Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-sg62-98yy-2kd7

Summary

Incorrect Authorization
Default SilverStripe GraphQL Server (aka silverstripe/graphql) permission checker is not inherited by query subclass.

Aliases

alias	CVE-2021-28661

alias	GHSA-r7rh-g777-g5gx

Fixed_packages

url	pkg:composer/silverstripe/framework@3.5.2
purl	pkg:composer/silverstripe/framework@3.5.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2

url	pkg:composer/silverstripe/graphql@3.5.2
purl	pkg:composer/silverstripe/graphql@3.5.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/graphql@3.5.2

url	pkg:composer/silverstripe/secureassets@3.5.2
purl	pkg:composer/silverstripe/secureassets@3.5.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/secureassets@3.5.2

Affected_packages

url pkg:composer/silverstripe/framework@3.0.0

purl pkg:composer/silverstripe/framework@3.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mmc-91gk-r3d3

vulnerability	VCID-3snr-vtda-jqdj

vulnerability	VCID-78b6-1v3w-qfc3

vulnerability	VCID-8xwp-xd3k-fqaz

vulnerability	VCID-nu3h-nb1g-67bs

vulnerability	VCID-sg62-98yy-2kd7

vulnerability	VCID-uyxp-7fh1-77cg

vulnerability	VCID-wmfv-vtnz-bkad

vulnerability	VCID-yfuu-th6b-nba4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.0

url pkg:composer/silverstripe/secureassets@3.0.0

purl pkg:composer/silverstripe/secureassets@3.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-sg62-98yy-2kd7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/secureassets@3.0.0

References

reference_url	https://github.com/silverstripe/silverstripe-graphql/pull/407/commits/16961459f681f7b32145296189dfdbcc7715e6ed
reference_id
reference_type
scores
url	https://github.com/silverstripe/silverstripe-graphql/pull/407/commits/16961459f681f7b32145296189dfdbcc7715e6ed

reference_url	https://github.com/silverstripe/silverstripe-graphql/releases
reference_id
reference_type
scores
url	https://github.com/silverstripe/silverstripe-graphql/releases

reference_url	https://github.com/silverstripe/silverstripe-graphql/releases/tag/3.5.2
reference_id
reference_type
scores
url	https://github.com/silverstripe/silverstripe-graphql/releases/tag/3.5.2

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-28661
reference_id	CVE-2021-28661
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-28661

reference_url	https://www.silverstripe.org/download/security-releases/CVE-2021-28661
reference_id	CVE-2021-28661
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/CVE-2021-28661

reference_url	https://github.com/advisories/GHSA-r7rh-g777-g5gx
reference_id	GHSA-r7rh-g777-g5gx
reference_type
scores
url	https://github.com/advisories/GHSA-r7rh-g777-g5gx

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	863
name	Incorrect Authorization
description	The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sg62-98yy-2kd7

Vulnerability Instance