Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-r21j-tf23-vuh2
Summary
Out-of-bounds Write
An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint (that may or may not expect JSON payloads) causes a StackOverflowError and Denial of Service.
Aliases
0
alias CVE-2020-27196
1
alias GHSA-h48w-c35p-6m8x
Fixed_packages
0
url pkg:maven/com.typesafe.play/play@2.7.6
purl pkg:maven/com.typesafe.play/play@2.7.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.play/play@2.7.6
1
url pkg:maven/com.typesafe.play/play@2.8.3
purl pkg:maven/com.typesafe.play/play@2.8.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.play/play@2.8.3
2
url pkg:maven/com.typesafe.play/play-java@2.7.6
purl pkg:maven/com.typesafe.play/play-java@2.7.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.play/play-java@2.7.6
3
url pkg:maven/com.typesafe.play/play-java@2.8.3
purl pkg:maven/com.typesafe.play/play-java@2.8.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.play/play-java@2.8.3
Affected_packages
0
url pkg:maven/com.typesafe.play/play@2.6.0
purl pkg:maven/com.typesafe.play/play@2.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-378h-ypwm-f7hn
1
vulnerability VCID-r21j-tf23-vuh2
2
vulnerability VCID-z911-wjbu-kfcf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.play/play@2.6.0
1
url pkg:maven/com.typesafe.play/play@2.8.0
purl pkg:maven/com.typesafe.play/play@2.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-378h-ypwm-f7hn
1
vulnerability VCID-m5vk-jhf3-xkfw
2
vulnerability VCID-r21j-tf23-vuh2
3
vulnerability VCID-z911-wjbu-kfcf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.play/play@2.8.0
2
url pkg:maven/com.typesafe.play/play-java@2.6.0
purl pkg:maven/com.typesafe.play/play-java@2.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r21j-tf23-vuh2
1
vulnerability VCID-z911-wjbu-kfcf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.play/play-java@2.6.0
3
url pkg:maven/com.typesafe.play/play-java@2.8.0
purl pkg:maven/com.typesafe.play/play-java@2.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r21j-tf23-vuh2
1
vulnerability VCID-z911-wjbu-kfcf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.typesafe.play/play-java@2.8.0
References
0
reference_url https://github.com/playframework/playframework/pull/10321
reference_id
reference_type
scores
url https://github.com/playframework/playframework/pull/10321
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-27196
reference_id CVE-2020-27196
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-27196
2
reference_url https://www.playframework.com/security/vulnerability/CVE-2020-27196-DosViaJsonStackOverflow
reference_id CVE-2020-27196-DOSVIAJSONSTACKOVERFLOW
reference_type
scores
url https://www.playframework.com/security/vulnerability/CVE-2020-27196-DosViaJsonStackOverflow
3
reference_url https://github.com/advisories/GHSA-h48w-c35p-6m8x
reference_id GHSA-h48w-c35p-6m8x
reference_type
scores
url https://github.com/advisories/GHSA-h48w-c35p-6m8x
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 787
name Out-of-bounds Write
description The product writes data past the end, or before the beginning, of the intended buffer.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-r21j-tf23-vuh2