Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-rhqx-ze7c-53bc

Summary

Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)
Race condition in JBoss Weld Alpha3 allows remote attackers to obtain information from a previous conversation via vectors related to a stale thread state.

Aliases

alias	CVE-2014-8122

Fixed_packages

url	pkg:maven/org.jboss.weld/weld-core@2.2.8.Final
purl	pkg:maven/org.jboss.weld/weld-core@2.2.8.Final
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.weld/weld-core@2.2.8.Final

url	pkg:maven/org.jboss.weld/weld-core@3.0.0.Alpha3
purl	pkg:maven/org.jboss.weld/weld-core@3.0.0.Alpha3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.weld/weld-core@3.0.0.Alpha3

url	pkg:maven/org.jboss.weld/weld-core-impl@2.2.8.Final
purl	pkg:maven/org.jboss.weld/weld-core-impl@2.2.8.Final
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.weld/weld-core-impl@2.2.8.Final

url	pkg:maven/org.jboss.weld/weld-core-impl@3.0.0.Alpha3
purl	pkg:maven/org.jboss.weld/weld-core-impl@3.0.0.Alpha3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.weld/weld-core-impl@3.0.0.Alpha3

Affected_packages

url pkg:maven/org.jboss.weld/weld-core@1

purl pkg:maven/org.jboss.weld/weld-core@1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rhqx-ze7c-53bc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.weld/weld-core@1

url pkg:maven/org.jboss.weld/weld-core@1.2.0.Beta1

purl pkg:maven/org.jboss.weld/weld-core@1.2.0.Beta1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rhqx-ze7c-53bc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.weld/weld-core@1.2.0.Beta1

url pkg:maven/org.jboss.weld/weld-core@2

purl pkg:maven/org.jboss.weld/weld-core@2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rhqx-ze7c-53bc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.weld/weld-core@2

url pkg:maven/org.jboss.weld/weld-core@2.2.7.Final

purl pkg:maven/org.jboss.weld/weld-core@2.2.7.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rhqx-ze7c-53bc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.weld/weld-core@2.2.7.Final

url pkg:maven/org.jboss.weld/weld-core@3.Alpha0

purl pkg:maven/org.jboss.weld/weld-core@3.Alpha0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rhqx-ze7c-53bc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.weld/weld-core@3.Alpha0

url pkg:maven/org.jboss.weld/weld-core@3.0.0.Alpha1

purl pkg:maven/org.jboss.weld/weld-core@3.0.0.Alpha1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rhqx-ze7c-53bc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.weld/weld-core@3.0.0.Alpha1

url pkg:maven/org.jboss.weld/weld-core-impl@2-alpha0

purl pkg:maven/org.jboss.weld/weld-core-impl@2-alpha0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rhqx-ze7c-53bc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.weld/weld-core-impl@2-alpha0

url pkg:maven/org.jboss.weld/weld-core-impl@2.2.7.Final

purl pkg:maven/org.jboss.weld/weld-core-impl@2.2.7.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rhqx-ze7c-53bc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.weld/weld-core-impl@2.2.7.Final

url pkg:maven/org.jboss.weld/weld-core-impl@3-alpha0

purl pkg:maven/org.jboss.weld/weld-core-impl@3-alpha0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rhqx-ze7c-53bc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.weld/weld-core-impl@3-alpha0

url pkg:maven/org.jboss.weld/weld-core-impl@3.0.0.Alpha1

purl pkg:maven/org.jboss.weld/weld-core-impl@3.0.0.Alpha1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rhqx-ze7c-53bc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.weld/weld-core-impl@3.0.0.Alpha1

References

reference_url	https://bugzilla.redhat.com/CVE-2014-8122
reference_id	CVE-2014-8122
reference_type
scores
url	https://bugzilla.redhat.com/CVE-2014-8122

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	362
name	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
description	The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rhqx-ze7c-53bc

Vulnerability Instance