Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-bjvu-jg9w-mqdd

Summary

SQL Injection
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern `[\w]*` in a regular expression.

Aliases

alias	CVE-2016-6233

alias	GHSA-p9hp-3gpv-52w3

Fixed_packages

url pkg:composer/zendframework/zendframework@2.0.0

purl pkg:composer/zendframework/zendframework@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29vd-mbdm-juh6

vulnerability	VCID-2em7-tb35-vqg8

vulnerability	VCID-2g8z-51nu-17hs

vulnerability	VCID-3s39-f3q9-33ep

vulnerability	VCID-5bm4-grk6-w7hk

vulnerability	VCID-6xpr-93ef-27cu

vulnerability	VCID-8atm-865q-mkf3

vulnerability	VCID-8fwb-56kb-jubf

vulnerability	VCID-9z4g-byhj-3fak

vulnerability	VCID-bd5k-r14f-guaz

vulnerability	VCID-de8f-p8x2-fbfr

vulnerability	VCID-eezd-92tv-mkdf

vulnerability	VCID-fzj7-v53w-77ar

vulnerability	VCID-gpru-td91-47hd

vulnerability	VCID-gtaf-3rjb-dycj

vulnerability	VCID-njsg-e1w1-9qcy

vulnerability	VCID-q74z-645k-c7dk

vulnerability	VCID-qs6q-pjks-euh4

vulnerability	VCID-thm9-zypf-kkek

vulnerability	VCID-tzsh-fvb6-s7f1

vulnerability	VCID-ux4f-q4es-gua5

vulnerability	VCID-vmut-b2y4-rkcp

vulnerability	VCID-wrkx-jstz-8bhe

vulnerability	VCID-wz4g-j8zt-ruff

vulnerability	VCID-z3nr-p8zz-4bey

vulnerability	VCID-zfzg-uw7s-byhp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.0.0

url pkg:composer/zendframework/zendframework1@1.12.19

purl pkg:composer/zendframework/zendframework1@1.12.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rc3w-5r97-k3b3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.19

Affected_packages

url pkg:composer/zendframework/zendframework@1.12.19

purl pkg:composer/zendframework/zendframework@1.12.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bjvu-jg9w-mqdd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@1.12.19

url pkg:composer/zendframework/zendframework1@1.12.0

purl pkg:composer/zendframework/zendframework1@1.12.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ncq-wptr-k3ha

vulnerability	VCID-2xx4-77e9-pfbb

vulnerability	VCID-5bm4-grk6-w7hk

vulnerability	VCID-649h-2f2f-nbam

vulnerability	VCID-6xpr-93ef-27cu

vulnerability	VCID-8atm-865q-mkf3

vulnerability	VCID-9bm9-b48z-zqcm

vulnerability	VCID-a72a-7k6u-rqgr

vulnerability	VCID-afnn-53q5-wqft

vulnerability	VCID-b1da-n1u7-43hj

vulnerability	VCID-bjvu-jg9w-mqdd

vulnerability	VCID-cp1a-fprd-9fhk

vulnerability	VCID-e9ut-smfp-7yb4

vulnerability	VCID-grk8-aj34-hqb4

vulnerability	VCID-h5yf-ahec-gbgx

vulnerability	VCID-j5kg-jzxz-ruam

vulnerability	VCID-n2gy-93nd-gber

vulnerability	VCID-njsg-e1w1-9qcy

vulnerability	VCID-ps73-776n-zffn

vulnerability	VCID-q73m-16a9-rkgx

vulnerability	VCID-q74z-645k-c7dk

vulnerability	VCID-r5y8-nc2w-kqde

vulnerability	VCID-rc3w-5r97-k3b3

vulnerability	VCID-sjw9-2fwe-5ybg

vulnerability	VCID-uvgx-4m6v-2bg7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.0

url pkg:composer/zendframework/zendframework1@1.12.1

purl pkg:composer/zendframework/zendframework1@1.12.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ncq-wptr-k3ha

vulnerability	VCID-2xx4-77e9-pfbb

vulnerability	VCID-5bm4-grk6-w7hk

vulnerability	VCID-6xpr-93ef-27cu

vulnerability	VCID-8atm-865q-mkf3

vulnerability	VCID-a72a-7k6u-rqgr

vulnerability	VCID-afnn-53q5-wqft

vulnerability	VCID-bjvu-jg9w-mqdd

vulnerability	VCID-grk8-aj34-hqb4

vulnerability	VCID-n2gy-93nd-gber

vulnerability	VCID-njsg-e1w1-9qcy

vulnerability	VCID-q73m-16a9-rkgx

vulnerability	VCID-q74z-645k-c7dk

vulnerability	VCID-r5y8-nc2w-kqde

vulnerability	VCID-rc3w-5r97-k3b3

vulnerability	VCID-sjw9-2fwe-5ybg

vulnerability	VCID-uvgx-4m6v-2bg7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.1

url pkg:composer/zendframework/zendframework1@1.12.2

purl pkg:composer/zendframework/zendframework1@1.12.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ncq-wptr-k3ha

vulnerability	VCID-2xx4-77e9-pfbb

vulnerability	VCID-5bm4-grk6-w7hk

vulnerability	VCID-6xpr-93ef-27cu

vulnerability	VCID-8atm-865q-mkf3

vulnerability	VCID-a72a-7k6u-rqgr

vulnerability	VCID-afnn-53q5-wqft

vulnerability	VCID-bjvu-jg9w-mqdd

vulnerability	VCID-grk8-aj34-hqb4

vulnerability	VCID-n2gy-93nd-gber

vulnerability	VCID-njsg-e1w1-9qcy

vulnerability	VCID-q73m-16a9-rkgx

vulnerability	VCID-q74z-645k-c7dk

vulnerability	VCID-r5y8-nc2w-kqde

vulnerability	VCID-rc3w-5r97-k3b3

vulnerability	VCID-sjw9-2fwe-5ybg

vulnerability	VCID-uvgx-4m6v-2bg7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.2

url pkg:composer/zendframework/zendframework1@1.12.3

purl pkg:composer/zendframework/zendframework1@1.12.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ncq-wptr-k3ha

vulnerability	VCID-2xx4-77e9-pfbb

vulnerability	VCID-5bm4-grk6-w7hk

vulnerability	VCID-6xpr-93ef-27cu

vulnerability	VCID-8atm-865q-mkf3

vulnerability	VCID-a72a-7k6u-rqgr

vulnerability	VCID-afnn-53q5-wqft

vulnerability	VCID-bjvu-jg9w-mqdd

vulnerability	VCID-grk8-aj34-hqb4

vulnerability	VCID-n2gy-93nd-gber

vulnerability	VCID-njsg-e1w1-9qcy

vulnerability	VCID-q73m-16a9-rkgx

vulnerability	VCID-q74z-645k-c7dk

vulnerability	VCID-r5y8-nc2w-kqde

vulnerability	VCID-rc3w-5r97-k3b3

vulnerability	VCID-sjw9-2fwe-5ybg

vulnerability	VCID-uvgx-4m6v-2bg7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.3

url pkg:composer/zendframework/zendframework1@1.12.4

purl pkg:composer/zendframework/zendframework1@1.12.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ncq-wptr-k3ha

vulnerability	VCID-2xx4-77e9-pfbb

vulnerability	VCID-5bm4-grk6-w7hk

vulnerability	VCID-6xpr-93ef-27cu

vulnerability	VCID-8atm-865q-mkf3

vulnerability	VCID-a72a-7k6u-rqgr

vulnerability	VCID-bjvu-jg9w-mqdd

vulnerability	VCID-n2gy-93nd-gber

vulnerability	VCID-njsg-e1w1-9qcy

vulnerability	VCID-q73m-16a9-rkgx

vulnerability	VCID-q74z-645k-c7dk

vulnerability	VCID-r5y8-nc2w-kqde

vulnerability	VCID-rc3w-5r97-k3b3

vulnerability	VCID-sjw9-2fwe-5ybg

vulnerability	VCID-uvgx-4m6v-2bg7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.4

url pkg:composer/zendframework/zendframework1@1.12.5

purl pkg:composer/zendframework/zendframework1@1.12.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ncq-wptr-k3ha

vulnerability	VCID-2xx4-77e9-pfbb

vulnerability	VCID-5bm4-grk6-w7hk

vulnerability	VCID-6xpr-93ef-27cu

vulnerability	VCID-8atm-865q-mkf3

vulnerability	VCID-a72a-7k6u-rqgr

vulnerability	VCID-bjvu-jg9w-mqdd

vulnerability	VCID-n2gy-93nd-gber

vulnerability	VCID-njsg-e1w1-9qcy

vulnerability	VCID-q73m-16a9-rkgx

vulnerability	VCID-q74z-645k-c7dk

vulnerability	VCID-r5y8-nc2w-kqde

vulnerability	VCID-rc3w-5r97-k3b3

vulnerability	VCID-sjw9-2fwe-5ybg

vulnerability	VCID-uvgx-4m6v-2bg7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.5

url pkg:composer/zendframework/zendframework1@1.12.6

purl pkg:composer/zendframework/zendframework1@1.12.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ncq-wptr-k3ha

vulnerability	VCID-2xx4-77e9-pfbb

vulnerability	VCID-5bm4-grk6-w7hk

vulnerability	VCID-6xpr-93ef-27cu

vulnerability	VCID-8atm-865q-mkf3

vulnerability	VCID-a72a-7k6u-rqgr

vulnerability	VCID-bjvu-jg9w-mqdd

vulnerability	VCID-n2gy-93nd-gber

vulnerability	VCID-njsg-e1w1-9qcy

vulnerability	VCID-q73m-16a9-rkgx

vulnerability	VCID-q74z-645k-c7dk

vulnerability	VCID-r5y8-nc2w-kqde

vulnerability	VCID-rc3w-5r97-k3b3

vulnerability	VCID-sjw9-2fwe-5ybg

vulnerability	VCID-uvgx-4m6v-2bg7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.6

url pkg:composer/zendframework/zendframework1@1.12.7

purl pkg:composer/zendframework/zendframework1@1.12.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ncq-wptr-k3ha

vulnerability	VCID-2xx4-77e9-pfbb

vulnerability	VCID-5bm4-grk6-w7hk

vulnerability	VCID-6xpr-93ef-27cu

vulnerability	VCID-8atm-865q-mkf3

vulnerability	VCID-bjvu-jg9w-mqdd

vulnerability	VCID-n2gy-93nd-gber

vulnerability	VCID-njsg-e1w1-9qcy

vulnerability	VCID-q73m-16a9-rkgx

vulnerability	VCID-q74z-645k-c7dk

vulnerability	VCID-r5y8-nc2w-kqde

vulnerability	VCID-rc3w-5r97-k3b3

vulnerability	VCID-sjw9-2fwe-5ybg

vulnerability	VCID-uvgx-4m6v-2bg7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.7

url pkg:composer/zendframework/zendframework1@1.12.8

purl pkg:composer/zendframework/zendframework1@1.12.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ncq-wptr-k3ha

vulnerability	VCID-2xx4-77e9-pfbb

vulnerability	VCID-5bm4-grk6-w7hk

vulnerability	VCID-6xpr-93ef-27cu

vulnerability	VCID-8atm-865q-mkf3

vulnerability	VCID-bjvu-jg9w-mqdd

vulnerability	VCID-n2gy-93nd-gber

vulnerability	VCID-njsg-e1w1-9qcy

vulnerability	VCID-q73m-16a9-rkgx

vulnerability	VCID-q74z-645k-c7dk

vulnerability	VCID-r5y8-nc2w-kqde

vulnerability	VCID-rc3w-5r97-k3b3

vulnerability	VCID-sjw9-2fwe-5ybg

vulnerability	VCID-uvgx-4m6v-2bg7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.8

url pkg:composer/zendframework/zendframework1@1.12.9

purl pkg:composer/zendframework/zendframework1@1.12.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ncq-wptr-k3ha

vulnerability	VCID-2xx4-77e9-pfbb

vulnerability	VCID-5bm4-grk6-w7hk

vulnerability	VCID-8atm-865q-mkf3

vulnerability	VCID-bjvu-jg9w-mqdd

vulnerability	VCID-n2gy-93nd-gber

vulnerability	VCID-njsg-e1w1-9qcy

vulnerability	VCID-q73m-16a9-rkgx

vulnerability	VCID-q74z-645k-c7dk

vulnerability	VCID-rc3w-5r97-k3b3

vulnerability	VCID-sjw9-2fwe-5ybg

vulnerability	VCID-uvgx-4m6v-2bg7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.9

url pkg:composer/zendframework/zendframework1@1.12.10

purl pkg:composer/zendframework/zendframework1@1.12.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ncq-wptr-k3ha

vulnerability	VCID-2xx4-77e9-pfbb

vulnerability	VCID-5bm4-grk6-w7hk

vulnerability	VCID-8atm-865q-mkf3

vulnerability	VCID-bjvu-jg9w-mqdd

vulnerability	VCID-n2gy-93nd-gber

vulnerability	VCID-njsg-e1w1-9qcy

vulnerability	VCID-q73m-16a9-rkgx

vulnerability	VCID-q74z-645k-c7dk

vulnerability	VCID-rc3w-5r97-k3b3

vulnerability	VCID-sjw9-2fwe-5ybg

vulnerability	VCID-uvgx-4m6v-2bg7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.10

url pkg:composer/zendframework/zendframework1@1.12.11

purl pkg:composer/zendframework/zendframework1@1.12.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ncq-wptr-k3ha

vulnerability	VCID-2xx4-77e9-pfbb

vulnerability	VCID-5bm4-grk6-w7hk

vulnerability	VCID-8atm-865q-mkf3

vulnerability	VCID-bjvu-jg9w-mqdd

vulnerability	VCID-n2gy-93nd-gber

vulnerability	VCID-njsg-e1w1-9qcy

vulnerability	VCID-q73m-16a9-rkgx

vulnerability	VCID-q74z-645k-c7dk

vulnerability	VCID-rc3w-5r97-k3b3

vulnerability	VCID-sjw9-2fwe-5ybg

vulnerability	VCID-uvgx-4m6v-2bg7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.11

url pkg:composer/zendframework/zendframework1@1.12.12

purl pkg:composer/zendframework/zendframework1@1.12.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ncq-wptr-k3ha

vulnerability	VCID-2xx4-77e9-pfbb

vulnerability	VCID-8atm-865q-mkf3

vulnerability	VCID-bjvu-jg9w-mqdd

vulnerability	VCID-n2gy-93nd-gber

vulnerability	VCID-njsg-e1w1-9qcy

vulnerability	VCID-q73m-16a9-rkgx

vulnerability	VCID-q74z-645k-c7dk

vulnerability	VCID-rc3w-5r97-k3b3

vulnerability	VCID-sjw9-2fwe-5ybg

vulnerability	VCID-uvgx-4m6v-2bg7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.12

url pkg:composer/zendframework/zendframework1@1.12.13

purl pkg:composer/zendframework/zendframework1@1.12.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ncq-wptr-k3ha

vulnerability	VCID-2xx4-77e9-pfbb

vulnerability	VCID-8atm-865q-mkf3

vulnerability	VCID-bjvu-jg9w-mqdd

vulnerability	VCID-n2gy-93nd-gber

vulnerability	VCID-njsg-e1w1-9qcy

vulnerability	VCID-q73m-16a9-rkgx

vulnerability	VCID-q74z-645k-c7dk

vulnerability	VCID-rc3w-5r97-k3b3

vulnerability	VCID-sjw9-2fwe-5ybg

vulnerability	VCID-uvgx-4m6v-2bg7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.13

url pkg:composer/zendframework/zendframework1@1.12.14

purl pkg:composer/zendframework/zendframework1@1.12.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ncq-wptr-k3ha

vulnerability	VCID-2xx4-77e9-pfbb

vulnerability	VCID-8atm-865q-mkf3

vulnerability	VCID-bjvu-jg9w-mqdd

vulnerability	VCID-n2gy-93nd-gber

vulnerability	VCID-q73m-16a9-rkgx

vulnerability	VCID-q74z-645k-c7dk

vulnerability	VCID-rc3w-5r97-k3b3

vulnerability	VCID-sjw9-2fwe-5ybg

vulnerability	VCID-uvgx-4m6v-2bg7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.14

url pkg:composer/zendframework/zendframework1@1.12.15

purl pkg:composer/zendframework/zendframework1@1.12.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ncq-wptr-k3ha

vulnerability	VCID-2xx4-77e9-pfbb

vulnerability	VCID-8atm-865q-mkf3

vulnerability	VCID-bjvu-jg9w-mqdd

vulnerability	VCID-n2gy-93nd-gber

vulnerability	VCID-q73m-16a9-rkgx

vulnerability	VCID-q74z-645k-c7dk

vulnerability	VCID-rc3w-5r97-k3b3

vulnerability	VCID-sjw9-2fwe-5ybg

vulnerability	VCID-uvgx-4m6v-2bg7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.15

url pkg:composer/zendframework/zendframework1@1.12.16

purl pkg:composer/zendframework/zendframework1@1.12.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2xx4-77e9-pfbb

vulnerability	VCID-8atm-865q-mkf3

vulnerability	VCID-bjvu-jg9w-mqdd

vulnerability	VCID-n2gy-93nd-gber

vulnerability	VCID-q73m-16a9-rkgx

vulnerability	VCID-rc3w-5r97-k3b3

vulnerability	VCID-sjw9-2fwe-5ybg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.16

url pkg:composer/zendframework/zendframework1@1.12.17

purl pkg:composer/zendframework/zendframework1@1.12.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2xx4-77e9-pfbb

vulnerability	VCID-bjvu-jg9w-mqdd

vulnerability	VCID-n2gy-93nd-gber

vulnerability	VCID-rc3w-5r97-k3b3

vulnerability	VCID-sjw9-2fwe-5ybg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.17

url pkg:composer/zendframework/zendframework1@1.12.18

purl pkg:composer/zendframework/zendframework1@1.12.18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2xx4-77e9-pfbb

vulnerability	VCID-bjvu-jg9w-mqdd

vulnerability	VCID-rc3w-5r97-k3b3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.18

url pkg:ebuild/dev-php/ZendFramework@1.12.9

purl pkg:ebuild/dev-php/ZendFramework@1.12.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bjvu-jg9w-mqdd

vulnerability	VCID-qrb6-ar5k-eqha

vulnerability	VCID-xrjj-2a2s-efba

resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-php/ZendFramework@1.12.9

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6233

reference_id

reference_type

scores

value	0.01724
scoring_system	epss
scoring_elements	0.82763
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6233

reference_url

https://framework.zend.com/security/advisory/ZF2016-02

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://framework.zend.com/security/advisory/ZF2016-02

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2016-6233.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2016-6233.yaml

reference_url

https://github.com/zendframework/zendframework

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/zendframework/zendframework

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT

reference_url

https://security.gentoo.org/glsa/201804-10

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/201804-10

reference_url

https://web.archive.org/web/20210123152547/http://www.securityfocus.com/bid/91802

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210123152547/http://www.securityfocus.com/bid/91802

reference_url	http://www.securityfocus.com/bid/91802
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/91802

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-6233

reference_id

CVE-2016-6233

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-6233

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	89
name	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
description	The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 9.0 - 10.0

Exploitability 0.5

Weighted_severity 9.0

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bjvu-jg9w-mqdd

Vulnerability Instance