Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-wn3h-y5yh-bbb3
Summary
OpenStack Nova logs sensitive context from notification exceptions
An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens.
Aliases
0
alias CVE-2017-7214
1
alias GHSA-f4g4-cj8f-3cr9
Fixed_packages
0
url pkg:pypi/nova@13.1.4
purl pkg:pypi/nova@13.1.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@13.1.4
1
url pkg:pypi/nova@14.0.5
purl pkg:pypi/nova@14.0.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@14.0.5
2
url pkg:pypi/nova@15.0.2
purl pkg:pypi/nova@15.0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@15.0.2
Affected_packages
0
url pkg:pypi/nova@13.0.0
purl pkg:pypi/nova@13.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-wn3h-y5yh-bbb3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@13.0.0
1
url pkg:pypi/nova@14.0.0
purl pkg:pypi/nova@14.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-svtk-epku-sqe1
1
vulnerability VCID-wn3h-y5yh-bbb3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@14.0.0
2
url pkg:pypi/nova@15.0.1
purl pkg:pypi/nova@15.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-wn3h-y5yh-bbb3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@15.0.1
References
0
reference_url https://access.redhat.com/errata/RHSA-2017:1508
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:1508
1
reference_url https://access.redhat.com/errata/RHSA-2017:1595
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:1595
2
reference_url https://github.com/openstack/nova
reference_id
reference_type
scores
url https://github.com/openstack/nova
3
reference_url https://github.com/openstack/nova/commit/3f985f1eda6f29180878a3d21c20c5057179486a
reference_id
reference_type
scores
url https://github.com/openstack/nova/commit/3f985f1eda6f29180878a3d21c20c5057179486a
4
reference_url https://github.com/openstack/nova/commit/acb19160d4d348e29a21ad57c61c7369352c4d1c
reference_id
reference_type
scores
url https://github.com/openstack/nova/commit/acb19160d4d348e29a21ad57c61c7369352c4d1c
5
reference_url https://github.com/openstack/nova/commit/c2c91ce44592fc5dc2aacee1cf7f5b5cfd2e9a0a
reference_id
reference_type
scores
url https://github.com/openstack/nova/commit/c2c91ce44592fc5dc2aacee1cf7f5b5cfd2e9a0a
6
reference_url https://github.com/openstack/nova/commit/e193201fa1de5b08b29adefd8c149935c5529598
reference_id
reference_type
scores
url https://github.com/openstack/nova/commit/e193201fa1de5b08b29adefd8c149935c5529598
7
reference_url https://launchpad.net/bugs/1673569
reference_id
reference_type
scores
url https://launchpad.net/bugs/1673569
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7214
reference_id CVE-2017-7214
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-7214
9
reference_url https://github.com/advisories/GHSA-f4g4-cj8f-3cr9
reference_id GHSA-f4g4-cj8f-3cr9
reference_type
scores
url https://github.com/advisories/GHSA-f4g4-cj8f-3cr9
Weaknesses
0
cwe_id 532
name Insertion of Sensitive Information into Log File
description Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-wn3h-y5yh-bbb3