Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-7ch1-q9f4-a7bt
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
In Bootstrap, XSS is possible in the data-target property of scrollspy.
Aliases
0
alias CVE-2018-14041
1
alias GHSA-pj7m-g53m-7638
Fixed_packages
0
url pkg:composer/twbs/bootstrap@4.1.2
purl pkg:composer/twbs/bootstrap@4.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/twbs/bootstrap@4.1.2
1
url pkg:composer/typo3/cms@8.7.23
purl pkg:composer/typo3/cms@8.7.23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.23
2
url pkg:composer/typo3/cms@9.5.4
purl pkg:composer/typo3/cms@9.5.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.4
3
url pkg:composer/typo3/cms-core@8.7.23
purl pkg:composer/typo3/cms-core@8.7.23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.23
4
url pkg:composer/typo3/cms-core@9.5.4
purl pkg:composer/typo3/cms-core@9.5.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.4
5
url pkg:gem/bootstrap@4.1.2
purl pkg:gem/bootstrap@4.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/bootstrap@4.1.2
6
url pkg:maven/org.webjars/bootstrap@4.1.2
purl pkg:maven/org.webjars/bootstrap@4.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.webjars/bootstrap@4.1.2
7
url pkg:npm/bootstrap@4.1.2
purl pkg:npm/bootstrap@4.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap@4.1.2
8
url pkg:nuget/bootstrap@4.1.2
purl pkg:nuget/bootstrap@4.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/bootstrap@4.1.2
9
url pkg:nuget/bootstrap.sass@4.1.2
purl pkg:nuget/bootstrap.sass@4.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/bootstrap.sass@4.1.2
Affected_packages
0
url pkg:composer/twbs/bootstrap@4.0.0
purl pkg:composer/twbs/bootstrap@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4wt8-wyvc-1uca
1
vulnerability VCID-7ch1-q9f4-a7bt
2
vulnerability VCID-vsty-6vqf-pkeg
3
vulnerability VCID-wezb-6dbp-nfer
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/twbs/bootstrap@4.0.0
1
url pkg:composer/typo3/cms@8.0.0
purl pkg:composer/typo3/cms@8.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2r7u-mc45-8yhe
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2vpx-fqb6-aqfa
3
vulnerability VCID-39jx-muqb-nkfq
4
vulnerability VCID-3ugj-6m1e-e3hr
5
vulnerability VCID-4eym-e6vt-8fbs
6
vulnerability VCID-5dxs-cdht-27hw
7
vulnerability VCID-66ru-n2df-b3ay
8
vulnerability VCID-727q-h3ey-6yc9
9
vulnerability VCID-7ch1-q9f4-a7bt
10
vulnerability VCID-7m6u-k5tp-gkhy
11
vulnerability VCID-8p64-6zpt-t3av
12
vulnerability VCID-953t-q1cr-zyd6
13
vulnerability VCID-9saf-w56y-pugz
14
vulnerability VCID-abjx-8v46-d7d8
15
vulnerability VCID-am6s-67bm-77dr
16
vulnerability VCID-bn3p-39sv-6fdg
17
vulnerability VCID-bq2j-t19h-zyad
18
vulnerability VCID-d6c2-upx1-e7cd
19
vulnerability VCID-dsqm-9q3e-dudw
20
vulnerability VCID-e564-zdku-9fc6
21
vulnerability VCID-emqq-kwjg-3kfk
22
vulnerability VCID-eutz-mj58-audb
23
vulnerability VCID-fdnw-2tz5-4fdr
24
vulnerability VCID-fut7-bb1f-37g7
25
vulnerability VCID-gk79-jtuz-myh6
26
vulnerability VCID-h217-xe8x-nua3
27
vulnerability VCID-h7cg-64er-uya9
28
vulnerability VCID-h7hf-sf2q-73ay
29
vulnerability VCID-hp99-ncuh-6ugv
30
vulnerability VCID-hzma-cduk-3uhp
31
vulnerability VCID-j8hk-bqnb-gycp
32
vulnerability VCID-jeqr-9tfu-f7b2
33
vulnerability VCID-jq5y-7h9g-mufa
34
vulnerability VCID-jqe4-8hzb-mfea
35
vulnerability VCID-k5t3-28es-h3ez
36
vulnerability VCID-khpm-e1xb-hydb
37
vulnerability VCID-ks1q-a8x2-uqht
38
vulnerability VCID-m3nc-xbb4-yubr
39
vulnerability VCID-mctp-nf36-7qdn
40
vulnerability VCID-njsj-bwjq-fyap
41
vulnerability VCID-nney-azbc-pucg
42
vulnerability VCID-pmvp-twk2-jqe4
43
vulnerability VCID-q52p-xfj8-gygd
44
vulnerability VCID-qxab-9uwr-yqhv
45
vulnerability VCID-ru6w-m6q6-27gn
46
vulnerability VCID-sdjb-gp4t-vbgt
47
vulnerability VCID-sdsa-mh76-kqch
48
vulnerability VCID-sy7r-d6pv-yba9
49
vulnerability VCID-u259-2sxq-tbct
50
vulnerability VCID-u4tq-8qnk-5fd7
51
vulnerability VCID-uq77-aax5-k7d8
52
vulnerability VCID-vw2r-g8yy-eyf4
53
vulnerability VCID-w58p-3wg1-7ycr
54
vulnerability VCID-wy45-2gmr-fkfg
55
vulnerability VCID-x5x1-w7yv-eye9
56
vulnerability VCID-xh68-defe-f7ce
57
vulnerability VCID-y7ds-p5r2-yuhq
58
vulnerability VCID-ygw4-jdqu-4fbt
59
vulnerability VCID-yn6z-9v7k-x7br
60
vulnerability VCID-yz6t-ge1y-qfgr
61
vulnerability VCID-zmwv-gwq3-fkej
62
vulnerability VCID-zrz3-3dnf-tbay
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.0.0
2
url pkg:composer/typo3/cms@9.0.0
purl pkg:composer/typo3/cms@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
1
vulnerability VCID-3ugj-6m1e-e3hr
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4eym-e6vt-8fbs
4
vulnerability VCID-4jck-w9ct-budk
5
vulnerability VCID-7ch1-q9f4-a7bt
6
vulnerability VCID-7m6u-k5tp-gkhy
7
vulnerability VCID-7xv1-78u7-xufp
8
vulnerability VCID-953t-q1cr-zyd6
9
vulnerability VCID-9adx-p876-kyb5
10
vulnerability VCID-a1g9-pyz5-9fca
11
vulnerability VCID-abjx-8v46-d7d8
12
vulnerability VCID-am6s-67bm-77dr
13
vulnerability VCID-cvk2-93hm-gkhx
14
vulnerability VCID-dsqm-9q3e-dudw
15
vulnerability VCID-emqq-kwjg-3kfk
16
vulnerability VCID-fut7-bb1f-37g7
17
vulnerability VCID-hp99-ncuh-6ugv
18
vulnerability VCID-j8hk-bqnb-gycp
19
vulnerability VCID-je4q-svfw-hqda
20
vulnerability VCID-jq5y-7h9g-mufa
21
vulnerability VCID-k5t3-28es-h3ez
22
vulnerability VCID-khpm-e1xb-hydb
23
vulnerability VCID-njsj-bwjq-fyap
24
vulnerability VCID-nney-azbc-pucg
25
vulnerability VCID-pmvp-twk2-jqe4
26
vulnerability VCID-qv14-m93d-jyd9
27
vulnerability VCID-qxab-9uwr-yqhv
28
vulnerability VCID-ru6w-m6q6-27gn
29
vulnerability VCID-sdjb-gp4t-vbgt
30
vulnerability VCID-sdsa-mh76-kqch
31
vulnerability VCID-u259-2sxq-tbct
32
vulnerability VCID-uq77-aax5-k7d8
33
vulnerability VCID-vq15-t92r-5bhx
34
vulnerability VCID-vw2r-g8yy-eyf4
35
vulnerability VCID-w1wb-mq2y-dfca
36
vulnerability VCID-x5x1-w7yv-eye9
37
vulnerability VCID-y7ds-p5r2-yuhq
38
vulnerability VCID-yz6t-ge1y-qfgr
39
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.0.0
3
url pkg:composer/typo3/cms-core@8.0.0
purl pkg:composer/typo3/cms-core@8.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1knh-es99-dubw
1
vulnerability VCID-1prg-c74k-37ec
2
vulnerability VCID-2m67-xdxz-ryc2
3
vulnerability VCID-2rhr-8vaz-hqfj
4
vulnerability VCID-3hta-35zx-zuc4
5
vulnerability VCID-6ffw-r4k7-5qf8
6
vulnerability VCID-6q7t-kdrg-8qc3
7
vulnerability VCID-6rgp-dzw1-kycx
8
vulnerability VCID-7ch1-q9f4-a7bt
9
vulnerability VCID-7r4g-gxc6-hubh
10
vulnerability VCID-82ds-xda8-5ye4
11
vulnerability VCID-8sek-v483-8ueu
12
vulnerability VCID-b92x-56ng-3ygy
13
vulnerability VCID-bzqv-s7g3-wff9
14
vulnerability VCID-cg7w-xkyg-abgj
15
vulnerability VCID-cv9x-ea8e-pufu
16
vulnerability VCID-daz8-j1ns-rkgt
17
vulnerability VCID-e8ze-umec-a7hx
18
vulnerability VCID-e9jc-8mpp-fkgh
19
vulnerability VCID-hfcx-1kuh-p3ez
20
vulnerability VCID-hnyk-614g-yuhy
21
vulnerability VCID-j8hk-bqnb-gycp
22
vulnerability VCID-k8r2-2ak8-qkak
23
vulnerability VCID-n56h-zuzr-ruhf
24
vulnerability VCID-nyw8-q5ef-2fcv
25
vulnerability VCID-pwh8-c992-vqav
26
vulnerability VCID-qr1u-kcn9-cuf6
27
vulnerability VCID-qxab-9uwr-yqhv
28
vulnerability VCID-sdjb-gp4t-vbgt
29
vulnerability VCID-uaf3-fyst-u7gm
30
vulnerability VCID-uncp-sa58-ufdd
31
vulnerability VCID-uq77-aax5-k7d8
32
vulnerability VCID-uua1-9rt1-dfbz
33
vulnerability VCID-w94g-xxea-23fb
34
vulnerability VCID-wm4a-hcvt-vkbk
35
vulnerability VCID-y3zj-acc7-jkau
36
vulnerability VCID-z2bk-m2kw-h3c9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.0.0
4
url pkg:composer/typo3/cms-core@9.0.0
purl pkg:composer/typo3/cms-core@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1knh-es99-dubw
1
vulnerability VCID-1prg-c74k-37ec
2
vulnerability VCID-23ss-xwrm-1qcu
3
vulnerability VCID-2m67-xdxz-ryc2
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-3hta-35zx-zuc4
6
vulnerability VCID-6ffw-r4k7-5qf8
7
vulnerability VCID-6q7t-kdrg-8qc3
8
vulnerability VCID-6rgp-dzw1-kycx
9
vulnerability VCID-7ch1-q9f4-a7bt
10
vulnerability VCID-7r4g-gxc6-hubh
11
vulnerability VCID-82ds-xda8-5ye4
12
vulnerability VCID-8sek-v483-8ueu
13
vulnerability VCID-a1g9-pyz5-9fca
14
vulnerability VCID-bzqv-s7g3-wff9
15
vulnerability VCID-cf9m-qdyj-eyav
16
vulnerability VCID-cv9x-ea8e-pufu
17
vulnerability VCID-daz8-j1ns-rkgt
18
vulnerability VCID-e8ze-umec-a7hx
19
vulnerability VCID-e9jc-8mpp-fkgh
20
vulnerability VCID-efrn-3w2z-xyaf
21
vulnerability VCID-hfcx-1kuh-p3ez
22
vulnerability VCID-hnyk-614g-yuhy
23
vulnerability VCID-j8hk-bqnb-gycp
24
vulnerability VCID-k8r2-2ak8-qkak
25
vulnerability VCID-n56h-zuzr-ruhf
26
vulnerability VCID-nyw8-q5ef-2fcv
27
vulnerability VCID-pwh8-c992-vqav
28
vulnerability VCID-qr1u-kcn9-cuf6
29
vulnerability VCID-qxab-9uwr-yqhv
30
vulnerability VCID-sdjb-gp4t-vbgt
31
vulnerability VCID-uaf3-fyst-u7gm
32
vulnerability VCID-uncp-sa58-ufdd
33
vulnerability VCID-uq77-aax5-k7d8
34
vulnerability VCID-uua1-9rt1-dfbz
35
vulnerability VCID-v7b1-x8hy-2kcg
36
vulnerability VCID-w94g-xxea-23fb
37
vulnerability VCID-wm4a-hcvt-vkbk
38
vulnerability VCID-x5jb-yj3d-qbdf
39
vulnerability VCID-y3zj-acc7-jkau
40
vulnerability VCID-z2bk-m2kw-h3c9
41
vulnerability VCID-zbm9-cx69-wqg3
42
vulnerability VCID-zhcb-h8ph-7uhk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.0.0
5
url pkg:gem/bootstrap@4.0.0
purl pkg:gem/bootstrap@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7ch1-q9f4-a7bt
1
vulnerability VCID-vsty-6vqf-pkeg
2
vulnerability VCID-wezb-6dbp-nfer
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/bootstrap@4.0.0
6
url pkg:maven/org.webjars/bootstrap@4.0.0
purl pkg:maven/org.webjars/bootstrap@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4wt8-wyvc-1uca
1
vulnerability VCID-7ch1-q9f4-a7bt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.webjars/bootstrap@4.0.0
7
url pkg:npm/bootstrap@4.0.0
purl pkg:npm/bootstrap@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4wt8-wyvc-1uca
1
vulnerability VCID-7ch1-q9f4-a7bt
2
vulnerability VCID-vsty-6vqf-pkeg
3
vulnerability VCID-wezb-6dbp-nfer
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/bootstrap@4.0.0
8
url pkg:nuget/bootstrap@4.0.0
purl pkg:nuget/bootstrap@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7ch1-q9f4-a7bt
1
vulnerability VCID-wezb-6dbp-nfer
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/bootstrap@4.0.0
9
url pkg:nuget/bootstrap.sass@4.0.0
purl pkg:nuget/bootstrap.sass@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7ch1-q9f4-a7bt
1
vulnerability VCID-vsty-6vqf-pkeg
2
vulnerability VCID-wezb-6dbp-nfer
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/bootstrap.sass@4.0.0
References
0
reference_url https://access.redhat.com/errata/RHSA-2019:1456
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1456
1
reference_url https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2
reference_id
reference_type
scores
url https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2
2
reference_url https://github.com/twbs/bootstrap
reference_id
reference_type
scores
url https://github.com/twbs/bootstrap
3
reference_url https://github.com/twbs/bootstrap/issues/26423
reference_id
reference_type
scores
url https://github.com/twbs/bootstrap/issues/26423
4
reference_url https://github.com/twbs/bootstrap/issues/26627
reference_id
reference_type
scores
url https://github.com/twbs/bootstrap/issues/26627
5
reference_url https://github.com/twbs/bootstrap/pull/26630
reference_id
reference_type
scores
url https://github.com/twbs/bootstrap/pull/26630
6
reference_url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E
11
reference_url https://seclists.org/bugtraq/2019/May/18
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2019/May/18
12
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-006
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-006
13
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuApr2021.html
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14041
reference_id CVE-2018-14041
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-14041
15
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-14041.yaml
reference_id CVE-2018-14041.YAML
reference_type
scores
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-14041.yaml
16
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-14041.yaml
reference_id CVE-2018-14041.YAML
reference_type
scores
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-14041.yaml
17
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-14041.yml
reference_id CVE-2018-14041.YML
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-14041.yml
18
reference_url https://github.com/advisories/GHSA-pj7m-g53m-7638
reference_id GHSA-pj7m-g53m-7638
reference_type
scores
url https://github.com/advisories/GHSA-pj7m-g53m-7638
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-7ch1-q9f4-a7bt