Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-j7c7-5cjw-wqf9

Summary

Session Fixation
A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also called a "SAML2 multi-session vulnerability."

Aliases

alias	CVE-2016-8638

alias	GHSA-376m-3rm2-9jm6

Fixed_packages

url	pkg:pypi/ipsilon@1.0.3
purl	pkg:pypi/ipsilon@1.0.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/ipsilon@1.0.3

url	pkg:pypi/ipsilon@1.1.2
purl	pkg:pypi/ipsilon@1.1.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/ipsilon@1.1.2

url	pkg:pypi/ipsilon@1.2.1
purl	pkg:pypi/ipsilon@1.2.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/ipsilon@1.2.1

url	pkg:pypi/ipsilon@2.0.2
purl	pkg:pypi/ipsilon@2.0.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/ipsilon@2.0.2

Affected_packages

url pkg:pypi/ipsilon@1.0.0

purl pkg:pypi/ipsilon@1.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-j7c7-5cjw-wqf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ipsilon@1.0.0

url pkg:pypi/ipsilon@1.1.0

purl pkg:pypi/ipsilon@1.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-j7c7-5cjw-wqf9

vulnerability	VCID-uw3a-jsez-xffk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ipsilon@1.1.0

url pkg:pypi/ipsilon@1.2.0

purl pkg:pypi/ipsilon@1.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-j7c7-5cjw-wqf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ipsilon@1.2.0

url pkg:pypi/ipsilon@2.0.0

purl pkg:pypi/ipsilon@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-j7c7-5cjw-wqf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ipsilon@2.0.0

url pkg:rpm/redhat/ipsilon@1.0.0-13?arch=el7_3

purl pkg:rpm/redhat/ipsilon@1.0.0-13?arch=el7_3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-j7c7-5cjw-wqf9

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ipsilon@1.0.0-13%3Farch=el7_3

References

reference_url

http://rhn.redhat.com/errata/RHSA-2016-2809.html

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-2809.html

reference_url

https://access.redhat.com/errata/RHSA-2016:2809

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2016:2809

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8638.json

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8638.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-8638

reference_id

reference_type

scores

value	0.07142
scoring_system	epss
scoring_elements	0.91702
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-8638

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1392829

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1392829

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8638

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8638

reference_url

https://github.com/ipsilon-project/ipsilon

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/ipsilon-project/ipsilon

reference_url

https://github.com/ipsilon-project/ipsilon/commit/1c48414877fc110652b6078a29529972c7ec9122

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/ipsilon-project/ipsilon/commit/1c48414877fc110652b6078a29529972c7ec9122

reference_url

https://github.com/ipsilon-project/ipsilon/commit/64fc366c054fc6af1d9d2692902db169884b5f78

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/ipsilon-project/ipsilon/commit/64fc366c054fc6af1d9d2692902db169884b5f78

reference_url

https://github.com/ipsilon-project/ipsilon/commit/a33303b6beb5c316d7c18b23566b7666a4e307a4

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/ipsilon-project/ipsilon/commit/a33303b6beb5c316d7c18b23566b7666a4e307a4

reference_url

https://github.com/ipsilon-project/ipsilon/commit/b4744a92d4fa7f6d7ade0ae2d99a2dc0ea94734d

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/ipsilon-project/ipsilon/commit/b4744a92d4fa7f6d7ade0ae2d99a2dc0ea94734d

reference_url

https://ipsilon-project.org/release/2.1.0.html

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://ipsilon-project.org/release/2.1.0.html

reference_url

https://pagure.io/ipsilon/c/511fa8b7001c2f9a42301aa1d4b85aaf170a461c

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://pagure.io/ipsilon/c/511fa8b7001c2f9a42301aa1d4b85aaf170a461c

reference_url

http://www.securityfocus.com/bid/94439

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/94439

reference_url

https://access.redhat.com/security/cve/CVE-2016-8638

reference_id

CVE-2016-8638

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2016-8638

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-8638

reference_id

CVE-2016-8638

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-8638

reference_url

https://ipsilon-project.org/advisory/CVE-2016-8638.txt

reference_id

CVE-2016-8638.TXT

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://ipsilon-project.org/advisory/CVE-2016-8638.txt

reference_url	https://github.com/advisories/GHSA-376m-3rm2-9jm6
reference_id	GHSA-376m-3rm2-9jm6
reference_type
scores
url	https://github.com/advisories/GHSA-376m-3rm2-9jm6

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	384
name	Session Fixation
description	Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	287
name	Improper Authentication
description	When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Exploits

Severity_range_score 8.2 - 10.0

Exploitability 0.5

Weighted_severity 9.0

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j7c7-5cjw-wqf9

Vulnerability Instance