Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-47x6-8phm-ubdu

Summary

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
haxeshim haxe shim to deal with coexisting versions. haxeshim downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Aliases

alias	CVE-2016-10692

alias	GHSA-cr6c-85fh-cqpg

Fixed_packages

Affected_packages

url pkg:npm/haxeshim@0.0.1

purl pkg:npm/haxeshim@0.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27py-88rw-wbdr

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.0.1

url pkg:npm/haxeshim@0.0.2

purl pkg:npm/haxeshim@0.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27py-88rw-wbdr

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.0.2

url pkg:npm/haxeshim@0.0.3

purl pkg:npm/haxeshim@0.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27py-88rw-wbdr

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.0.3

url pkg:npm/haxeshim@0.0.4

purl pkg:npm/haxeshim@0.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.0.4

url pkg:npm/haxeshim@0.0.5

purl pkg:npm/haxeshim@0.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.0.5

url pkg:npm/haxeshim@0.0.6

purl pkg:npm/haxeshim@0.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.0.6

url pkg:npm/haxeshim@0.0.7

purl pkg:npm/haxeshim@0.0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.0.7

url pkg:npm/haxeshim@0.0.8

purl pkg:npm/haxeshim@0.0.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.0.8

url pkg:npm/haxeshim@0.1.0

purl pkg:npm/haxeshim@0.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.1.0

url pkg:npm/haxeshim@0.1.1

purl pkg:npm/haxeshim@0.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.1.1

url pkg:npm/haxeshim@0.1.2

purl pkg:npm/haxeshim@0.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.1.2

url pkg:npm/haxeshim@0.2.0

purl pkg:npm/haxeshim@0.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.2.0

url pkg:npm/haxeshim@0.3.0

purl pkg:npm/haxeshim@0.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.3.0

url pkg:npm/haxeshim@0.3.1

purl pkg:npm/haxeshim@0.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.3.1

url pkg:npm/haxeshim@0.3.2

purl pkg:npm/haxeshim@0.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.3.2

url pkg:npm/haxeshim@0.4.0

purl pkg:npm/haxeshim@0.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.4.0

url pkg:npm/haxeshim@0.5.0

purl pkg:npm/haxeshim@0.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.5.0

url pkg:npm/haxeshim@0.5.1

purl pkg:npm/haxeshim@0.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.5.1

url pkg:npm/haxeshim@0.5.2

purl pkg:npm/haxeshim@0.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.5.2

url pkg:npm/haxeshim@0.5.3

purl pkg:npm/haxeshim@0.5.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.5.3

url pkg:npm/haxeshim@0.5.4

purl pkg:npm/haxeshim@0.5.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.5.4

url pkg:npm/haxeshim@0.5.5

purl pkg:npm/haxeshim@0.5.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.5.5

url pkg:npm/haxeshim@0.5.6

purl pkg:npm/haxeshim@0.5.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.5.6

url pkg:npm/haxeshim@0.6.0

purl pkg:npm/haxeshim@0.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.6.0

url pkg:npm/haxeshim@0.6.1

purl pkg:npm/haxeshim@0.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.6.1

url pkg:npm/haxeshim@0.6.2

purl pkg:npm/haxeshim@0.6.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.6.2

url pkg:npm/haxeshim@0.6.3

purl pkg:npm/haxeshim@0.6.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.6.3

url pkg:npm/haxeshim@0.7.0

purl pkg:npm/haxeshim@0.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.7.0

url pkg:npm/haxeshim@0.7.1

purl pkg:npm/haxeshim@0.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.7.1

url pkg:npm/haxeshim@0.7.2

purl pkg:npm/haxeshim@0.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.7.2

url pkg:npm/haxeshim@0.8.0

purl pkg:npm/haxeshim@0.8.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.8.0

url pkg:npm/haxeshim@0.8.1

purl pkg:npm/haxeshim@0.8.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.8.1

url pkg:npm/haxeshim@0.8.2

purl pkg:npm/haxeshim@0.8.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.8.2

url pkg:npm/haxeshim@0.8.3

purl pkg:npm/haxeshim@0.8.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.8.3

url pkg:npm/haxeshim@0.8.4

purl pkg:npm/haxeshim@0.8.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.8.4

url pkg:npm/haxeshim@0.8.5

purl pkg:npm/haxeshim@0.8.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.8.5

url pkg:npm/haxeshim@0.8.6

purl pkg:npm/haxeshim@0.8.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.8.6

url pkg:npm/haxeshim@0.8.7

purl pkg:npm/haxeshim@0.8.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.8.7

url pkg:npm/haxeshim@0.8.8

purl pkg:npm/haxeshim@0.8.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.8.8

url pkg:npm/haxeshim@0.8.9

purl pkg:npm/haxeshim@0.8.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.8.9

url pkg:npm/haxeshim@0.9.0

purl pkg:npm/haxeshim@0.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.9.0

url pkg:npm/haxeshim@0.9.1

purl pkg:npm/haxeshim@0.9.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.9.1

url pkg:npm/haxeshim@0.9.2

purl pkg:npm/haxeshim@0.9.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.9.2

url pkg:npm/haxeshim@0.10.0

purl pkg:npm/haxeshim@0.10.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.10.0

url pkg:npm/haxeshim@0.11.0

purl pkg:npm/haxeshim@0.11.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.11.0

url pkg:npm/haxeshim@0.12.0

purl pkg:npm/haxeshim@0.12.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.12.0

url pkg:npm/haxeshim@0.12.1

purl pkg:npm/haxeshim@0.12.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.12.1

url pkg:npm/haxeshim@0.12.2

purl pkg:npm/haxeshim@0.12.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.12.2

url pkg:npm/haxeshim@0.12.3

purl pkg:npm/haxeshim@0.12.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.12.3

url pkg:npm/haxeshim@0.12.4

purl pkg:npm/haxeshim@0.12.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47x6-8phm-ubdu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/haxeshim@0.12.4

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-10692

reference_id

reference_type

scores

value	0.01558
scoring_system	epss
scoring_elements	0.81792
published_at	2026-06-04T12:55:00Z

value	0.01558
scoring_system	epss
scoring_elements	0.8182
published_at	2026-06-08T12:55:00Z

value	0.01558
scoring_system	epss
scoring_elements	0.81826
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-10692

reference_url	https://nodesecurity.io/advisories/300
reference_id
reference_type
scores
url	https://nodesecurity.io/advisories/300

reference_url

https://www.npmjs.com/advisories/300

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.npmjs.com/advisories/300

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-10692

reference_id

CVE-2016-10692

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-10692

reference_url

https://github.com/advisories/GHSA-cr6c-85fh-cqpg

reference_id

GHSA-cr6c-85fh-cqpg

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-cr6c-85fh-cqpg

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	310
name	Cryptographic Issues
description	Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.

cwe_id	78
name	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
description	The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-47x6-8phm-ubdu

Vulnerability Instance