Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-dwbh-pjyu-rufu

Summary

Improper Control of Generation of Code ('Code Injection')
PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The problem is fixed in version 1.7.8.3. There are no known workarounds.

Aliases

alias	CVE-2022-21686

alias	GHSA-mrq4-7ch7-2465

Fixed_packages

url	pkg:composer/prestashop/prestashop@1.7.8%2B3
purl	pkg:composer/prestashop/prestashop@1.7.8%2B3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.8%252B3

Affected_packages

url pkg:composer/prestashop/prestashop@1.7.0%2B0

purl pkg:composer/prestashop/prestashop@1.7.0%2B0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dwbh-pjyu-rufu

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.0%252B0

url pkg:composer/prestashop/prestashop@1.7.8%2B2

purl pkg:composer/prestashop/prestashop@1.7.8%2B2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dwbh-pjyu-rufu

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/prestashop/prestashop@1.7.8%252B2

References

reference_url	https://github.com/PrestaShop/PrestaShop/commit/d02b469ec365822e6a9f017e57f588966248bf21
reference_id
reference_type
scores
url	https://github.com/PrestaShop/PrestaShop/commit/d02b469ec365822e6a9f017e57f588966248bf21

reference_url	https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.3
reference_id
reference_type
scores
url	https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.3

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-21686
reference_id	CVE-2022-21686
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-21686

reference_url	https://github.com/advisories/GHSA-mrq4-7ch7-2465
reference_id	GHSA-mrq4-7ch7-2465
reference_type
scores
url	https://github.com/advisories/GHSA-mrq4-7ch7-2465

reference_url	https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-mrq4-7ch7-2465
reference_id	GHSA-mrq4-7ch7-2465
reference_type
scores
url	https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-mrq4-7ch7-2465

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	94
name	Improper Control of Generation of Code ('Code Injection')
description	The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dwbh-pjyu-rufu

Vulnerability Instance