Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-j4jv-uxp8-gqft

Summary Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the CORS middleware is setup incorrectly. All origins are reflected, which allows any website to send cross site requests to the rembg server and thus query any API. Even if authentication were to be enabled, allow_credentials is set to True, which would allow any website to send authenticated cross site requests.

Aliases

alias	CVE-2025-25302

alias	PYSEC-2025-25

Fixed_packages

url	pkg:pypi/rembg@2.0.58
purl	pkg:pypi/rembg@2.0.58
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.58

Affected_packages

url pkg:pypi/rembg@2.0.28

purl pkg:pypi/rembg@2.0.28

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5491-113y-w7dm

vulnerability	VCID-j4jv-uxp8-gqft

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.28

url pkg:pypi/rembg@2.0.29

purl pkg:pypi/rembg@2.0.29

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5491-113y-w7dm

vulnerability	VCID-j4jv-uxp8-gqft

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.29

url pkg:pypi/rembg@2.0.30

purl pkg:pypi/rembg@2.0.30

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5491-113y-w7dm

vulnerability	VCID-j4jv-uxp8-gqft

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.30

url pkg:pypi/rembg@2.0.31

purl pkg:pypi/rembg@2.0.31

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5491-113y-w7dm

vulnerability	VCID-j4jv-uxp8-gqft

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.31

url pkg:pypi/rembg@2.0.32

purl pkg:pypi/rembg@2.0.32

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5491-113y-w7dm

vulnerability	VCID-j4jv-uxp8-gqft

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.32

url pkg:pypi/rembg@2.0.33

purl pkg:pypi/rembg@2.0.33

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5491-113y-w7dm

vulnerability	VCID-j4jv-uxp8-gqft

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.33

url pkg:pypi/rembg@2.0.34

purl pkg:pypi/rembg@2.0.34

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5491-113y-w7dm

vulnerability	VCID-j4jv-uxp8-gqft

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.34

url pkg:pypi/rembg@2.0.35

purl pkg:pypi/rembg@2.0.35

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5491-113y-w7dm

vulnerability	VCID-j4jv-uxp8-gqft

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.35

url pkg:pypi/rembg@2.0.36

purl pkg:pypi/rembg@2.0.36

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5491-113y-w7dm

vulnerability	VCID-j4jv-uxp8-gqft

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.36

url pkg:pypi/rembg@2.0.37

purl pkg:pypi/rembg@2.0.37

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5491-113y-w7dm

vulnerability	VCID-j4jv-uxp8-gqft

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.37

url pkg:pypi/rembg@2.0.38

purl pkg:pypi/rembg@2.0.38

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5491-113y-w7dm

vulnerability	VCID-j4jv-uxp8-gqft

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.38

url pkg:pypi/rembg@2.0.39

purl pkg:pypi/rembg@2.0.39

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5491-113y-w7dm

vulnerability	VCID-j4jv-uxp8-gqft

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.39

url pkg:pypi/rembg@2.0.40

purl pkg:pypi/rembg@2.0.40

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5491-113y-w7dm

vulnerability	VCID-j4jv-uxp8-gqft

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.40

url pkg:pypi/rembg@2.0.41

purl pkg:pypi/rembg@2.0.41

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5491-113y-w7dm

vulnerability	VCID-j4jv-uxp8-gqft

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.41

url pkg:pypi/rembg@2.0.43

purl pkg:pypi/rembg@2.0.43

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5491-113y-w7dm

vulnerability	VCID-j4jv-uxp8-gqft

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.43

url pkg:pypi/rembg@2.0.44

purl pkg:pypi/rembg@2.0.44

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5491-113y-w7dm

vulnerability	VCID-j4jv-uxp8-gqft

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.44

url pkg:pypi/rembg@2.0.45

purl pkg:pypi/rembg@2.0.45

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5491-113y-w7dm

vulnerability	VCID-j4jv-uxp8-gqft

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.45

url pkg:pypi/rembg@2.0.46

purl pkg:pypi/rembg@2.0.46

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5491-113y-w7dm

vulnerability	VCID-j4jv-uxp8-gqft

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.46

url pkg:pypi/rembg@2.0.47

purl pkg:pypi/rembg@2.0.47

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5491-113y-w7dm

vulnerability	VCID-j4jv-uxp8-gqft

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.47

url pkg:pypi/rembg@2.0.48

purl pkg:pypi/rembg@2.0.48

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5491-113y-w7dm

vulnerability	VCID-j4jv-uxp8-gqft

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.48

url pkg:pypi/rembg@2.0.49

purl pkg:pypi/rembg@2.0.49

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5491-113y-w7dm

vulnerability	VCID-j4jv-uxp8-gqft

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.49

url pkg:pypi/rembg@2.0.50

purl pkg:pypi/rembg@2.0.50

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5491-113y-w7dm

vulnerability	VCID-j4jv-uxp8-gqft

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.50

url pkg:pypi/rembg@2.0.51

purl pkg:pypi/rembg@2.0.51

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5491-113y-w7dm

vulnerability	VCID-j4jv-uxp8-gqft

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.51

url pkg:pypi/rembg@2.0.52

purl pkg:pypi/rembg@2.0.52

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5491-113y-w7dm

vulnerability	VCID-j4jv-uxp8-gqft

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.52

url pkg:pypi/rembg@2.0.53

purl pkg:pypi/rembg@2.0.53

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5491-113y-w7dm

vulnerability	VCID-j4jv-uxp8-gqft

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.53

url pkg:pypi/rembg@2.0.54

purl pkg:pypi/rembg@2.0.54

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5491-113y-w7dm

vulnerability	VCID-j4jv-uxp8-gqft

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.54

url pkg:pypi/rembg@2.0.55

purl pkg:pypi/rembg@2.0.55

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5491-113y-w7dm

vulnerability	VCID-j4jv-uxp8-gqft

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.55

url pkg:pypi/rembg@2.0.56

purl pkg:pypi/rembg@2.0.56

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5491-113y-w7dm

vulnerability	VCID-j4jv-uxp8-gqft

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.56

url pkg:pypi/rembg@2.0.57

purl pkg:pypi/rembg@2.0.57

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5491-113y-w7dm

vulnerability	VCID-j4jv-uxp8-gqft

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/rembg@2.0.57

References

reference_url

https://github.com/danielgatis/rembg/blob/d1e00734f8a996abf512a3a5c251c7a9a392c90a/rembg/commands/s_command.py#L93

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://github.com/danielgatis/rembg/blob/d1e00734f8a996abf512a3a5c251c7a9a392c90a/rembg/commands/s_command.py#L93

reference_url

https://securitylab.github.com/advisories/GHSL-2024-161_GHSL-2024-162_rembg/

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://securitylab.github.com/advisories/GHSL-2024-161_GHSL-2024-162_rembg/

Weaknesses

Exploits

Severity_range_score 6.5 - 6.5

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j4jv-uxp8-gqft

Vulnerability Instance