Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-dxb5-cwgk-6uhg
Summary
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of `CodeChecker store` are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine of `CodeChecker server`. The vulnerable endpoint is `/Default/v6.53/CodeCheckerService@massStoreRun`. The path traversal vulnerability allows reading data on the machine of the `CodeChecker server`, with the same permission level as the `CodeChecker server`.
The attack requires a user account on the `CodeChecker server`, with permission to store to a server, and view the stored report. This vulnerability has been patched in version 6.23.
Aliases
0
alias CVE-2023-49793
1
alias GHSA-h26w-r4m5-8rrf
2
alias PYSEC-2024-54
Fixed_packages
0
url pkg:pypi/codechecker@6.23.0
purl pkg:pypi/codechecker@6.23.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-34z1-k1dg-uqhh
1
vulnerability VCID-6urc-avwv-vbdk
2
vulnerability VCID-8qpt-75sy-mbes
3
vulnerability VCID-h6wn-2dtj-q7hq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.23.0
Affected_packages
0
url pkg:pypi/codechecker@6.16.0a1
purl pkg:pypi/codechecker@6.16.0a1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-34z1-k1dg-uqhh
1
vulnerability VCID-6urc-avwv-vbdk
2
vulnerability VCID-8qpt-75sy-mbes
3
vulnerability VCID-dxb5-cwgk-6uhg
4
vulnerability VCID-h6wn-2dtj-q7hq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.16.0a1
1
url pkg:pypi/codechecker@6.16.0
purl pkg:pypi/codechecker@6.16.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-34z1-k1dg-uqhh
1
vulnerability VCID-6urc-avwv-vbdk
2
vulnerability VCID-8qpt-75sy-mbes
3
vulnerability VCID-dxb5-cwgk-6uhg
4
vulnerability VCID-h6wn-2dtj-q7hq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.16.0
2
url pkg:pypi/codechecker@6.17.0
purl pkg:pypi/codechecker@6.17.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-34z1-k1dg-uqhh
1
vulnerability VCID-6urc-avwv-vbdk
2
vulnerability VCID-8qpt-75sy-mbes
3
vulnerability VCID-dxb5-cwgk-6uhg
4
vulnerability VCID-h6wn-2dtj-q7hq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.17.0
3
url pkg:pypi/codechecker@6.18.0
purl pkg:pypi/codechecker@6.18.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-34z1-k1dg-uqhh
1
vulnerability VCID-6urc-avwv-vbdk
2
vulnerability VCID-8qpt-75sy-mbes
3
vulnerability VCID-dxb5-cwgk-6uhg
4
vulnerability VCID-h6wn-2dtj-q7hq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.18.0
4
url pkg:pypi/codechecker@6.18.1
purl pkg:pypi/codechecker@6.18.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-34z1-k1dg-uqhh
1
vulnerability VCID-6urc-avwv-vbdk
2
vulnerability VCID-8qpt-75sy-mbes
3
vulnerability VCID-dxb5-cwgk-6uhg
4
vulnerability VCID-h6wn-2dtj-q7hq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.18.1
5
url pkg:pypi/codechecker@6.18.2
purl pkg:pypi/codechecker@6.18.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-34z1-k1dg-uqhh
1
vulnerability VCID-6urc-avwv-vbdk
2
vulnerability VCID-8qpt-75sy-mbes
3
vulnerability VCID-dxb5-cwgk-6uhg
4
vulnerability VCID-h6wn-2dtj-q7hq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.18.2
6
url pkg:pypi/codechecker@6.19.0
purl pkg:pypi/codechecker@6.19.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-34z1-k1dg-uqhh
1
vulnerability VCID-6urc-avwv-vbdk
2
vulnerability VCID-8qpt-75sy-mbes
3
vulnerability VCID-dxb5-cwgk-6uhg
4
vulnerability VCID-h6wn-2dtj-q7hq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.19.0
7
url pkg:pypi/codechecker@6.19.1
purl pkg:pypi/codechecker@6.19.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-34z1-k1dg-uqhh
1
vulnerability VCID-6urc-avwv-vbdk
2
vulnerability VCID-8qpt-75sy-mbes
3
vulnerability VCID-dxb5-cwgk-6uhg
4
vulnerability VCID-h6wn-2dtj-q7hq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.19.1
8
url pkg:pypi/codechecker@6.20.0rc1
purl pkg:pypi/codechecker@6.20.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-34z1-k1dg-uqhh
1
vulnerability VCID-6urc-avwv-vbdk
2
vulnerability VCID-8qpt-75sy-mbes
3
vulnerability VCID-dxb5-cwgk-6uhg
4
vulnerability VCID-h6wn-2dtj-q7hq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.20.0rc1
9
url pkg:pypi/codechecker@6.20.0
purl pkg:pypi/codechecker@6.20.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-34z1-k1dg-uqhh
1
vulnerability VCID-6urc-avwv-vbdk
2
vulnerability VCID-8qpt-75sy-mbes
3
vulnerability VCID-dxb5-cwgk-6uhg
4
vulnerability VCID-h6wn-2dtj-q7hq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.20.0
10
url pkg:pypi/codechecker@6.21.0rc1
purl pkg:pypi/codechecker@6.21.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-34z1-k1dg-uqhh
1
vulnerability VCID-6urc-avwv-vbdk
2
vulnerability VCID-8qpt-75sy-mbes
3
vulnerability VCID-dxb5-cwgk-6uhg
4
vulnerability VCID-h6wn-2dtj-q7hq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.21.0rc1
11
url pkg:pypi/codechecker@6.21.0
purl pkg:pypi/codechecker@6.21.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-34z1-k1dg-uqhh
1
vulnerability VCID-6urc-avwv-vbdk
2
vulnerability VCID-8qpt-75sy-mbes
3
vulnerability VCID-dxb5-cwgk-6uhg
4
vulnerability VCID-h6wn-2dtj-q7hq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.21.0
12
url pkg:pypi/codechecker@6.22.0rc1
purl pkg:pypi/codechecker@6.22.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-34z1-k1dg-uqhh
1
vulnerability VCID-6urc-avwv-vbdk
2
vulnerability VCID-8qpt-75sy-mbes
3
vulnerability VCID-dxb5-cwgk-6uhg
4
vulnerability VCID-h6wn-2dtj-q7hq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.22.0rc1
13
url pkg:pypi/codechecker@6.22.0
purl pkg:pypi/codechecker@6.22.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-34z1-k1dg-uqhh
1
vulnerability VCID-6urc-avwv-vbdk
2
vulnerability VCID-8qpt-75sy-mbes
3
vulnerability VCID-dxb5-cwgk-6uhg
4
vulnerability VCID-h6wn-2dtj-q7hq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.22.0
14
url pkg:pypi/codechecker@6.22.1
purl pkg:pypi/codechecker@6.22.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-34z1-k1dg-uqhh
1
vulnerability VCID-6urc-avwv-vbdk
2
vulnerability VCID-8qpt-75sy-mbes
3
vulnerability VCID-dxb5-cwgk-6uhg
4
vulnerability VCID-h6wn-2dtj-q7hq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.22.1
15
url pkg:pypi/codechecker@6.22.2
purl pkg:pypi/codechecker@6.22.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-34z1-k1dg-uqhh
1
vulnerability VCID-6urc-avwv-vbdk
2
vulnerability VCID-8qpt-75sy-mbes
3
vulnerability VCID-dxb5-cwgk-6uhg
4
vulnerability VCID-h6wn-2dtj-q7hq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.22.2
16
url pkg:pypi/codechecker@6.22.2.post1
purl pkg:pypi/codechecker@6.22.2.post1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-34z1-k1dg-uqhh
1
vulnerability VCID-6urc-avwv-vbdk
2
vulnerability VCID-8qpt-75sy-mbes
3
vulnerability VCID-dxb5-cwgk-6uhg
4
vulnerability VCID-h6wn-2dtj-q7hq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.22.2.post1
17
url pkg:pypi/codechecker@6.23.0rc2
purl pkg:pypi/codechecker@6.23.0rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-34z1-k1dg-uqhh
1
vulnerability VCID-6urc-avwv-vbdk
2
vulnerability VCID-8qpt-75sy-mbes
3
vulnerability VCID-dxb5-cwgk-6uhg
4
vulnerability VCID-h6wn-2dtj-q7hq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.23.0rc2
References
0
reference_url https://github.com/Ericsson/codechecker/commit/46bada41e32f3ba0f6011d5c556b579f6dddf07a
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://github.com/Ericsson/codechecker/commit/46bada41e32f3ba0f6011d5c556b579f6dddf07a
1
reference_url https://github.com/Ericsson/codechecker/security/advisories/GHSA-h26w-r4m5-8rrf
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://github.com/Ericsson/codechecker/security/advisories/GHSA-h26w-r4m5-8rrf
Weaknesses
Exploits
Severity_range_score6.5 - 6.5
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-dxb5-cwgk-6uhg