Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-2cjq-uzsm-1uer
Summary
express-cart allows any user to create an admin user
Express-Cart before 1.1.6 allows remote attackers to create an admin user via an `/admin/setup` Referer header.
Aliases
0
alias CVE-2018-12457
1
alias GHSA-hr89-w7p6-pjmq
Fixed_packages
0
url pkg:npm/express-cart@1.1.6
purl pkg:npm/express-cart@1.1.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-145a-97vu-jyeg
1
vulnerability VCID-atgx-r2qy-8ufe
2
vulnerability VCID-eb7w-y953-67dy
3
vulnerability VCID-w999-rut7-z3cc
4
vulnerability VCID-wx6w-8yww-v3em
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/express-cart@1.1.6
Affected_packages
0
url pkg:npm/express-cart@0.0.1-security
purl pkg:npm/express-cart@0.0.1-security
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-145a-97vu-jyeg
1
vulnerability VCID-2cjq-uzsm-1uer
2
vulnerability VCID-atgx-r2qy-8ufe
3
vulnerability VCID-cftz-enwf-6uht
4
vulnerability VCID-eb7w-y953-67dy
5
vulnerability VCID-ewh1-bpnm-8fh4
6
vulnerability VCID-w999-rut7-z3cc
7
vulnerability VCID-wk1m-n6h7-ufbv
8
vulnerability VCID-wx6w-8yww-v3em
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/express-cart@0.0.1-security
1
url pkg:npm/express-cart@1.0.1
purl pkg:npm/express-cart@1.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-145a-97vu-jyeg
1
vulnerability VCID-2cjq-uzsm-1uer
2
vulnerability VCID-atgx-r2qy-8ufe
3
vulnerability VCID-cftz-enwf-6uht
4
vulnerability VCID-eb7w-y953-67dy
5
vulnerability VCID-ewh1-bpnm-8fh4
6
vulnerability VCID-w999-rut7-z3cc
7
vulnerability VCID-wk1m-n6h7-ufbv
8
vulnerability VCID-wx6w-8yww-v3em
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/express-cart@1.0.1
2
url pkg:npm/express-cart@1.1.1
purl pkg:npm/express-cart@1.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-145a-97vu-jyeg
1
vulnerability VCID-2cjq-uzsm-1uer
2
vulnerability VCID-atgx-r2qy-8ufe
3
vulnerability VCID-cftz-enwf-6uht
4
vulnerability VCID-eb7w-y953-67dy
5
vulnerability VCID-ewh1-bpnm-8fh4
6
vulnerability VCID-w999-rut7-z3cc
7
vulnerability VCID-wk1m-n6h7-ufbv
8
vulnerability VCID-wx6w-8yww-v3em
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/express-cart@1.1.1
3
url pkg:npm/express-cart@1.1.2
purl pkg:npm/express-cart@1.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-145a-97vu-jyeg
1
vulnerability VCID-2cjq-uzsm-1uer
2
vulnerability VCID-atgx-r2qy-8ufe
3
vulnerability VCID-cftz-enwf-6uht
4
vulnerability VCID-eb7w-y953-67dy
5
vulnerability VCID-ewh1-bpnm-8fh4
6
vulnerability VCID-w999-rut7-z3cc
7
vulnerability VCID-wk1m-n6h7-ufbv
8
vulnerability VCID-wx6w-8yww-v3em
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/express-cart@1.1.2
4
url pkg:npm/express-cart@1.1.3
purl pkg:npm/express-cart@1.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-145a-97vu-jyeg
1
vulnerability VCID-2cjq-uzsm-1uer
2
vulnerability VCID-atgx-r2qy-8ufe
3
vulnerability VCID-cftz-enwf-6uht
4
vulnerability VCID-eb7w-y953-67dy
5
vulnerability VCID-ewh1-bpnm-8fh4
6
vulnerability VCID-w999-rut7-z3cc
7
vulnerability VCID-wk1m-n6h7-ufbv
8
vulnerability VCID-wx6w-8yww-v3em
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/express-cart@1.1.3
5
url pkg:npm/express-cart@1.1.4
purl pkg:npm/express-cart@1.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-145a-97vu-jyeg
1
vulnerability VCID-2cjq-uzsm-1uer
2
vulnerability VCID-atgx-r2qy-8ufe
3
vulnerability VCID-cftz-enwf-6uht
4
vulnerability VCID-eb7w-y953-67dy
5
vulnerability VCID-ewh1-bpnm-8fh4
6
vulnerability VCID-w999-rut7-z3cc
7
vulnerability VCID-wk1m-n6h7-ufbv
8
vulnerability VCID-wx6w-8yww-v3em
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/express-cart@1.1.4
6
url pkg:npm/express-cart@1.1.5
purl pkg:npm/express-cart@1.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-145a-97vu-jyeg
1
vulnerability VCID-2cjq-uzsm-1uer
2
vulnerability VCID-atgx-r2qy-8ufe
3
vulnerability VCID-cftz-enwf-6uht
4
vulnerability VCID-eb7w-y953-67dy
5
vulnerability VCID-ewh1-bpnm-8fh4
6
vulnerability VCID-w999-rut7-z3cc
7
vulnerability VCID-wk1m-n6h7-ufbv
8
vulnerability VCID-wx6w-8yww-v3em
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/express-cart@1.1.5
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-12457
reference_id
reference_type
scores
0
value 0.00524
scoring_system epss
scoring_elements 0.67341
published_at 2026-06-05T12:55:00Z
1
value 0.00524
scoring_system epss
scoring_elements 0.67299
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-12457
1
reference_url https://github.com/mrvautin/expressCart
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mrvautin/expressCart
2
reference_url https://github.com/mrvautin/expressCart/commit/baccaae9b0b72f00b10c5453ca00231340ad3e3b
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mrvautin/expressCart/commit/baccaae9b0b72f00b10c5453ca00231340ad3e3b
3
reference_url https://github.com/nodejs/security-wg/blob/main/vuln/npm/469.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/nodejs/security-wg/blob/main/vuln/npm/469.json
4
reference_url https://hackerone.com/reports/343626
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/343626
5
reference_url https://snyk.io/vuln/npm:express-cart:20180712
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/npm:express-cart:20180712
6
reference_url https://www.npmjs.com/advisories/730
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/730
7
reference_url https://www.npmjs.com/package/express-cart?activeTab=versions
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/express-cart?activeTab=versions
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-12457
reference_id CVE-2018-12457
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-12457
9
reference_url https://github.com/advisories/GHSA-hr89-w7p6-pjmq
reference_id GHSA-hr89-w7p6-pjmq
reference_type
scores
url https://github.com/advisories/GHSA-hr89-w7p6-pjmq
Weaknesses
0
cwe_id 732
name Incorrect Permission Assignment for Critical Resource
description The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score7.0 - 8.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-2cjq-uzsm-1uer