Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-ep11-vjnf-cfb5

Summary

Content-Type Insufficient Restrictions Bypass
There is a flaw in the json() function in bottle.py. The issue is due to the program using insufficient restrictions when parsing JSON content-types. This may allow a remote attacker to bypass access restrictions.

Aliases

alias	OSVDB-106526

Fixed_packages

url pkg:pypi/bottle@0.11.7

purl pkg:pypi/bottle@0.11.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dww-auab-gbaa

vulnerability	VCID-6f4p-1f4y-ryag

vulnerability	VCID-yhx1-tap2-h7bb

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.11.7

url pkg:pypi/bottle@0.12.6

purl pkg:pypi/bottle@0.12.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dww-auab-gbaa

vulnerability	VCID-6f4p-1f4y-ryag

vulnerability	VCID-yhx1-tap2-h7bb

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.12.6

Affected_packages

url pkg:pypi/bottle@0.11.1

purl pkg:pypi/bottle@0.11.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dww-auab-gbaa

vulnerability	VCID-6f4p-1f4y-ryag

vulnerability	VCID-e293-3wep-hqc2

vulnerability	VCID-ep11-vjnf-cfb5

vulnerability	VCID-yhx1-tap2-h7bb

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.11.1

url pkg:pypi/bottle@0.11.2

purl pkg:pypi/bottle@0.11.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dww-auab-gbaa

vulnerability	VCID-6f4p-1f4y-ryag

vulnerability	VCID-e293-3wep-hqc2

vulnerability	VCID-ep11-vjnf-cfb5

vulnerability	VCID-yhx1-tap2-h7bb

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.11.2

url pkg:pypi/bottle@0.11.3

purl pkg:pypi/bottle@0.11.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dww-auab-gbaa

vulnerability	VCID-6f4p-1f4y-ryag

vulnerability	VCID-e293-3wep-hqc2

vulnerability	VCID-ep11-vjnf-cfb5

vulnerability	VCID-yhx1-tap2-h7bb

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.11.3

url pkg:pypi/bottle@0.11.4

purl pkg:pypi/bottle@0.11.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dww-auab-gbaa

vulnerability	VCID-6f4p-1f4y-ryag

vulnerability	VCID-e293-3wep-hqc2

vulnerability	VCID-ep11-vjnf-cfb5

vulnerability	VCID-yhx1-tap2-h7bb

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.11.4

url pkg:pypi/bottle@0.11.5

purl pkg:pypi/bottle@0.11.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dww-auab-gbaa

vulnerability	VCID-6f4p-1f4y-ryag

vulnerability	VCID-e293-3wep-hqc2

vulnerability	VCID-ep11-vjnf-cfb5

vulnerability	VCID-yhx1-tap2-h7bb

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.11.5

url pkg:pypi/bottle@0.11.6

purl pkg:pypi/bottle@0.11.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dww-auab-gbaa

vulnerability	VCID-6f4p-1f4y-ryag

vulnerability	VCID-e293-3wep-hqc2

vulnerability	VCID-ep11-vjnf-cfb5

vulnerability	VCID-yhx1-tap2-h7bb

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.11.6

url pkg:pypi/bottle@0.12.1

purl pkg:pypi/bottle@0.12.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dww-auab-gbaa

vulnerability	VCID-6f4p-1f4y-ryag

vulnerability	VCID-e293-3wep-hqc2

vulnerability	VCID-ep11-vjnf-cfb5

vulnerability	VCID-yhx1-tap2-h7bb

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.12.1

url pkg:pypi/bottle@0.12.2

purl pkg:pypi/bottle@0.12.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dww-auab-gbaa

vulnerability	VCID-6f4p-1f4y-ryag

vulnerability	VCID-e293-3wep-hqc2

vulnerability	VCID-ep11-vjnf-cfb5

vulnerability	VCID-yhx1-tap2-h7bb

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.12.2

url pkg:pypi/bottle@0.12.3

purl pkg:pypi/bottle@0.12.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dww-auab-gbaa

vulnerability	VCID-6f4p-1f4y-ryag

vulnerability	VCID-e293-3wep-hqc2

vulnerability	VCID-ep11-vjnf-cfb5

vulnerability	VCID-yhx1-tap2-h7bb

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.12.3

url pkg:pypi/bottle@0.12.4

purl pkg:pypi/bottle@0.12.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dww-auab-gbaa

vulnerability	VCID-6f4p-1f4y-ryag

vulnerability	VCID-e293-3wep-hqc2

vulnerability	VCID-ep11-vjnf-cfb5

vulnerability	VCID-yhx1-tap2-h7bb

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.12.4

url pkg:pypi/bottle@0.12.5

purl pkg:pypi/bottle@0.12.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dww-auab-gbaa

vulnerability	VCID-6f4p-1f4y-ryag

vulnerability	VCID-e293-3wep-hqc2

vulnerability	VCID-ep11-vjnf-cfb5

vulnerability	VCID-yhx1-tap2-h7bb

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/bottle@0.12.5

References

reference_url	http://osvdb.org/show/osvdb/106526
reference_id
reference_type
scores
url	http://osvdb.org/show/osvdb/106526

reference_url	https://github.com/defnull/bottle/issues/616
reference_id
reference_type
scores
url	https://github.com/defnull/bottle/issues/616

Weaknesses

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ep11-vjnf-cfb5

Vulnerability Instance