Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-bq2j-t19h-zyad

Summary

Improper Access Control
PHP does not attempt to address RFC section namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the `HTTP_PROXY` environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an `httpoxy` issue.

Aliases

alias	CVE-2016-5385

alias	GHSA-m6ch-gg5f-wxx3

Fixed_packages

url	pkg:composer/amphp/artax@1.0.4
purl	pkg:composer/amphp/artax@1.0.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@1.0.4

url	pkg:composer/amphp/artax@2.0.4
purl	pkg:composer/amphp/artax@2.0.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@2.0.4

url	pkg:composer/bugsnag/bugsnag-laravel@2.0.2
purl	pkg:composer/bugsnag/bugsnag-laravel@2.0.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/bugsnag/bugsnag-laravel@2.0.2

url	pkg:composer/drupal/core@8.1.0
purl	pkg:composer/drupal/core@8.1.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.1.0

url pkg:composer/drupal/drupal@8.1.0

purl pkg:composer/drupal/drupal@8.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ks17-b29e-73au

vulnerability	VCID-tbk2-zprq-27c8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.1.0

url	pkg:composer/guzzlehttp/guzzle@4.2.4
purl	pkg:composer/guzzlehttp/guzzle@4.2.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/guzzlehttp/guzzle@4.2.4

url	pkg:composer/guzzlehttp/guzzle@5.3.1
purl	pkg:composer/guzzlehttp/guzzle@5.3.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/guzzlehttp/guzzle@5.3.1

url	pkg:composer/guzzlehttp/guzzle@6.2.1
purl	pkg:composer/guzzlehttp/guzzle@6.2.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/guzzlehttp/guzzle@6.2.1

url	pkg:composer/padraic/humbug_get_contents@1.1.2
purl	pkg:composer/padraic/humbug_get_contents@1.1.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/padraic/humbug_get_contents@1.1.2

url pkg:composer/typo3/cms@8.2.1

purl pkg:composer/typo3/cms@8.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-h7cg-64er-uya9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.2.1

Affected_packages

url pkg:composer/amphp/artax@2.0.0

purl pkg:composer/amphp/artax@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bq2j-t19h-zyad

vulnerability	VCID-yb95-bbrp-n7da

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@2.0.0

url pkg:composer/drupal/core@8.0.0

purl pkg:composer/drupal/core@8.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2989-fmjz-nkby

vulnerability	VCID-2fas-m6vh-myhc

vulnerability	VCID-2t34-82p3-73c3

vulnerability	VCID-31qy-vagp-83b6

vulnerability	VCID-3xk4-qwaq-5yaj

vulnerability	VCID-4dpp-gg2v-q3et

vulnerability	VCID-56ze-2yw2-bfh8

vulnerability	VCID-5c5c-m7ba-kqct

vulnerability	VCID-7v89-2sss-hfaz

vulnerability	VCID-9nk8-dban-g7h9

vulnerability	VCID-a3s2-c4k2-4ufn

vulnerability	VCID-a4u4-ga84-wyf9

vulnerability	VCID-a7ss-tkb6-gkge

vulnerability	VCID-ah3h-t9qa-gudr

vulnerability	VCID-ard5-3cjv-1beu

vulnerability	VCID-asm8-guag-b3ep

vulnerability	VCID-avmn-kqky-83dd

vulnerability	VCID-ay6b-1a7z-qkas

vulnerability	VCID-bq2j-t19h-zyad

vulnerability	VCID-dav9-pgdh-8yey

vulnerability	VCID-dyhz-g3nv-yuc3

vulnerability	VCID-e12q-qavs-qybu

vulnerability	VCID-e8un-nbkk-cbf9

vulnerability	VCID-egtv-y9w1-skgr

vulnerability	VCID-jrhg-3271-tqdy

vulnerability	VCID-kzrs-mrga-nyej

vulnerability	VCID-mm13-6dhq-nqfb

vulnerability	VCID-myja-t33q-q3cv

vulnerability	VCID-nacy-y1qt-5yhb

vulnerability	VCID-ng6g-hvc2-bkg4

vulnerability	VCID-p54u-b18k-jyft

vulnerability	VCID-pgnc-fq4m-3kaz

vulnerability	VCID-pmmq-8s2m-h7dp

vulnerability	VCID-pnme-dc73-efcb

vulnerability	VCID-qsuc-53pg-zkda

vulnerability	VCID-rd4g-h1j9-23cb

vulnerability	VCID-rsc6-y1uv-6bfq

vulnerability	VCID-t89y-c9hq-9bhk

vulnerability	VCID-ta99-gcmk-2qc8

vulnerability	VCID-tpzm-u3qp-akc8

vulnerability	VCID-w4ks-ufnz-vfav

vulnerability	VCID-wapd-e3mu-sffn

vulnerability	VCID-wsv7-je8g-sqet

vulnerability	VCID-wszp-2es5-z7fy

vulnerability	VCID-x34m-u169-1bce

vulnerability	VCID-y1nb-prqc-suaj

vulnerability	VCID-yq4q-hydz-vuga

vulnerability	VCID-yygb-pp11-5udj

vulnerability	VCID-zqer-y4s4-hqhy

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.0

url pkg:composer/drupal/drupal@8.0.0

purl pkg:composer/drupal/drupal@8.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2989-fmjz-nkby

vulnerability	VCID-31qy-vagp-83b6

vulnerability	VCID-3xk4-qwaq-5yaj

vulnerability	VCID-56ze-2yw2-bfh8

vulnerability	VCID-5c5c-m7ba-kqct

vulnerability	VCID-6rtn-zphz-sydn

vulnerability	VCID-9nk8-dban-g7h9

vulnerability	VCID-a4u4-ga84-wyf9

vulnerability	VCID-a7ss-tkb6-gkge

vulnerability	VCID-ah3h-t9qa-gudr

vulnerability	VCID-ard5-3cjv-1beu

vulnerability	VCID-asm8-guag-b3ep

vulnerability	VCID-avmn-kqky-83dd

vulnerability	VCID-ay6b-1a7z-qkas

vulnerability	VCID-bndv-n7w9-43b4

vulnerability	VCID-bq2j-t19h-zyad

vulnerability	VCID-dnc7-jg8m-8fh3

vulnerability	VCID-dyhz-g3nv-yuc3

vulnerability	VCID-e8un-nbkk-cbf9

vulnerability	VCID-egtv-y9w1-skgr

vulnerability	VCID-eyew-pw17-ryfj

vulnerability	VCID-ks17-b29e-73au

vulnerability	VCID-mm13-6dhq-nqfb

vulnerability	VCID-mscp-wvvx-zfh3

vulnerability	VCID-n5n3-p5yy-13d9

vulnerability	VCID-nacy-y1qt-5yhb

vulnerability	VCID-ng6g-hvc2-bkg4

vulnerability	VCID-nn8g-m52e-5kfe

vulnerability	VCID-pmmq-8s2m-h7dp

vulnerability	VCID-pnme-dc73-efcb

vulnerability	VCID-r4ja-mndm-uyge

vulnerability	VCID-rd4g-h1j9-23cb

vulnerability	VCID-rsc6-y1uv-6bfq

vulnerability	VCID-s5qd-cpvc-c3cd

vulnerability	VCID-ta99-gcmk-2qc8

vulnerability	VCID-tbah-jrah-a3fg

vulnerability	VCID-tbk2-zprq-27c8

vulnerability	VCID-tpzm-u3qp-akc8

vulnerability	VCID-w3x8-db6e-kued

vulnerability	VCID-w4ks-ufnz-vfav

vulnerability	VCID-wapd-e3mu-sffn

vulnerability	VCID-wsv7-je8g-sqet

vulnerability	VCID-wszp-2es5-z7fy

vulnerability	VCID-x34m-u169-1bce

vulnerability	VCID-y1nb-prqc-suaj

vulnerability	VCID-zqer-y4s4-hqhy

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.0.0

url pkg:composer/guzzlehttp/guzzle@5.0.0

purl pkg:composer/guzzlehttp/guzzle@5.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bq2j-t19h-zyad

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/guzzlehttp/guzzle@5.0.0

url pkg:composer/typo3/cms@8.0.0

purl pkg:composer/typo3/cms@8.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2r7u-mc45-8yhe

vulnerability	VCID-2rhr-8vaz-hqfj

vulnerability	VCID-2vpx-fqb6-aqfa

vulnerability	VCID-39jx-muqb-nkfq

vulnerability	VCID-3ugj-6m1e-e3hr

vulnerability	VCID-4eym-e6vt-8fbs

vulnerability	VCID-5dxs-cdht-27hw

vulnerability	VCID-66ru-n2df-b3ay

vulnerability	VCID-727q-h3ey-6yc9

vulnerability	VCID-7ch1-q9f4-a7bt

vulnerability	VCID-7m6u-k5tp-gkhy

vulnerability	VCID-8p64-6zpt-t3av

vulnerability	VCID-953t-q1cr-zyd6

vulnerability	VCID-9saf-w56y-pugz

vulnerability	VCID-abjx-8v46-d7d8

vulnerability	VCID-am6s-67bm-77dr

vulnerability	VCID-bn3p-39sv-6fdg

vulnerability	VCID-bq2j-t19h-zyad

vulnerability	VCID-d6c2-upx1-e7cd

vulnerability	VCID-dsqm-9q3e-dudw

vulnerability	VCID-e564-zdku-9fc6

vulnerability	VCID-emqq-kwjg-3kfk

vulnerability	VCID-eutz-mj58-audb

vulnerability	VCID-fdnw-2tz5-4fdr

vulnerability	VCID-fut7-bb1f-37g7

vulnerability	VCID-gk79-jtuz-myh6

vulnerability	VCID-h217-xe8x-nua3

vulnerability	VCID-h7cg-64er-uya9

vulnerability	VCID-h7hf-sf2q-73ay

vulnerability	VCID-hp99-ncuh-6ugv

vulnerability	VCID-hzma-cduk-3uhp

vulnerability	VCID-j8hk-bqnb-gycp

vulnerability	VCID-jeqr-9tfu-f7b2

vulnerability	VCID-jq5y-7h9g-mufa

vulnerability	VCID-jqe4-8hzb-mfea

vulnerability	VCID-k5t3-28es-h3ez

vulnerability	VCID-khpm-e1xb-hydb

vulnerability	VCID-ks1q-a8x2-uqht

vulnerability	VCID-m3nc-xbb4-yubr

vulnerability	VCID-mctp-nf36-7qdn

vulnerability	VCID-njsj-bwjq-fyap

vulnerability	VCID-nney-azbc-pucg

vulnerability	VCID-pmvp-twk2-jqe4

vulnerability	VCID-q52p-xfj8-gygd

vulnerability	VCID-qxab-9uwr-yqhv

vulnerability	VCID-ru6w-m6q6-27gn

vulnerability	VCID-sdjb-gp4t-vbgt

vulnerability	VCID-sdsa-mh76-kqch

vulnerability	VCID-sy7r-d6pv-yba9

vulnerability	VCID-u259-2sxq-tbct

vulnerability	VCID-u4tq-8qnk-5fd7

vulnerability	VCID-uq77-aax5-k7d8

vulnerability	VCID-vw2r-g8yy-eyf4

vulnerability	VCID-w58p-3wg1-7ycr

vulnerability	VCID-wy45-2gmr-fkfg

vulnerability	VCID-x5x1-w7yv-eye9

vulnerability	VCID-xh68-defe-f7ce

vulnerability	VCID-y7ds-p5r2-yuhq

vulnerability	VCID-ygw4-jdqu-4fbt

vulnerability	VCID-yn6z-9v7k-x7br

vulnerability	VCID-yz6t-ge1y-qfgr

vulnerability	VCID-zmwv-gwq3-fkej

vulnerability	VCID-zrz3-3dnf-tbay

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.0.0

References

reference_url	http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-1609.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-1609.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-1610.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-1610.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-1611.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-1611.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-1612.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-1612.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-1613.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-1613.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1353794
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1353794

reference_url	https://github.com/amphp/artax/commit/81254742812a5a9adf4b085f543f3f21daedcd97
reference_id
reference_type
scores
url	https://github.com/amphp/artax/commit/81254742812a5a9adf4b085f543f3f21daedcd97

reference_url	https://github.com/amphp/artax/commit/b60cf493c9e577a3678865f620b1eb61ab3d7ca9
reference_id
reference_type
scores
url	https://github.com/amphp/artax/commit/b60cf493c9e577a3678865f620b1eb61ab3d7ca9

reference_url	https://github.com/bugsnag/bugsnag-laravel/pull/143
reference_id
reference_type
scores
url	https://github.com/bugsnag/bugsnag-laravel/pull/143

reference_url	https://github.com/bugsnag/bugsnag-laravel/pull/145
reference_id
reference_type
scores
url	https://github.com/bugsnag/bugsnag-laravel/pull/145

reference_url	https://github.com/bugsnag/bugsnag-laravel/releases/tag/v2.0.2
reference_id
reference_type
scores
url	https://github.com/bugsnag/bugsnag-laravel/releases/tag/v2.0.2

reference_url	https://github.com/guzzle/guzzle/blob/4.x/CHANGELOG.md#424-2016-07-18
reference_id
reference_type
scores
url	https://github.com/guzzle/guzzle/blob/4.x/CHANGELOG.md#424-2016-07-18

reference_url	https://github.com/guzzle/guzzle/blob/5.3/CHANGELOG.md#531---2016-07-18
reference_id
reference_type
scores
url	https://github.com/guzzle/guzzle/blob/5.3/CHANGELOG.md#531---2016-07-18

reference_url	https://github.com/guzzle/guzzle/blob/master/CHANGELOG.md#622---2016-10-08
reference_id
reference_type
scores
url	https://github.com/guzzle/guzzle/blob/master/CHANGELOG.md#622---2016-10-08

reference_url	https://github.com/guzzle/guzzle/releases/tag/6.2.1
reference_id
reference_type
scores
url	https://github.com/guzzle/guzzle/releases/tag/6.2.1

reference_url	https://github.com/humbug/file_get_contents/pull/23
reference_id
reference_type
scores
url	https://github.com/humbug/file_get_contents/pull/23

reference_url	https://github.com/humbug/file_get_contents/pull/23/commits/848e8c282a863654e76bd958acfb57c81cb739b5
reference_id
reference_type
scores
url	https://github.com/humbug/file_get_contents/pull/23/commits/848e8c282a863654e76bd958acfb57c81cb739b5

reference_url	https://github.com/humbug/file_get_contents/releases/tag/1.1.2
reference_id
reference_type
scores
url	https://github.com/humbug/file_get_contents/releases/tag/1.1.2

reference_url	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05333297
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05333297

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

reference_url	https://httpoxy.org/
reference_id
reference_type
scores
url	https://httpoxy.org/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/

reference_url	https://security.gentoo.org/glsa/201611-22
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/201611-22

reference_url	https://twitter.com/asyncphp/status/755136084917583872
reference_id
reference_type
scores
url	https://twitter.com/asyncphp/status/755136084917583872

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2016-019
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2016-019

reference_url	https://www.drupal.org/SA-CORE-2016-003
reference_id
reference_type
scores
url	https://www.drupal.org/SA-CORE-2016-003

reference_url	http://www.debian.org/security/2016/dsa-3631
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3631

reference_url	http://www.kb.cert.org/vuls/id/797896
reference_id
reference_type
scores
url	http://www.kb.cert.org/vuls/id/797896

reference_url	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

reference_url	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

reference_url	http://www.securityfocus.com/bid/91821
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/91821

reference_url	http://www.securitytracker.com/id/1036335
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1036335

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2016-5385
reference_id	CVE-2016-5385
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2016-5385

reference_url	https://github.com/FriendsOfPHP/security-advisories/blob/master/amphp/artax/CVE-2016-5385.yaml
reference_id	CVE-2016-5385.YAML
reference_type
scores
url	https://github.com/FriendsOfPHP/security-advisories/blob/master/amphp/artax/CVE-2016-5385.yaml

reference_url	https://github.com/FriendsOfPHP/security-advisories/blob/master/bugsnag/bugsnag-laravel/CVE-2016-5385.yaml
reference_id	CVE-2016-5385.YAML
reference_type
scores
url	https://github.com/FriendsOfPHP/security-advisories/blob/master/bugsnag/bugsnag-laravel/CVE-2016-5385.yaml

reference_url	https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-5385.yaml
reference_id	CVE-2016-5385.YAML
reference_type
scores
url	https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-5385.yaml

reference_url	https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-5385.yaml
reference_id	CVE-2016-5385.YAML
reference_type
scores
url	https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-5385.yaml

reference_url	https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2016-5385.yaml
reference_id	CVE-2016-5385.YAML
reference_type
scores
url	https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/guzzle/CVE-2016-5385.yaml

reference_url	https://github.com/FriendsOfPHP/security-advisories/blob/master/padraic/humbug_get_contents/CVE-2016-5385.yaml
reference_id	CVE-2016-5385.YAML
reference_type
scores
url	https://github.com/FriendsOfPHP/security-advisories/blob/master/padraic/humbug_get_contents/CVE-2016-5385.yaml

reference_url	https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2016-5385.yaml
reference_id	CVE-2016-5385.YAML
reference_type
scores
url	https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2016-5385.yaml

reference_url	https://github.com/advisories/GHSA-m6ch-gg5f-wxx3
reference_id	GHSA-m6ch-gg5f-wxx3
reference_type
scores
url	https://github.com/advisories/GHSA-m6ch-gg5f-wxx3

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	284
name	Improper Access Control
description	The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	601
name	URL Redirection to Untrusted Site ('Open Redirect')
description	A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bq2j-t19h-zyad

Vulnerability Instance