Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-c2p4-3m34-8kbw
Summary
Quarkus HTTP vulnerable to incorrect evaluation of permissions
A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.
Aliases
0
alias CVE-2023-4853
1
alias GHSA-4f4r-wgv2-jjvg
Fixed_packages
0
url pkg:maven/io.quarkus/quarkus-csrf-reactive@2.16.11.Final
purl pkg:maven/io.quarkus/quarkus-csrf-reactive@2.16.11.Final
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-csrf-reactive@2.16.11.Final
1
url pkg:maven/io.quarkus/quarkus-csrf-reactive@3.2.6.Final
purl pkg:maven/io.quarkus/quarkus-csrf-reactive@3.2.6.Final
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-csrf-reactive@3.2.6.Final
2
url pkg:maven/io.quarkus/quarkus-csrf-reactive@3.3.3
purl pkg:maven/io.quarkus/quarkus-csrf-reactive@3.3.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-csrf-reactive@3.3.3
3
url pkg:maven/io.quarkus/quarkus-keycloak-authorization@2.16.11.Final
purl pkg:maven/io.quarkus/quarkus-keycloak-authorization@2.16.11.Final
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-keycloak-authorization@2.16.11.Final
4
url pkg:maven/io.quarkus/quarkus-keycloak-authorization@3.2.6.Final
purl pkg:maven/io.quarkus/quarkus-keycloak-authorization@3.2.6.Final
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-keycloak-authorization@3.2.6.Final
5
url pkg:maven/io.quarkus/quarkus-keycloak-authorization@3.3.3
purl pkg:maven/io.quarkus/quarkus-keycloak-authorization@3.3.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-keycloak-authorization@3.3.3
6
url pkg:maven/io.quarkus/quarkus-undertow@2.16.11.Final
purl pkg:maven/io.quarkus/quarkus-undertow@2.16.11.Final
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-undertow@2.16.11.Final
7
url pkg:maven/io.quarkus/quarkus-undertow@3.2.6.Final
purl pkg:maven/io.quarkus/quarkus-undertow@3.2.6.Final
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-undertow@3.2.6.Final
8
url pkg:maven/io.quarkus/quarkus-undertow@3.3.3
purl pkg:maven/io.quarkus/quarkus-undertow@3.3.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-undertow@3.3.3
9
url pkg:maven/io.quarkus/quarkus-vertx-http@2.16.11.Final
purl pkg:maven/io.quarkus/quarkus-vertx-http@2.16.11.Final
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-vertx-http@2.16.11.Final
10
url pkg:maven/io.quarkus/quarkus-vertx-http@3.2.6.Final
purl pkg:maven/io.quarkus/quarkus-vertx-http@3.2.6.Final
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-vertx-http@3.2.6.Final
11
url pkg:maven/io.quarkus/quarkus-vertx-http@3.3.3
purl pkg:maven/io.quarkus/quarkus-vertx-http@3.3.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-vertx-http@3.3.3
Affected_packages
0
url pkg:maven/io.quarkus/quarkus-csrf-reactive@3.0.0
purl pkg:maven/io.quarkus/quarkus-csrf-reactive@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c2p4-3m34-8kbw
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-csrf-reactive@3.0.0
1
url pkg:maven/io.quarkus/quarkus-csrf-reactive@3.3.0
purl pkg:maven/io.quarkus/quarkus-csrf-reactive@3.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c2p4-3m34-8kbw
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-csrf-reactive@3.3.0
2
url pkg:maven/io.quarkus/quarkus-keycloak-authorization@3.0.0
purl pkg:maven/io.quarkus/quarkus-keycloak-authorization@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c2p4-3m34-8kbw
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-keycloak-authorization@3.0.0
3
url pkg:maven/io.quarkus/quarkus-keycloak-authorization@3.3.0
purl pkg:maven/io.quarkus/quarkus-keycloak-authorization@3.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c2p4-3m34-8kbw
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-keycloak-authorization@3.3.0
4
url pkg:maven/io.quarkus/quarkus-undertow@3.0.0
purl pkg:maven/io.quarkus/quarkus-undertow@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c2p4-3m34-8kbw
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-undertow@3.0.0
5
url pkg:maven/io.quarkus/quarkus-undertow@3.3.0
purl pkg:maven/io.quarkus/quarkus-undertow@3.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c2p4-3m34-8kbw
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-undertow@3.3.0
6
url pkg:maven/io.quarkus/quarkus-vertx-http@3.0.0
purl pkg:maven/io.quarkus/quarkus-vertx-http@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c2p4-3m34-8kbw
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-vertx-http@3.0.0
7
url pkg:maven/io.quarkus/quarkus-vertx-http@3.3.0
purl pkg:maven/io.quarkus/quarkus-vertx-http@3.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c2p4-3m34-8kbw
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-vertx-http@3.3.0
8
url pkg:rpm/redhat/openshift-serverless-clients@1.9.2-3?arch=el8
purl pkg:rpm/redhat/openshift-serverless-clients@1.9.2-3?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c2p4-3m34-8kbw
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-serverless-clients@1.9.2-3%3Farch=el8
References
0
reference_url https://access.redhat.com/articles/11258
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/articles/11258
1
reference_url https://access.redhat.com/errata/RHSA-2023:5170
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:5170
2
reference_url https://access.redhat.com/errata/RHSA-2023:5310
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:5310
3
reference_url https://access.redhat.com/errata/RHSA-2023:5337
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:5337
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4853.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4853.json
5
reference_url https://access.redhat.com/security/vulnerabilities/RHSB-2023-002
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/vulnerabilities/RHSB-2023-002
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2238034
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2238034
7
reference_url https://github.com/quarkusio/quarkus
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/quarkusio/quarkus
8
reference_url https://github.com/quarkusio/quarkus/discussions/35940
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/quarkusio/quarkus/discussions/35940
9
reference_url https://github.com/quarkusio/quarkus/issues/35785
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/quarkusio/quarkus/issues/35785
10
reference_url https://access.redhat.com/security/cve/CVE-2023-4853
reference_id CVE-2023-4853
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2023-4853
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-4853
reference_id CVE-2023-4853
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-4853
12
reference_url https://github.com/advisories/GHSA-4f4r-wgv2-jjvg
reference_id GHSA-4f4r-wgv2-jjvg
reference_type
scores
url https://github.com/advisories/GHSA-4f4r-wgv2-jjvg
13
reference_url https://access.redhat.com/errata/RHSA-2023:5446
reference_id RHSA-2023:5446
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:5446
14
reference_url https://access.redhat.com/errata/RHSA-2023:5479
reference_id RHSA-2023:5479
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:5479
15
reference_url https://access.redhat.com/errata/RHSA-2023:5480
reference_id RHSA-2023:5480
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:5480
16
reference_url https://access.redhat.com/errata/RHSA-2023:6107
reference_id RHSA-2023:6107
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:6107
17
reference_url https://access.redhat.com/errata/RHSA-2023:6112
reference_id RHSA-2023:6112
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:6112
18
reference_url https://access.redhat.com/errata/RHSA-2023:7653
reference_id RHSA-2023:7653
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2023:7653
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 148
name Improper Neutralization of Input Leaders
description The product does not properly handle when a leading character or sequence (leader) is missing or malformed, or if multiple leaders are used when only one should be allowed.
3
cwe_id 863
name Incorrect Authorization
description The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
Exploits
Severity_range_score7.0 - 8.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-c2p4-3m34-8kbw