Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-mgx9-9bua-37f3
Summary
Duplicate
This advisory duplicates another.
Aliases
0
alias CVE-2022-44570
1
alias GHSA-65f5-mfpf-vfhj
2
alias GMS-2023-64
Fixed_packages
0
url pkg:gem/rack@2.0.9.2
purl pkg:gem/rack@2.0.9.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.9.2
1
url pkg:gem/rack@2.1.4.2
purl pkg:gem/rack@2.1.4.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.1.4.2
2
url pkg:gem/rack@2.2.6.2
purl pkg:gem/rack@2.2.6.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.6.2
3
url pkg:gem/rack@3.0.4.1
purl pkg:gem/rack@3.0.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.4.1
Affected_packages
0
url pkg:gem/rack@1.5.0
purl pkg:gem/rack@1.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6dhj-xgsb-nkhd
1
vulnerability VCID-mgx9-9bua-37f3
2
vulnerability VCID-w1cf-9x6v-pyhw
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@1.5.0
1
url pkg:gem/rack@2.1.0.0
purl pkg:gem/rack@2.1.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mgx9-9bua-37f3
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.1.0.0
2
url pkg:gem/rack@2.2.0.0
purl pkg:gem/rack@2.2.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mgx9-9bua-37f3
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.0.0
3
url pkg:gem/rack@3.0.0.0
purl pkg:gem/rack@3.0.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ebb6-b5tx-5bhf
1
vulnerability VCID-mgx9-9bua-37f3
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.0
References
0
reference_url https://discuss.rubyonrails.org/t/cve-2022-44570-possible-denial-of-service-vulnerability-in-racks-range-header-parsing/82125
reference_id
reference_type
scores
url https://discuss.rubyonrails.org/t/cve-2022-44570-possible-denial-of-service-vulnerability-in-racks-range-header-parsing/82125
1
reference_url https://github.com/rack/rack
reference_id
reference_type
scores
url https://github.com/rack/rack
2
reference_url https://github.com/rack/rack/releases/tag/v3.0.4.1
reference_id
reference_type
scores
url https://github.com/rack/rack/releases/tag/v3.0.4.1
3
reference_url https://security.netapp.com/advisory/ntap-20231208-0010
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20231208-0010
4
reference_url https://www.debian.org/security/2023/dsa-5530
reference_id
reference_type
scores
url https://www.debian.org/security/2023/dsa-5530
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-44570
reference_id CVE-2022-44570
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-44570
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44570.yml
reference_id CVE-2022-44570.YML
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44570.yml
7
reference_url https://github.com/advisories/GHSA-65f5-mfpf-vfhj
reference_id GHSA-65f5-mfpf-vfhj
reference_type
scores
url https://github.com/advisories/GHSA-65f5-mfpf-vfhj
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1333
name Inefficient Regular Expression Complexity
description The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.
3
cwe_id 400
name Uncontrolled Resource Consumption
description The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-mgx9-9bua-37f3