Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-c3qr-9rv2-yqh9
Summary
Duplicate
This advisory duplicates another.
Aliases
0
alias CVE-2022-24895
1
alias GHSA-3gv2-29qc-v67m
2
alias GMS-2023-210
3
alias GMS-2023-211
Fixed_packages
0
url pkg:composer/symfony/security-bundle@4.4.50
purl pkg:composer/symfony/security-bundle@4.4.50
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-bundle@4.4.50
1
url pkg:composer/symfony/security-bundle@5.4.20
purl pkg:composer/symfony/security-bundle@5.4.20
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-bundle@5.4.20
2
url pkg:composer/symfony/security-bundle@6.0.20
purl pkg:composer/symfony/security-bundle@6.0.20
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-bundle@6.0.20
3
url pkg:composer/symfony/security-bundle@6.1.12
purl pkg:composer/symfony/security-bundle@6.1.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-bundle@6.1.12
4
url pkg:composer/symfony/security-bundle@6.2.6
purl pkg:composer/symfony/security-bundle@6.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-bundle@6.2.6
5
url pkg:composer/symfony/symfony@4.4.50
purl pkg:composer/symfony/symfony@4.4.50
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.4.50
6
url pkg:composer/symfony/symfony@5.4.20
purl pkg:composer/symfony/symfony@5.4.20
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.20
7
url pkg:composer/symfony/symfony@6.0.20
purl pkg:composer/symfony/symfony@6.0.20
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.20
8
url pkg:composer/symfony/symfony@6.1.12
purl pkg:composer/symfony/symfony@6.1.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.12
9
url pkg:composer/symfony/symfony@6.2.6
purl pkg:composer/symfony/symfony@6.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.6
Affected_packages
0
url pkg:composer/symfony/security-bundle@2.0.0
purl pkg:composer/symfony/security-bundle@2.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c3qr-9rv2-yqh9
1
vulnerability VCID-ef86-hqv4-6kaz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-bundle@2.0.0
1
url pkg:composer/symfony/security-bundle@5.0.0
purl pkg:composer/symfony/security-bundle@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c3qr-9rv2-yqh9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-bundle@5.0.0
2
url pkg:composer/symfony/security-bundle@6.0.0
purl pkg:composer/symfony/security-bundle@6.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c3qr-9rv2-yqh9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-bundle@6.0.0
3
url pkg:composer/symfony/security-bundle@6.1.0
purl pkg:composer/symfony/security-bundle@6.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c3qr-9rv2-yqh9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-bundle@6.1.0
4
url pkg:composer/symfony/security-bundle@6.2.0
purl pkg:composer/symfony/security-bundle@6.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c3qr-9rv2-yqh9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-bundle@6.2.0
5
url pkg:composer/symfony/symfony@2.0.0
purl pkg:composer/symfony/symfony@2.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2kf8-ugvv-tbb8
1
vulnerability VCID-4f9e-eg67-cqbr
2
vulnerability VCID-86ct-zv8d-d3eb
3
vulnerability VCID-8bg3-r2zm-kfht
4
vulnerability VCID-8tk3-fzaa-pufq
5
vulnerability VCID-91hk-tdtv-x7fp
6
vulnerability VCID-bhnt-pgq7-yya3
7
vulnerability VCID-bktf-ejbt-2fds
8
vulnerability VCID-bvc9-d1ns-33g6
9
vulnerability VCID-c3qr-9rv2-yqh9
10
vulnerability VCID-ef86-hqv4-6kaz
11
vulnerability VCID-emn6-zmp1-yuhr
12
vulnerability VCID-hs5u-r1jg-tub5
13
vulnerability VCID-kysh-mfs1-3fad
14
vulnerability VCID-mzqs-3tyf-m7ec
15
vulnerability VCID-nsuz-7sdv-abef
16
vulnerability VCID-p131-pv18-ykht
17
vulnerability VCID-pxwk-7vcf-m7f5
18
vulnerability VCID-qqd1-smb1-sbe8
19
vulnerability VCID-rkap-39hu-abe9
20
vulnerability VCID-va3n-eg8b-guff
21
vulnerability VCID-vyug-krcw-jyef
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.0
6
url pkg:composer/symfony/symfony@5.0.0
purl pkg:composer/symfony/symfony@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9e-eg67-cqbr
1
vulnerability VCID-91hk-tdtv-x7fp
2
vulnerability VCID-c3qr-9rv2-yqh9
3
vulnerability VCID-m9e2-rg83-d7eb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.0.0
7
url pkg:composer/symfony/symfony@6.0.0
purl pkg:composer/symfony/symfony@6.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15tu-dfam-yqgh
1
vulnerability VCID-4f9e-eg67-cqbr
2
vulnerability VCID-91hk-tdtv-x7fp
3
vulnerability VCID-bhnt-pgq7-yya3
4
vulnerability VCID-c3qr-9rv2-yqh9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0
8
url pkg:composer/symfony/symfony@6.1.0
purl pkg:composer/symfony/symfony@6.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-91hk-tdtv-x7fp
1
vulnerability VCID-c3qr-9rv2-yqh9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.0
9
url pkg:composer/symfony/symfony@6.2.0
purl pkg:composer/symfony/symfony@6.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-91hk-tdtv-x7fp
1
vulnerability VCID-c3qr-9rv2-yqh9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.0
References
0
reference_url https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946
reference_id
reference_type
scores
url https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946
1
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
url https://github.com/symfony/symfony
2
reference_url https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4
reference_id
reference_type
scores
url https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4
3
reference_url https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24895
reference_id CVE-2022-24895
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-24895
5
reference_url https://symfony.com/cve-2022-24895
reference_id CVE-2022-24895
reference_type
scores
url https://symfony.com/cve-2022-24895
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml
reference_id CVE-2022-24895.YAML
reference_type
scores
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml
reference_id CVE-2022-24895.YAML
reference_type
scores
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml
8
reference_url https://github.com/advisories/GHSA-3gv2-29qc-v67m
reference_id GHSA-3gv2-29qc-v67m
reference_type
scores
url https://github.com/advisories/GHSA-3gv2-29qc-v67m
9
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m
reference_id GHSA-3gv2-29qc-v67m
reference_type
scores
url https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 352
name Cross-Site Request Forgery (CSRF)
description The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
3
cwe_id 384
name Session Fixation
description Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.
4
cwe_id 613
name Insufficient Session Expiration
description According to WASC, Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-c3qr-9rv2-yqh9