Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-h7vf-ksaj-wkgt

Summary

Directory Traversal
`qinserve` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url./n

Aliases

alias	GMS-2017-294

Fixed_packages

Affected_packages

url pkg:npm/qinserve@0.0.0-alpha

purl pkg:npm/qinserve@0.0.0-alpha

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-h7vf-ksaj-wkgt

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/qinserve@0.0.0-alpha

url pkg:npm/qinserve@1.0.0

purl pkg:npm/qinserve@1.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4wxd-u5ha-k7cb

vulnerability	VCID-h7vf-ksaj-wkgt

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/qinserve@1.0.0

References

reference_url	https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/qinserve
reference_id
reference_type
scores
url	https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/qinserve

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score null

Exploitability 0.5

Weighted_severity 0.0

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h7vf-ksaj-wkgt

Vulnerability Instance