Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-81fd-hg84-jkcm
Summary
Cross-Site Scripting with connect.methodOverride()
The middleware overwrites req.method with the req.body['_method'] value. When you don't catch the error it responds with a default error msg: "Cannot [METHOD] [URL]" . Because this is not enough sanitized, you can force a Cross-Site Scripting in the response.
Aliases
0
alias GMS-2013-13
Fixed_packages
0
url pkg:npm/connect@2.8.1
purl pkg:npm/connect@2.8.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/connect@2.8.1
Affected_packages
0
url pkg:npm/connect@2.8.0
purl pkg:npm/connect@2.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-81fd-hg84-jkcm
1
vulnerability VCID-ff4q-8qw9-dfc1
2
vulnerability VCID-nbgt-whdd-xyf9
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/connect@2.8.0
References
0
reference_url https://github.com/senchalabs/connect/issues/831
reference_id
reference_type
scores
url https://github.com/senchalabs/connect/issues/831
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-81fd-hg84-jkcm