Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-kyy8-szgp-bkfh
Summary
Cross-Site Request Forgery (CSRF)
A malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active.
Aliases
0
alias CVE-2017-7662
1
alias GHSA-f5ch-36rg-vfcc
Fixed_packages
0
url pkg:maven/org.apache.cxf.fediz/apache-fediz@1.3.3
purl pkg:maven/org.apache.cxf.fediz/apache-fediz@1.3.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf.fediz/apache-fediz@1.3.3
1
url pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.1
purl pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.1
2
url pkg:maven/org.apache.cxf.fediz/fediz-oidc@1.3.2
purl pkg:maven/org.apache.cxf.fediz/fediz-oidc@1.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf.fediz/fediz-oidc@1.3.2
Affected_packages
0
url pkg:maven/org.apache.cxf.fediz/apache-fediz@1.3.2
purl pkg:maven/org.apache.cxf.fediz/apache-fediz@1.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-65a6-3ngq-kke9
1
vulnerability VCID-kyy8-szgp-bkfh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf.fediz/apache-fediz@1.3.2
1
url pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.0
purl pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-65a6-3ngq-kke9
1
vulnerability VCID-kyy8-szgp-bkfh
2
vulnerability VCID-zw44-zqrm-jycc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf.fediz/apache-fediz@1.4.0
References
0
reference_url https://github.com/apache/cxf-fediz/commit/c68e4820816c19241568f4a8fe8600bffb0243cd
reference_id
reference_type
scores
url https://github.com/apache/cxf-fediz/commit/c68e4820816c19241568f4a8fe8600bffb0243cd
1
reference_url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
2
reference_url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
3
reference_url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
7
reference_url http://www.securitytracker.com/id/1038498
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1038498
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7662
reference_id CVE-2017-7662
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-7662
9
reference_url http://cxf.apache.org/security-advisories.data/CVE-2017-7662.txt.asc
reference_id CVE-2017-7662.TXT.ASC
reference_type
scores
url http://cxf.apache.org/security-advisories.data/CVE-2017-7662.txt.asc
10
reference_url https://github.com/advisories/GHSA-f5ch-36rg-vfcc
reference_id GHSA-f5ch-36rg-vfcc
reference_type
scores
url https://github.com/advisories/GHSA-f5ch-36rg-vfcc
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 352
name Cross-Site Request Forgery (CSRF)
description The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-kyy8-szgp-bkfh