Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-xk9c-q66v-3kcx
Summary
Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault
HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases.
Aliases
0
alias CVE-2021-38554
1
alias GHSA-6239-28c2-9mrm
Fixed_packages
0
url pkg:alpm/archlinux/vault@1.9.0-1
purl pkg:alpm/archlinux/vault@1.9.0-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/vault@1.9.0-1
1
url pkg:apk/alpine/vault@1.7.4-r0?arch=aarch64&distroversion=v3.14&reponame=community
purl pkg:apk/alpine/vault@1.7.4-r0?arch=aarch64&distroversion=v3.14&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.7.4-r0%3Farch=aarch64&distroversion=v3.14&reponame=community
2
url pkg:apk/alpine/vault@1.7.4-r0?arch=armhf&distroversion=v3.14&reponame=community
purl pkg:apk/alpine/vault@1.7.4-r0?arch=armhf&distroversion=v3.14&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.7.4-r0%3Farch=armhf&distroversion=v3.14&reponame=community
3
url pkg:apk/alpine/vault@1.7.4-r0?arch=armv7&distroversion=v3.14&reponame=community
purl pkg:apk/alpine/vault@1.7.4-r0?arch=armv7&distroversion=v3.14&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.7.4-r0%3Farch=armv7&distroversion=v3.14&reponame=community
4
url pkg:apk/alpine/vault@1.7.4-r0?arch=ppc64le&distroversion=v3.14&reponame=community
purl pkg:apk/alpine/vault@1.7.4-r0?arch=ppc64le&distroversion=v3.14&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.7.4-r0%3Farch=ppc64le&distroversion=v3.14&reponame=community
5
url pkg:apk/alpine/vault@1.7.4-r0?arch=s390x&distroversion=v3.14&reponame=community
purl pkg:apk/alpine/vault@1.7.4-r0?arch=s390x&distroversion=v3.14&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.7.4-r0%3Farch=s390x&distroversion=v3.14&reponame=community
6
url pkg:apk/alpine/vault@1.7.4-r0?arch=x86&distroversion=v3.14&reponame=community
purl pkg:apk/alpine/vault@1.7.4-r0?arch=x86&distroversion=v3.14&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.7.4-r0%3Farch=x86&distroversion=v3.14&reponame=community
7
url pkg:apk/alpine/vault@1.7.4-r0?arch=x86_64&distroversion=v3.14&reponame=community
purl pkg:apk/alpine/vault@1.7.4-r0?arch=x86_64&distroversion=v3.14&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.7.4-r0%3Farch=x86_64&distroversion=v3.14&reponame=community
8
url pkg:ebuild/app-admin/vault@1.10.3
purl pkg:ebuild/app-admin/vault@1.10.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3
9
url pkg:golang/github.com/hashicorp/vault@1.6.6
purl pkg:golang/github.com/hashicorp/vault@1.6.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/hashicorp/vault@1.6.6
10
url pkg:golang/github.com/hashicorp/vault@1.7.4
purl pkg:golang/github.com/hashicorp/vault@1.7.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/hashicorp/vault@1.7.4
Affected_packages
0
url pkg:alpm/archlinux/vault@1.7.3-1
purl pkg:alpm/archlinux/vault@1.7.3-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4795-vxdy-w7g3
1
vulnerability VCID-bfm3-2zvj-5bca
2
vulnerability VCID-rk2n-tuu9-fbdc
3
vulnerability VCID-xerz-1x1v-uuap
4
vulnerability VCID-xk9c-q66v-3kcx
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/vault@1.7.3-1
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38554.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38554.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-38554
reference_id
reference_type
scores
0
value 0.0031
scoring_system epss
scoring_elements 0.54224
published_at 2026-04-21T12:55:00Z
1
value 0.0031
scoring_system epss
scoring_elements 0.54119
published_at 2026-04-01T12:55:00Z
2
value 0.0031
scoring_system epss
scoring_elements 0.54136
published_at 2026-04-02T12:55:00Z
3
value 0.0031
scoring_system epss
scoring_elements 0.54166
published_at 2026-04-04T12:55:00Z
4
value 0.0031
scoring_system epss
scoring_elements 0.54141
published_at 2026-04-07T12:55:00Z
5
value 0.0031
scoring_system epss
scoring_elements 0.54193
published_at 2026-04-08T12:55:00Z
6
value 0.0031
scoring_system epss
scoring_elements 0.54189
published_at 2026-04-24T12:55:00Z
7
value 0.0031
scoring_system epss
scoring_elements 0.54239
published_at 2026-04-16T12:55:00Z
8
value 0.0031
scoring_system epss
scoring_elements 0.54221
published_at 2026-04-12T12:55:00Z
9
value 0.0031
scoring_system epss
scoring_elements 0.542
published_at 2026-04-13T12:55:00Z
10
value 0.0031
scoring_system epss
scoring_elements 0.54242
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-38554
2
reference_url https://discuss.hashicorp.com/t/hcsec-2021-19-vault-s-ui-cached-user-viewed-secrets-between-shared-browser-sessions/28166
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://discuss.hashicorp.com/t/hcsec-2021-19-vault-s-ui-cached-user-viewed-secrets-between-shared-browser-sessions/28166
3
reference_url https://github.com/hashicorp/vault
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/vault
4
reference_url https://github.com/hashicorp/vault/releases/tag/v1.6.6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/vault/releases/tag/v1.6.6
5
reference_url https://github.com/hashicorp/vault/releases/tag/v1.7.4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/vault/releases/tag/v1.7.4
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-38554
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-38554
7
reference_url https://security.gentoo.org/glsa/202207-01
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202207-01
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1995207
reference_id 1995207
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1995207
9
reference_url https://security.archlinux.org/AVG-2294
reference_id AVG-2294
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2294
Weaknesses
0
cwe_id 212
name Improper Removal of Sensitive Information Before Storage or Transfer
description The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.
1
cwe_id 200
name Exposure of Sensitive Information to an Unauthorized Actor
description The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-xk9c-q66v-3kcx