-qfyr-upmm-duea
11
vulnerability VCID-shx9-8v43-9qem
12
vulnerability VCID-vchm-6wyg-83hk
13
vulnerability VCID-vz6u-kbjy-hkfc
14
vulnerability VCID-wc7x-rsqa-bkcm
15
vulnerability VCID-wmen-dnf4-2kef
16
vulnerability VCID-x4dz-scmh-b7dj
17
vulnerability VCID-x6fh-e77r-pycx
18
vulnerability VCID-zkhz-ckgg-hkat
19
vulnerability VCID-zsnu-88np-fyet
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/vyper@0.3.10rc2
4
url pkg:pypi/vyper@0.3.10rc3
purl pkg:pypi/vyper@0.3.10rc3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q3x-5eug-afdg
1
vulnerability VCID-1r9c-w5zc-6ker
2
vulnerability VCID-br4v-y1ka-wbh2
3
vulnerability VCID-c8rf-ec8a-gybs
4
vulnerability VCID-cp7n-z6w9-k3bn
5
vulnerability VCID-cpb5-3f58-5ueb
6
vulnerability VCID-djvb-mdjy-b7g5
7
vulnerability VCID-h6ck-r6j1-yuhp
8
vulnerability VCID-m355-31jd-1kfq
9
vulnerability VCID-pcsz-xwb8-7yh4
10
vulnerability VCID-qfyr-upmm-duea
11
vulnerability VCID-shx9-8v43-9qem
12
vulnerability VCID-vchm-6wyg-83hk
13
vulnerability VCID-vz6u-kbjy-hkfc
14
vulnerability VCID-wc7x-rsqa-bkcm
15
vulnerability VCID-wmen-dnf4-2kef
16
vulnerability VCID-x4dz-scmh-b7dj
17
vulnerability VCID-x6fh-e77r-pycx
18
vulnerability VCID-zkhz-ckgg-hkat
19
vulnerability VCID-zsnu-88np-fyet
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/vyper@0.3.10rc3
5
url pkg:pypi/vyper@0.3.10rc4
purl pkg:pypi/vyper@0.3.10rc4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q3x-5eug-afdg
1
vulnerability VCID-1r9c-w5zc-6ker
2
vulnerability VCID-br4v-y1ka-wbh2
3
vulnerability VCID-c8rf-ec8a-gybs
4
vulnerability VCID-cp7n-z6w9-k3bn
5
vulnerability VCID-cpb5-3f58-5ueb
6
vulnerability VCID-djvb-mdjy-b7g5
7
vulnerability VCID-h6ck-r6j1-yuhp
8
vulnerability VCID-m355-31jd-1kfq
9
vulnerability VCID-pcsz-xwb8-7yh4
10
vulnerability VCID-qfyr-upmm-duea
11
vulnerability VCID-shx9-8v43-9qem
12
vulnerability VCID-vchm-6wyg-83hk
13
vulnerability VCID-vz6u-kbjy-hkfc
14
vulnerability VCID-wc7x-rsqa-bkcm
15
vulnerability VCID-wmen-dnf4-2kef
16
vulnerability VCID-x4dz-scmh-b7dj
17
vulnerability VCID-x6fh-e77r-pycx
18
vulnerability VCID-zkhz-ckgg-hkat
19
vulnerability VCID-zsnu-88np-fyet
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/vyper@0.3.10rc4
6
url pkg:pypi/vyper@0.3.10rc5
purl pkg:pypi/vyper@0.3.10rc5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1q3x-5eug-afdg
1
vulnerability VCID-1r9c-w5zc-6ker
2
vulnerability VCID-br4v-y1ka-wbh2
3
vulnerability VCID-c8rf-ec8a-gybs
4
vulnerability VCID-cp7n-z6w9-k3bn
5
vulnerability VCID-cpb5-3f58-5ueb
6
vulnerability VCID-djvb-mdjy-b7g5
7
vulnerability VCID-h6ck-r6j1-yuhp
8
vulnerability VCID-m355-31jd-1kfq
9
vulnerability VCID-pcsz-xwb8-7yh4
10
vulnerability VCID-qfyr-upmm-duea
11
vulnerability VCID-shx9-8v43-9qem
12
vulnerability VCID-vchm-6wyg-83hk
13
vulnerability VCID-vz6u-kbjy-hkfc
14
vulnerability VCID-wc7x-rsqa-bkcm
15
vulnerability VCID-wmen-dnf4-2kef
16
vulnerability VCID-x4dz-scmh-b7dj
17
vulnerability VCID-x6fh-e77r-pycx
18
vulnerability VCID-zkhz-ckgg-hkat
19
vulnerability VCID-zsnu-88np-fyet
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/vyper@0.3.10rc5
7
url pkg:pypi/vyper@0.3.10
purl pkg:pypi/vyper@0.3.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1r9c-w5zc-6ker
1
vulnerability VCID-br4v-y1ka-wbh2
2
vulnerability VCID-c8rf-ec8a-gybs
3
vulnerability VCID-cp7n-z6w9-k3bn
4
vulnerability VCID-djvb-mdjy-b7g5
5
vulnerability VCID-m355-31jd-1kfq
6
vulnerability VCID-pcsz-xwb8-7yh4
7
vulnerability VCID-qfyr-upmm-duea
8
vulnerability VCID-shx9-8v43-9qem
9
vulnerability VCID-vchm-6wyg-83hk
10
vulnerability VCID-vz6u-kbjy-hkfc
11
vulnerability VCID-wc7x-rsqa-bkcm
12
vulnerability VCID-wmen-dnf4-2kef
13
vulnerability VCID-x4dz-scmh-b7dj
14
vulnerability VCID-x6fh-e77r-pycx
15
vulnerability VCID-zkhz-ckgg-hkat
16
vulnerability VCID-zsnu-88np-fyet
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/vyper@0.3.10
References
0
reference_url https://github.com/vyperlang/vyper
reference_id
reference_type
scores
url https://github.com/vyperlang/vyper
1
reference_url https://github.com/vyperlang/vyper/blob/9136169468f317a53b4e7448389aa315f90b95ba/vyper/codegen/stmt.py#L286-L287
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://github.com/vyperlang/vyper/blob/9136169468f317a53b4e7448389aa315f90b95ba/vyper/codegen/stmt.py#L286-L287
2
reference_url https://github.com/vyperlang/vyper/commit/3de1415ee77a9244eb04bdb695e249d3ec9ed868
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://github.com/vyperlang/vyper/commit/3de1415ee77a9244eb04bdb695e249d3ec9ed868
3
reference_url https://github.com/vyperlang/vyper/commit/5319cfbe14951e007ccdb323257e5ada869b35d5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://github.com/vyperlang/vyper/commit/5319cfbe14951e007ccdb323257e5ada869b35d5
4
reference_url https://github.com/vyperlang/vyper/security/advisories/GHSA-ppx5-q359-pvwj
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://github.com/vyperlang/vyper/security/advisories/GHSA-ppx5-q359-pvwj
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-32481
reference_id CVE-2024-32481
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-32481
6
reference_url https://github.com/advisories/GHSA-ppx5-q359-pvwj
reference_id GHSA-ppx5-q359-pvwj
reference_type
scores
url https://github.com/advisories/GHSA-ppx5-q359-pvwj
Weaknesses
0
cwe_id 681
name Incorrect Conversion between Numeric Types
description When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score5.3 - 5.3
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-pcsz-xwb8-7yh4