Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-q32t-bhzw-kygq
Summary
Code Injection
Apache Dubbo supports various rules to support configuration override or traffic routing (called routing in Dubbo). An attacker with access to the configuration center he will be able to poison the rule so when retrieved by the consumers, it will get RCE on all of them.
Aliases
0
alias CVE-2021-36162
1
alias GHSA-r577-4hq7-73qh
Fixed_packages
0
url pkg:maven/org.apache.dubbo/dubbo@2.7.13
purl pkg:maven/org.apache.dubbo/dubbo@2.7.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9ngc-j571-m3ck
1
vulnerability VCID-ahzf-whmw-aue3
2
vulnerability VCID-f4ha-rjpx-yfgb
3
vulnerability VCID-m7ca-pdzs-2yfd
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dubbo/dubbo@2.7.13
1
url pkg:maven/org.apache.dubbo/dubbo@3.0.2
purl pkg:maven/org.apache.dubbo/dubbo@3.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9ngc-j571-m3ck
1
vulnerability VCID-ahzf-whmw-aue3
2
vulnerability VCID-f4ha-rjpx-yfgb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dubbo/dubbo@3.0.2
Affected_packages
0
url pkg:maven/org.apache.dubbo/dubbo@2.7.0
purl pkg:maven/org.apache.dubbo/dubbo@2.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2989-2ec6-jybq
1
vulnerability VCID-8cxs-6fuh-17fg
2
vulnerability VCID-9cck-3q13-1kej
3
vulnerability VCID-9ngc-j571-m3ck
4
vulnerability VCID-ahzf-whmw-aue3
5
vulnerability VCID-apmz-v6u5-8ygh
6
vulnerability VCID-dj6s-gcjj-nuhr
7
vulnerability VCID-eznq-hze7-kqfg
8
vulnerability VCID-f4ha-rjpx-yfgb
9
vulnerability VCID-h5n6-nuyj-dkcc
10
vulnerability VCID-m7ca-pdzs-2yfd
11
vulnerability VCID-pjyr-9fcr-qbcr
12
vulnerability VCID-psmu-bqpc-tkah
13
vulnerability VCID-q32t-bhzw-kygq
14
vulnerability VCID-vmks-ba3d-ruf9
15
vulnerability VCID-wg91-ny7q-ckgz
16
vulnerability VCID-yj9m-e31v-bqcw
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dubbo/dubbo@2.7.0
1
url pkg:maven/org.apache.dubbo/dubbo@2.7.1
purl pkg:maven/org.apache.dubbo/dubbo@2.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2989-2ec6-jybq
1
vulnerability VCID-8cxs-6fuh-17fg
2
vulnerability VCID-9cck-3q13-1kej
3
vulnerability VCID-9ngc-j571-m3ck
4
vulnerability VCID-ahzf-whmw-aue3
5
vulnerability VCID-apmz-v6u5-8ygh
6
vulnerability VCID-dj6s-gcjj-nuhr
7
vulnerability VCID-eznq-hze7-kqfg
8
vulnerability VCID-f4ha-rjpx-yfgb
9
vulnerability VCID-h5n6-nuyj-dkcc
10
vulnerability VCID-m7ca-pdzs-2yfd
11
vulnerability VCID-pjyr-9fcr-qbcr
12
vulnerability VCID-psmu-bqpc-tkah
13
vulnerability VCID-q32t-bhzw-kygq
14
vulnerability VCID-vmks-ba3d-ruf9
15
vulnerability VCID-wg91-ny7q-ckgz
16
vulnerability VCID-yj9m-e31v-bqcw
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dubbo/dubbo@2.7.1
2
url pkg:maven/org.apache.dubbo/dubbo@2.7.2
purl pkg:maven/org.apache.dubbo/dubbo@2.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2989-2ec6-jybq
1
vulnerability VCID-8cxs-6fuh-17fg
2
vulnerability VCID-9cck-3q13-1kej
3
vulnerability VCID-9ngc-j571-m3ck
4
vulnerability VCID-ahzf-whmw-aue3
5
vulnerability VCID-apmz-v6u5-8ygh
6
vulnerability VCID-dj6s-gcjj-nuhr
7
vulnerability VCID-eznq-hze7-kqfg
8
vulnerability VCID-f4ha-rjpx-yfgb
9
vulnerability VCID-h5n6-nuyj-dkcc
10
vulnerability VCID-m7ca-pdzs-2yfd
11
vulnerability VCID-pjyr-9fcr-qbcr
12
vulnerability VCID-psmu-bqpc-tkah
13
vulnerability VCID-q32t-bhzw-kygq
14
vulnerability VCID-vmks-ba3d-ruf9
15
vulnerability VCID-wg91-ny7q-ckgz
16
vulnerability VCID-yj9m-e31v-bqcw
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dubbo/dubbo@2.7.2
3
url pkg:maven/org.apache.dubbo/dubbo@2.7.3
purl pkg:maven/org.apache.dubbo/dubbo@2.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2989-2ec6-jybq
1
vulnerability VCID-8cxs-6fuh-17fg
2
vulnerability VCID-9cck-3q13-1kej
3
vulnerability VCID-9ngc-j571-m3ck
4
vulnerability VCID-ahzf-whmw-aue3
5
vulnerability VCID-apmz-v6u5-8ygh
6
vulnerability VCID-dj6s-gcjj-nuhr
7
vulnerability VCID-eznq-hze7-kqfg
8
vulnerability VCID-f4ha-rjpx-yfgb
9
vulnerability VCID-h5n6-nuyj-dkcc
10
vulnerability VCID-m7ca-pdzs-2yfd
11
vulnerability VCID-pjyr-9fcr-qbcr
12
vulnerability VCID-psmu-bqpc-tkah
13
vulnerability VCID-q32t-bhzw-kygq
14
vulnerability VCID-vmks-ba3d-ruf9
15
vulnerability VCID-wg91-ny7q-ckgz
16
vulnerability VCID-yj9m-e31v-bqcw
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dubbo/dubbo@2.7.3
4
url pkg:maven/org.apache.dubbo/dubbo@2.7.4
purl pkg:maven/org.apache.dubbo/dubbo@2.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2989-2ec6-jybq
1
vulnerability VCID-8cxs-6fuh-17fg
2
vulnerability VCID-9cck-3q13-1kej
3
vulnerability VCID-9ngc-j571-m3ck
4
vulnerability VCID-ahzf-whmw-aue3
5
vulnerability VCID-apmz-v6u5-8ygh
6
vulnerability VCID-dj6s-gcjj-nuhr
7
vulnerability VCID-eznq-hze7-kqfg
8
vulnerability VCID-f4ha-rjpx-yfgb
9
vulnerability VCID-h5n6-nuyj-dkcc
10
vulnerability VCID-m7ca-pdzs-2yfd
11
vulnerability VCID-pjyr-9fcr-qbcr
12
vulnerability VCID-psmu-bqpc-tkah
13
vulnerability VCID-q32t-bhzw-kygq
14
vulnerability VCID-vmks-ba3d-ruf9
15
vulnerability VCID-wg91-ny7q-ckgz
16
vulnerability VCID-yj9m-e31v-bqcw
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dubbo/dubbo@2.7.4
5
url pkg:maven/org.apache.dubbo/dubbo@2.7.4.1
purl pkg:maven/org.apache.dubbo/dubbo@2.7.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2989-2ec6-jybq
1
vulnerability VCID-9cck-3q13-1kej
2
vulnerability VCID-9ngc-j571-m3ck
3
vulnerability VCID-ahzf-whmw-aue3
4
vulnerability VCID-apmz-v6u5-8ygh
5
vulnerability VCID-dj6s-gcjj-nuhr
6
vulnerability VCID-eznq-hze7-kqfg
7
vulnerability VCID-f4ha-rjpx-yfgb
8
vulnerability VCID-h5n6-nuyj-dkcc
9
vulnerability VCID-m7ca-pdzs-2yfd
10
vulnerability VCID-pjyr-9fcr-qbcr
11
vulnerability VCID-psmu-bqpc-tkah
12
vulnerability VCID-q32t-bhzw-kygq
13
vulnerability VCID-vmks-ba3d-ruf9
14
vulnerability VCID-wg91-ny7q-ckgz
15
vulnerability VCID-yj9m-e31v-bqcw
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dubbo/dubbo@2.7.4.1
6
url pkg:maven/org.apache.dubbo/dubbo@2.7.5
purl pkg:maven/org.apache.dubbo/dubbo@2.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2989-2ec6-jybq
1
vulnerability VCID-9cck-3q13-1kej
2
vulnerability VCID-9ngc-j571-m3ck
3
vulnerability VCID-ahzf-whmw-aue3
4
vulnerability VCID-apmz-v6u5-8ygh
5
vulnerability VCID-dj6s-gcjj-nuhr
6
vulnerability VCID-eznq-hze7-kqfg
7
vulnerability VCID-f4ha-rjpx-yfgb
8
vulnerability VCID-h5n6-nuyj-dkcc
9
vulnerability VCID-m7ca-pdzs-2yfd
10
vulnerability VCID-pjyr-9fcr-qbcr
11
vulnerability VCID-psmu-bqpc-tkah
12
vulnerability VCID-q32t-bhzw-kygq
13
vulnerability VCID-vmks-ba3d-ruf9
14
vulnerability VCID-wg91-ny7q-ckgz
15
vulnerability VCID-yj9m-e31v-bqcw
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dubbo/dubbo@2.7.5
7
url pkg:maven/org.apache.dubbo/dubbo@2.7.6
purl pkg:maven/org.apache.dubbo/dubbo@2.7.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2989-2ec6-jybq
1
vulnerability VCID-9cck-3q13-1kej
2
vulnerability VCID-9ngc-j571-m3ck
3
vulnerability VCID-ahzf-whmw-aue3
4
vulnerability VCID-apmz-v6u5-8ygh
5
vulnerability VCID-dj6s-gcjj-nuhr
6
vulnerability VCID-eznq-hze7-kqfg
7
vulnerability VCID-f4ha-rjpx-yfgb
8
vulnerability VCID-h5n6-nuyj-dkcc
9
vulnerability VCID-m7ca-pdzs-2yfd
10
vulnerability VCID-pjyr-9fcr-qbcr
11
vulnerability VCID-psmu-bqpc-tkah
12
vulnerability VCID-q32t-bhzw-kygq
13
vulnerability VCID-vmks-ba3d-ruf9
14
vulnerability VCID-wg91-ny7q-ckgz
15
vulnerability VCID-yj9m-e31v-bqcw
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dubbo/dubbo@2.7.6
8
url pkg:maven/org.apache.dubbo/dubbo@2.7.7
purl pkg:maven/org.apache.dubbo/dubbo@2.7.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2989-2ec6-jybq
1
vulnerability VCID-9cck-3q13-1kej
2
vulnerability VCID-9ngc-j571-m3ck
3
vulnerability VCID-ahzf-whmw-aue3
4
vulnerability VCID-apmz-v6u5-8ygh
5
vulnerability VCID-dj6s-gcjj-nuhr
6
vulnerability VCID-eznq-hze7-kqfg
7
vulnerability VCID-f4ha-rjpx-yfgb
8
vulnerability VCID-h5n6-nuyj-dkcc
9
vulnerability VCID-m7ca-pdzs-2yfd
10
vulnerability VCID-pjyr-9fcr-qbcr
11
vulnerability VCID-psmu-bqpc-tkah
12
vulnerability VCID-q32t-bhzw-kygq
13
vulnerability VCID-vmks-ba3d-ruf9
14
vulnerability VCID-yj9m-e31v-bqcw
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dubbo/dubbo@2.7.7
9
url pkg:maven/org.apache.dubbo/dubbo@2.7.8
purl pkg:maven/org.apache.dubbo/dubbo@2.7.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2989-2ec6-jybq
1
vulnerability VCID-9cck-3q13-1kej
2
vulnerability VCID-9ngc-j571-m3ck
3
vulnerability VCID-ahzf-whmw-aue3
4
vulnerability VCID-dj6s-gcjj-nuhr
5
vulnerability VCID-eznq-hze7-kqfg
6
vulnerability VCID-f4ha-rjpx-yfgb
7
vulnerability VCID-h5n6-nuyj-dkcc
8
vulnerability VCID-m7ca-pdzs-2yfd
9
vulnerability VCID-pjyr-9fcr-qbcr
10
vulnerability VCID-psmu-bqpc-tkah
11
vulnerability VCID-q32t-bhzw-kygq
12
vulnerability VCID-yj9m-e31v-bqcw
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dubbo/dubbo@2.7.8
10
url pkg:maven/org.apache.dubbo/dubbo@2.7.9
purl pkg:maven/org.apache.dubbo/dubbo@2.7.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9cck-3q13-1kej
1
vulnerability VCID-9ngc-j571-m3ck
2
vulnerability VCID-ahzf-whmw-aue3
3
vulnerability VCID-dj6s-gcjj-nuhr
4
vulnerability VCID-eznq-hze7-kqfg
5
vulnerability VCID-f4ha-rjpx-yfgb
6
vulnerability VCID-h5n6-nuyj-dkcc
7
vulnerability VCID-m7ca-pdzs-2yfd
8
vulnerability VCID-pjyr-9fcr-qbcr
9
vulnerability VCID-psmu-bqpc-tkah
10
vulnerability VCID-q32t-bhzw-kygq
11
vulnerability VCID-yj9m-e31v-bqcw
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dubbo/dubbo@2.7.9
11
url pkg:maven/org.apache.dubbo/dubbo@2.7.10
purl pkg:maven/org.apache.dubbo/dubbo@2.7.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9ngc-j571-m3ck
1
vulnerability VCID-ahzf-whmw-aue3
2
vulnerability VCID-dj6s-gcjj-nuhr
3
vulnerability VCID-f4ha-rjpx-yfgb
4
vulnerability VCID-h5n6-nuyj-dkcc
5
vulnerability VCID-m7ca-pdzs-2yfd
6
vulnerability VCID-psmu-bqpc-tkah
7
vulnerability VCID-q32t-bhzw-kygq
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dubbo/dubbo@2.7.10
12
url pkg:maven/org.apache.dubbo/dubbo@2.7.11
purl pkg:maven/org.apache.dubbo/dubbo@2.7.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9ngc-j571-m3ck
1
vulnerability VCID-ahzf-whmw-aue3
2
vulnerability VCID-dj6s-gcjj-nuhr
3
vulnerability VCID-f4ha-rjpx-yfgb
4
vulnerability VCID-h5n6-nuyj-dkcc
5
vulnerability VCID-m7ca-pdzs-2yfd
6
vulnerability VCID-psmu-bqpc-tkah
7
vulnerability VCID-q32t-bhzw-kygq
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dubbo/dubbo@2.7.11
13
url pkg:maven/org.apache.dubbo/dubbo@2.7.12
purl pkg:maven/org.apache.dubbo/dubbo@2.7.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9ngc-j571-m3ck
1
vulnerability VCID-ahzf-whmw-aue3
2
vulnerability VCID-dj6s-gcjj-nuhr
3
vulnerability VCID-f4ha-rjpx-yfgb
4
vulnerability VCID-h5n6-nuyj-dkcc
5
vulnerability VCID-m7ca-pdzs-2yfd
6
vulnerability VCID-psmu-bqpc-tkah
7
vulnerability VCID-q32t-bhzw-kygq
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dubbo/dubbo@2.7.12
14
url pkg:maven/org.apache.dubbo/dubbo@3.0.0
purl pkg:maven/org.apache.dubbo/dubbo@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9ngc-j571-m3ck
1
vulnerability VCID-ahzf-whmw-aue3
2
vulnerability VCID-dj6s-gcjj-nuhr
3
vulnerability VCID-f4ha-rjpx-yfgb
4
vulnerability VCID-h5n6-nuyj-dkcc
5
vulnerability VCID-q32t-bhzw-kygq
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dubbo/dubbo@3.0.0
15
url pkg:maven/org.apache.dubbo/dubbo@3.0.0.preview
purl pkg:maven/org.apache.dubbo/dubbo@3.0.0.preview
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9ngc-j571-m3ck
1
vulnerability VCID-ahzf-whmw-aue3
2
vulnerability VCID-dj6s-gcjj-nuhr
3
vulnerability VCID-f4ha-rjpx-yfgb
4
vulnerability VCID-h5n6-nuyj-dkcc
5
vulnerability VCID-q32t-bhzw-kygq
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dubbo/dubbo@3.0.0.preview
16
url pkg:maven/org.apache.dubbo/dubbo@3.0.1
purl pkg:maven/org.apache.dubbo/dubbo@3.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9ngc-j571-m3ck
1
vulnerability VCID-ahzf-whmw-aue3
2
vulnerability VCID-dj6s-gcjj-nuhr
3
vulnerability VCID-f4ha-rjpx-yfgb
4
vulnerability VCID-h5n6-nuyj-dkcc
5
vulnerability VCID-q32t-bhzw-kygq
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.dubbo/dubbo@3.0.1
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-36162
reference_id
reference_type
scores
0
value 0.01012
scoring_system epss
scoring_elements 0.77505
published_at 2026-06-06T12:55:00Z
1
value 0.01012
scoring_system epss
scoring_elements 0.77496
published_at 2026-06-07T12:55:00Z
2
value 0.01012
scoring_system epss
scoring_elements 0.77469
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-36162
1
reference_url https://github.com/apache/dubbo
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/dubbo
2
reference_url https://lists.apache.org/thread.html/rfa351115a459e214b99ffcc52c35f33359f3370c547d9c6ba1a60037%40%3Cdev.dubbo.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfa351115a459e214b99ffcc52c35f33359f3370c547d9c6ba1a60037%40%3Cdev.dubbo.apache.org%3E
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-36162
reference_id CVE-2021-36162
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-36162
4
reference_url https://github.com/advisories/GHSA-r577-4hq7-73qh
reference_id GHSA-r577-4hq7-73qh
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r577-4hq7-73qh
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 77
name Improper Neutralization of Special Elements used in a Command ('Command Injection')
description The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Exploits
Severity_range_score7.0 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-q32t-bhzw-kygq