Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-ebb6-b5tx-5bhf

Summary

Duplicate
This advisory duplicates another.

Aliases

alias	CVE-2022-44571

alias	GHSA-93pm-5p5f-3ghx

alias	GMS-2023-65

Fixed_packages

url	pkg:gem/rack@2.0.9.2
purl	pkg:gem/rack@2.0.9.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.9.2

url	pkg:gem/rack@2.1.4.2
purl	pkg:gem/rack@2.1.4.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.1.4.2

url	pkg:gem/rack@2.2.6.1
purl	pkg:gem/rack@2.2.6.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.6.1

url	pkg:gem/rack@3.0.4.1
purl	pkg:gem/rack@3.0.4.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.4.1

Affected_packages

url pkg:gem/rack@2.0.0

purl pkg:gem/rack@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ra1-pgt2-3ubf

vulnerability	VCID-bqpn-m2fh-9kab

vulnerability	VCID-ebb6-b5tx-5bhf

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.0.0

url pkg:gem/rack@2.1.0

purl pkg:gem/rack@2.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-52qe-dast-tkhu

vulnerability	VCID-c9mc-7nts-cfgy

vulnerability	VCID-ebb6-b5tx-5bhf

vulnerability	VCID-zqax-g5xz-wuch

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.1.0

url pkg:gem/rack@2.2.0

purl pkg:gem/rack@2.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-52qe-dast-tkhu

vulnerability	VCID-c9mc-7nts-cfgy

vulnerability	VCID-ebb6-b5tx-5bhf

vulnerability	VCID-zqax-g5xz-wuch

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@2.2.0

url pkg:gem/rack@3.0.0.0

purl pkg:gem/rack@3.0.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ebb6-b5tx-5bhf

vulnerability	VCID-mgx9-9bua-37f3

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rack@3.0.0.0

References

reference_url	https://discuss.rubyonrails.org/t/cve-2022-44571-possible-denial-of-service-vulnerability-in-rack-content-disposition-parsing/82126
reference_id
reference_type
scores
url	https://discuss.rubyonrails.org/t/cve-2022-44571-possible-denial-of-service-vulnerability-in-rack-content-disposition-parsing/82126

reference_url	https://github.com/rack/rack/releases/tag/v3.0.4.1
reference_id
reference_type
scores
url	https://github.com/rack/rack/releases/tag/v3.0.4.1

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-44571
reference_id	CVE-2022-44571
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-44571

reference_url	https://github.com/advisories/GHSA-93pm-5p5f-3ghx
reference_id	GHSA-93pm-5p5f-3ghx
reference_type
scores
url	https://github.com/advisories/GHSA-93pm-5p5f-3ghx

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1333
name	Inefficient Regular Expression Complexity
description	The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ebb6-b5tx-5bhf

Vulnerability Instance