Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-xzyq-wm1j-dkcu
Summary
Incorrect Authorization in HashiCorp Consul
HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3.
Aliases
0
alias CVE-2020-7955
1
alias GHSA-r9w6-rhh9-7v53
Fixed_packages
0
url pkg:deb/debian/consul@1.7.0%2Bdfsg1-1?distro=bullseye
purl pkg:deb/debian/consul@1.7.0%2Bdfsg1-1?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.7.0%252Bdfsg1-1%3Fdistro=bullseye
1
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2
2
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2%3Fdistro=bullseye
3
url pkg:golang/github.com/hashicorp/consul@1.6.3
purl pkg:golang/github.com/hashicorp/consul@1.6.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/hashicorp/consul@1.6.3
Affected_packages
0
url pkg:deb/debian/consul@1.0.7~dfsg1-5
purl pkg:deb/debian/consul@1.0.7~dfsg1-5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dmf-rj8w-xycm
1
vulnerability VCID-467g-8bds-t3ef
2
vulnerability VCID-cqzz-az3e-kych
3
vulnerability VCID-ftvt-9nb3-xue3
4
vulnerability VCID-gkgb-5g8x-7fgf
5
vulnerability VCID-gsqu-g2y4-a7ap
6
vulnerability VCID-jm2d-ejbf-qfhz
7
vulnerability VCID-mv9z-hxmr-skfp
8
vulnerability VCID-pet2-hhx7-g7fc
9
vulnerability VCID-th2f-96u1-syhg
10
vulnerability VCID-xzyq-wm1j-dkcu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.0.7~dfsg1-5
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7955.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7955.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7955
reference_id
reference_type
scores
0
value 0.00332
scoring_system epss
scoring_elements 0.56087
published_at 2026-04-21T12:55:00Z
1
value 0.00332
scoring_system epss
scoring_elements 0.56108
published_at 2026-04-09T12:55:00Z
2
value 0.00332
scoring_system epss
scoring_elements 0.56119
published_at 2026-04-11T12:55:00Z
3
value 0.00332
scoring_system epss
scoring_elements 0.56096
published_at 2026-04-12T12:55:00Z
4
value 0.00332
scoring_system epss
scoring_elements 0.56079
published_at 2026-04-13T12:55:00Z
5
value 0.00332
scoring_system epss
scoring_elements 0.56114
published_at 2026-04-16T12:55:00Z
6
value 0.00332
scoring_system epss
scoring_elements 0.56116
published_at 2026-04-18T12:55:00Z
7
value 0.00332
scoring_system epss
scoring_elements 0.55942
published_at 2026-04-01T12:55:00Z
8
value 0.00332
scoring_system epss
scoring_elements 0.56053
published_at 2026-04-02T12:55:00Z
9
value 0.00332
scoring_system epss
scoring_elements 0.56074
published_at 2026-04-04T12:55:00Z
10
value 0.00332
scoring_system epss
scoring_elements 0.56052
published_at 2026-04-07T12:55:00Z
11
value 0.00332
scoring_system epss
scoring_elements 0.56104
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7955
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7955
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7955
3
reference_url https://github.com/hashicorp/consul/issues/7160
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/issues/7160
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7955
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7955
5
reference_url https://www.hashicorp.com/blog/category/consul
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.hashicorp.com/blog/category/consul
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1805875
reference_id 1805875
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1805875
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950736
reference_id 950736
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950736
Weaknesses
0
cwe_id 863
name Incorrect Authorization
description The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
1
cwe_id 841
name Improper Enforcement of Behavioral Workflow
description The product supports a session in which more than one behavior must be performed by an actor, but it does not properly ensure that the actor performs the behaviors in the required sequence.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-xzyq-wm1j-dkcu