Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/37900?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37900?format=api", "vulnerability_id": "VCID-12d7-vc63-rkdy", "summary": "Denial-of-service possibility in logout() view by filling session store\nA session can be created when anonymously accessing the `django.contrib.auth.views.logout` view (provided it wasn't decorated with `django.contrib.auth.decorators.login_required` as done in the admin). This allows an attacker to easily create many new session records by sending repeated requests, potentially filling up the session store or causing other users' session records to be evicted.", "aliases": [ { "alias": "GMS-2015-21" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/8790?format=api", "purl": "pkg:pypi/django@1.4.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3kza-a88p-kfg7" }, { "vulnerability": "VCID-6wah-r8vr-5qc4" }, { "vulnerability": "VCID-8gus-er59-1qak" }, { "vulnerability": "VCID-9mpt-zxaw-kkeg" }, { "vulnerability": "VCID-ksh8-pazn-dbca" }, { "vulnerability": "VCID-rxxr-sseq-k7a9" }, { "vulnerability": "VCID-u6sd-648r-qbdb" }, { "vulnerability": "VCID-vdpf-jddk-syda" }, { "vulnerability": "VCID-weqb-fxu4-17e7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/9042?format=api", "purl": "pkg:pypi/django@1.7.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3kza-a88p-kfg7" }, { "vulnerability": "VCID-6wah-r8vr-5qc4" }, { "vulnerability": "VCID-8gus-er59-1qak" }, { "vulnerability": "VCID-9mpt-zxaw-kkeg" }, { "vulnerability": "VCID-ksh8-pazn-dbca" }, { "vulnerability": "VCID-rxxr-sseq-k7a9" }, { "vulnerability": "VCID-vdpf-jddk-syda" }, { "vulnerability": "VCID-weqb-fxu4-17e7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/9043?format=api", "purl": "pkg:pypi/django@1.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3kza-a88p-kfg7" }, { "vulnerability": "VCID-6wah-r8vr-5qc4" }, { "vulnerability": "VCID-8gus-er59-1qak" }, { "vulnerability": "VCID-9mpt-zxaw-kkeg" }, { "vulnerability": "VCID-c58g-7jpv-t7hc" }, { "vulnerability": "VCID-ksh8-pazn-dbca" }, { "vulnerability": "VCID-qy2a-mvpz-q7eh" }, { "vulnerability": "VCID-rruq-9scz-vbg8" }, { "vulnerability": "VCID-rxxr-sseq-k7a9" }, { "vulnerability": "VCID-upbz-vg19-rugv" }, { "vulnerability": "VCID-vdpf-jddk-syda" }, { "vulnerability": "VCID-weqb-fxu4-17e7" }, { "vulnerability": "VCID-x61x-6b6k-h3bn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.4" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52353?format=api", "purl": "pkg:pypi/django@1.4.0a0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12d7-vc63-rkdy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.0a0" }, { "url": "http://public2.vulnerablecode.io/api/packages/52354?format=api", "purl": "pkg:pypi/django@1.7.0a0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12d7-vc63-rkdy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7.0a0" }, { "url": "http://public2.vulnerablecode.io/api/packages/52355?format=api", "purl": "pkg:pypi/django@1.8.0a0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12d7-vc63-rkdy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.0a0" } ], "references": [ { "reference_url": "https://www.djangoproject.com/weblog/2015/aug/18/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2015/aug/18/security-releases/" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-12d7-vc63-rkdy" }