Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-d5jf-zmr7-qqbu

Summary

Reflected Cross-Site Scripting
Malicious input in the `highlighterId` parameter of the `clipboard.swf` component can be leveraged in a reflected XSS on hosts serving Redis Commander. Mitigating factors: Flash must be installed/enabled for this to work.

Aliases

alias	GMS-2018-8

Fixed_packages

Affected_packages

url pkg:npm/redis-commander@0.0.0-alpha

purl pkg:npm/redis-commander@0.0.0-alpha

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d5jf-zmr7-qqbu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/redis-commander@0.0.0-alpha

url pkg:npm/redis-commander@0.0.1

purl pkg:npm/redis-commander@0.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d5jf-zmr7-qqbu

vulnerability	VCID-mf4c-4qpa-tuat

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/redis-commander@0.0.1

url pkg:npm/redis-commander@0.0.2

purl pkg:npm/redis-commander@0.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d5jf-zmr7-qqbu

vulnerability	VCID-mf4c-4qpa-tuat

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/redis-commander@0.0.2

url pkg:npm/redis-commander@0.0.3

purl pkg:npm/redis-commander@0.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d5jf-zmr7-qqbu

vulnerability	VCID-mf4c-4qpa-tuat

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/redis-commander@0.0.3

url pkg:npm/redis-commander@0.0.4

purl pkg:npm/redis-commander@0.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d5jf-zmr7-qqbu

vulnerability	VCID-mf4c-4qpa-tuat

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/redis-commander@0.0.4

url pkg:npm/redis-commander@0.0.5

purl pkg:npm/redis-commander@0.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d5jf-zmr7-qqbu

vulnerability	VCID-mf4c-4qpa-tuat

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/redis-commander@0.0.5

url pkg:npm/redis-commander@0.0.6

purl pkg:npm/redis-commander@0.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d5jf-zmr7-qqbu

vulnerability	VCID-mf4c-4qpa-tuat

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/redis-commander@0.0.6

url pkg:npm/redis-commander@0.1.0

purl pkg:npm/redis-commander@0.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d5jf-zmr7-qqbu

vulnerability	VCID-mf4c-4qpa-tuat

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/redis-commander@0.1.0

url pkg:npm/redis-commander@0.1.1

purl pkg:npm/redis-commander@0.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d5jf-zmr7-qqbu

vulnerability	VCID-mf4c-4qpa-tuat

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/redis-commander@0.1.1

url pkg:npm/redis-commander@0.2.1

purl pkg:npm/redis-commander@0.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d5jf-zmr7-qqbu

vulnerability	VCID-mf4c-4qpa-tuat

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/redis-commander@0.2.1

url pkg:npm/redis-commander@0.3.0

purl pkg:npm/redis-commander@0.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d5jf-zmr7-qqbu

vulnerability	VCID-mf4c-4qpa-tuat

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/redis-commander@0.3.0

url pkg:npm/redis-commander@0.3.2

purl pkg:npm/redis-commander@0.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d5jf-zmr7-qqbu

vulnerability	VCID-mf4c-4qpa-tuat

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/redis-commander@0.3.2

url pkg:npm/redis-commander@0.4.1

purl pkg:npm/redis-commander@0.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d5jf-zmr7-qqbu

vulnerability	VCID-mf4c-4qpa-tuat

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/redis-commander@0.4.1

url pkg:npm/redis-commander@0.4.2

purl pkg:npm/redis-commander@0.4.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d5jf-zmr7-qqbu

vulnerability	VCID-mf4c-4qpa-tuat

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/redis-commander@0.4.2

url pkg:npm/redis-commander@0.4.3

purl pkg:npm/redis-commander@0.4.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d5jf-zmr7-qqbu

vulnerability	VCID-mf4c-4qpa-tuat

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/redis-commander@0.4.3

url pkg:npm/redis-commander@0.4.4

purl pkg:npm/redis-commander@0.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d5jf-zmr7-qqbu

vulnerability	VCID-mf4c-4qpa-tuat

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/redis-commander@0.4.4

url pkg:npm/redis-commander@0.4.5

purl pkg:npm/redis-commander@0.4.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d5jf-zmr7-qqbu

vulnerability	VCID-mf4c-4qpa-tuat

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/redis-commander@0.4.5

References

reference_url	https://hackerone.com/reports/296377
reference_id
reference_type
scores
url	https://hackerone.com/reports/296377

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score null

Exploitability 0.5

Weighted_severity 0.0

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d5jf-zmr7-qqbu

Vulnerability Instance