Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-6rtn-zphz-sydn
Summary
Incorrect Permission Assignment for Critical Resource
When using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access to the file and another is trying to deny it, leading to an access bypass vulnerability. This vulnerability is mitigated by the fact that it only occurs for unusual site configurations.
Aliases
0
alias CVE-2017-6928
Fixed_packages
0
url pkg:composer/drupal/core@8.0.0
purl pkg:composer/drupal/core@8.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2989-fmjz-nkby
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-31qy-vagp-83b6
4
vulnerability VCID-3xk4-qwaq-5yaj
5
vulnerability VCID-4dpp-gg2v-q3et
6
vulnerability VCID-56ze-2yw2-bfh8
7
vulnerability VCID-5c5c-m7ba-kqct
8
vulnerability VCID-7v89-2sss-hfaz
9
vulnerability VCID-9nk8-dban-g7h9
10
vulnerability VCID-a3s2-c4k2-4ufn
11
vulnerability VCID-a4u4-ga84-wyf9
12
vulnerability VCID-a7ss-tkb6-gkge
13
vulnerability VCID-ah3h-t9qa-gudr
14
vulnerability VCID-ard5-3cjv-1beu
15
vulnerability VCID-asm8-guag-b3ep
16
vulnerability VCID-avmn-kqky-83dd
17
vulnerability VCID-ay6b-1a7z-qkas
18
vulnerability VCID-bq2j-t19h-zyad
19
vulnerability VCID-dav9-pgdh-8yey
20
vulnerability VCID-dyhz-g3nv-yuc3
21
vulnerability VCID-e12q-qavs-qybu
22
vulnerability VCID-e8un-nbkk-cbf9
23
vulnerability VCID-egtv-y9w1-skgr
24
vulnerability VCID-jrhg-3271-tqdy
25
vulnerability VCID-kzrs-mrga-nyej
26
vulnerability VCID-mm13-6dhq-nqfb
27
vulnerability VCID-myja-t33q-q3cv
28
vulnerability VCID-nacy-y1qt-5yhb
29
vulnerability VCID-ng6g-hvc2-bkg4
30
vulnerability VCID-p54u-b18k-jyft
31
vulnerability VCID-pgnc-fq4m-3kaz
32
vulnerability VCID-pmmq-8s2m-h7dp
33
vulnerability VCID-pnme-dc73-efcb
34
vulnerability VCID-qsuc-53pg-zkda
35
vulnerability VCID-rd4g-h1j9-23cb
36
vulnerability VCID-rsc6-y1uv-6bfq
37
vulnerability VCID-t89y-c9hq-9bhk
38
vulnerability VCID-ta99-gcmk-2qc8
39
vulnerability VCID-tpzm-u3qp-akc8
40
vulnerability VCID-w4ks-ufnz-vfav
41
vulnerability VCID-wapd-e3mu-sffn
42
vulnerability VCID-wsv7-je8g-sqet
43
vulnerability VCID-wszp-2es5-z7fy
44
vulnerability VCID-x34m-u169-1bce
45
vulnerability VCID-y1nb-prqc-suaj
46
vulnerability VCID-yq4q-hydz-vuga
47
vulnerability VCID-yygb-pp11-5udj
48
vulnerability VCID-zqer-y4s4-hqhy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.0
1
url pkg:composer/drupal/drupal@8.4.5
purl pkg:composer/drupal/drupal@8.4.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.4.5
Affected_packages
0
url pkg:composer/drupal/core@7.0.0
purl pkg:composer/drupal/core@7.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2g67-a42m-qfbh
1
vulnerability VCID-6rtn-zphz-sydn
2
vulnerability VCID-84eq-cq89-9qhm
3
vulnerability VCID-9nk8-dban-g7h9
4
vulnerability VCID-a3s2-c4k2-4ufn
5
vulnerability VCID-a4u4-ga84-wyf9
6
vulnerability VCID-a7ss-tkb6-gkge
7
vulnerability VCID-bge7-rqsx-gfee
8
vulnerability VCID-e12q-qavs-qybu
9
vulnerability VCID-e69p-v2ws-vufj
10
vulnerability VCID-e8un-nbkk-cbf9
11
vulnerability VCID-ey9c-4yhy-3qa5
12
vulnerability VCID-mscp-wvvx-zfh3
13
vulnerability VCID-n5n3-p5yy-13d9
14
vulnerability VCID-pmmq-8s2m-h7dp
15
vulnerability VCID-qsuc-53pg-zkda
16
vulnerability VCID-tpzm-u3qp-akc8
17
vulnerability VCID-wsv7-je8g-sqet
18
vulnerability VCID-wszp-2es5-z7fy
19
vulnerability VCID-x34m-u169-1bce
20
vulnerability VCID-yygb-pp11-5udj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.0.0
1
url pkg:composer/drupal/drupal@8.0.0
purl pkg:composer/drupal/drupal@8.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2989-fmjz-nkby
1
vulnerability VCID-31qy-vagp-83b6
2
vulnerability VCID-3xk4-qwaq-5yaj
3
vulnerability VCID-56ze-2yw2-bfh8
4
vulnerability VCID-5c5c-m7ba-kqct
5
vulnerability VCID-6rtn-zphz-sydn
6
vulnerability VCID-9nk8-dban-g7h9
7
vulnerability VCID-a4u4-ga84-wyf9
8
vulnerability VCID-a7ss-tkb6-gkge
9
vulnerability VCID-ah3h-t9qa-gudr
10
vulnerability VCID-ard5-3cjv-1beu
11
vulnerability VCID-asm8-guag-b3ep
12
vulnerability VCID-avmn-kqky-83dd
13
vulnerability VCID-ay6b-1a7z-qkas
14
vulnerability VCID-bndv-n7w9-43b4
15
vulnerability VCID-bq2j-t19h-zyad
16
vulnerability VCID-dnc7-jg8m-8fh3
17
vulnerability VCID-dyhz-g3nv-yuc3
18
vulnerability VCID-e8un-nbkk-cbf9
19
vulnerability VCID-egtv-y9w1-skgr
20
vulnerability VCID-eyew-pw17-ryfj
21
vulnerability VCID-ks17-b29e-73au
22
vulnerability VCID-mm13-6dhq-nqfb
23
vulnerability VCID-mscp-wvvx-zfh3
24
vulnerability VCID-n5n3-p5yy-13d9
25
vulnerability VCID-nacy-y1qt-5yhb
26
vulnerability VCID-ng6g-hvc2-bkg4
27
vulnerability VCID-nn8g-m52e-5kfe
28
vulnerability VCID-pmmq-8s2m-h7dp
29
vulnerability VCID-pnme-dc73-efcb
30
vulnerability VCID-r4ja-mndm-uyge
31
vulnerability VCID-rd4g-h1j9-23cb
32
vulnerability VCID-rsc6-y1uv-6bfq
33
vulnerability VCID-s5qd-cpvc-c3cd
34
vulnerability VCID-ta99-gcmk-2qc8
35
vulnerability VCID-tbah-jrah-a3fg
36
vulnerability VCID-tbk2-zprq-27c8
37
vulnerability VCID-tpzm-u3qp-akc8
38
vulnerability VCID-w3x8-db6e-kued
39
vulnerability VCID-w4ks-ufnz-vfav
40
vulnerability VCID-wapd-e3mu-sffn
41
vulnerability VCID-wsv7-je8g-sqet
42
vulnerability VCID-wszp-2es5-z7fy
43
vulnerability VCID-x34m-u169-1bce
44
vulnerability VCID-y1nb-prqc-suaj
45
vulnerability VCID-zqer-y4s4-hqhy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.0.0
References
0
reference_url https://www.debian.org/security/2018/dsa-4123
reference_id
reference_type
scores
url https://www.debian.org/security/2018/dsa-4123
1
reference_url https://www.drupal.org/sa-core-2018-001
reference_id
reference_type
scores
url https://www.drupal.org/sa-core-2018-001
2
reference_url https://www.drupal.org/SA-CORE-2018-001
reference_id
reference_type
scores
url https://www.drupal.org/SA-CORE-2018-001
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6928
reference_id CVE-2017-6928
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-6928
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 732
name Incorrect Permission Assignment for Critical Resource
description The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-6rtn-zphz-sydn