Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-szsp-k3sg-r3eu

Summary A vulnerability in Babel could result in remote code execution.

Aliases

alias	CVE-2021-20095

Fixed_packages

url	pkg:alpm/archlinux/python-babel@2.9.1-1
purl	pkg:alpm/archlinux/python-babel@2.9.1-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/python-babel@2.9.1-1

url	pkg:ebuild/dev-python/Babel@2.9.1
purl	pkg:ebuild/dev-python/Babel@2.9.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-python/Babel@2.9.1

Affected_packages

url pkg:alpm/archlinux/python-babel@2.9.0-1

purl pkg:alpm/archlinux/python-babel@2.9.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-szsp-k3sg-r3eu

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/python-babel@2.9.0-1

url pkg:rpm/redhat/babel@2.5.1-7?arch=el8

purl pkg:rpm/redhat/babel@2.5.1-7?arch=el8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-szsp-k3sg-r3eu

vulnerability	VCID-yw7e-93us-8qh8

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/babel@2.5.1-7%3Farch=el8

url pkg:rpm/redhat/python27-babel@0.9.6-10?arch=el7

purl pkg:rpm/redhat/python27-babel@0.9.6-10?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-8a7h-5rn5-gubx

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-dkxn-j9dr-sqbp

vulnerability	VCID-jpa1-g154-1ye8

vulnerability	VCID-szsp-k3sg-r3eu

vulnerability	VCID-w6k8-js68-87g4

vulnerability	VCID-yw7e-93us-8qh8

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python27-babel@0.9.6-10%3Farch=el7

url pkg:rpm/redhat/python27-python@2.7.18-3?arch=el7

purl pkg:rpm/redhat/python27-python@2.7.18-3?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-8a7h-5rn5-gubx

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-dkxn-j9dr-sqbp

vulnerability	VCID-jpa1-g154-1ye8

vulnerability	VCID-szsp-k3sg-r3eu

vulnerability	VCID-w6k8-js68-87g4

vulnerability	VCID-yw7e-93us-8qh8

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python27-python@2.7.18-3%3Farch=el7

url pkg:rpm/redhat/python27-python-jinja2@2.6-16?arch=el7

purl pkg:rpm/redhat/python27-python-jinja2@2.6-16?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-8a7h-5rn5-gubx

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-dkxn-j9dr-sqbp

vulnerability	VCID-jpa1-g154-1ye8

vulnerability	VCID-szsp-k3sg-r3eu

vulnerability	VCID-w6k8-js68-87g4

vulnerability	VCID-yw7e-93us-8qh8

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python27-python-jinja2@2.6-16%3Farch=el7

url pkg:rpm/redhat/python27-python-pygments@1.5-5?arch=el7

purl pkg:rpm/redhat/python27-python-pygments@1.5-5?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1na8-nyq1-yfcy

vulnerability	VCID-8a7h-5rn5-gubx

vulnerability	VCID-brg4-rv29-1fgz

vulnerability	VCID-dkxn-j9dr-sqbp

vulnerability	VCID-jpa1-g154-1ye8

vulnerability	VCID-szsp-k3sg-r3eu

vulnerability	VCID-w6k8-js68-87g4

vulnerability	VCID-yw7e-93us-8qh8

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python27-python-pygments@1.5-5%3Farch=el7

url pkg:rpm/redhat/rh-python38-babel@2.7.0-12?arch=el7

purl pkg:rpm/redhat/rh-python38-babel@2.7.0-12?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2j3t-a3r6-vfg7

vulnerability	VCID-75s4-h132-6fe1

vulnerability	VCID-8a7h-5rn5-gubx

vulnerability	VCID-8par-whwz-6kft

vulnerability	VCID-bjpd-6kh8-1bbs

vulnerability	VCID-ct6h-d1eh-7bgj

vulnerability	VCID-dkxn-j9dr-sqbp

vulnerability	VCID-j8hj-k7wy-yfch

vulnerability	VCID-j95d-56fv-jfae

vulnerability	VCID-jpa1-g154-1ye8

vulnerability	VCID-szsp-k3sg-r3eu

vulnerability	VCID-u7xg-3dp7-vkc2

vulnerability	VCID-vmx8-tjg2-uuec

vulnerability	VCID-vpwj-d49q-1uh8

vulnerability	VCID-w6k8-js68-87g4

vulnerability	VCID-yw7e-93us-8qh8

vulnerability	VCID-z48d-eyxz-bycq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-python38-babel@2.7.0-12%3Farch=el7

url pkg:rpm/redhat/rh-python38-python@3.8.11-2?arch=el7

purl pkg:rpm/redhat/rh-python38-python@3.8.11-2?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2j3t-a3r6-vfg7

vulnerability	VCID-75s4-h132-6fe1

vulnerability	VCID-8a7h-5rn5-gubx

vulnerability	VCID-8par-whwz-6kft

vulnerability	VCID-bjpd-6kh8-1bbs

vulnerability	VCID-ct6h-d1eh-7bgj

vulnerability	VCID-dkxn-j9dr-sqbp

vulnerability	VCID-j8hj-k7wy-yfch

vulnerability	VCID-j95d-56fv-jfae

vulnerability	VCID-jpa1-g154-1ye8

vulnerability	VCID-szsp-k3sg-r3eu

vulnerability	VCID-u7xg-3dp7-vkc2

vulnerability	VCID-vmx8-tjg2-uuec

vulnerability	VCID-vpwj-d49q-1uh8

vulnerability	VCID-w6k8-js68-87g4

vulnerability	VCID-yw7e-93us-8qh8

vulnerability	VCID-z48d-eyxz-bycq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-python38-python@3.8.11-2%3Farch=el7

url pkg:rpm/redhat/rh-python38-python-cryptography@2.8-5?arch=el7

purl pkg:rpm/redhat/rh-python38-python-cryptography@2.8-5?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2j3t-a3r6-vfg7

vulnerability	VCID-75s4-h132-6fe1

vulnerability	VCID-8a7h-5rn5-gubx

vulnerability	VCID-8par-whwz-6kft

vulnerability	VCID-bjpd-6kh8-1bbs

vulnerability	VCID-ct6h-d1eh-7bgj

vulnerability	VCID-dkxn-j9dr-sqbp

vulnerability	VCID-j8hj-k7wy-yfch

vulnerability	VCID-j95d-56fv-jfae

vulnerability	VCID-jpa1-g154-1ye8

vulnerability	VCID-szsp-k3sg-r3eu

vulnerability	VCID-u7xg-3dp7-vkc2

vulnerability	VCID-vmx8-tjg2-uuec

vulnerability	VCID-vpwj-d49q-1uh8

vulnerability	VCID-w6k8-js68-87g4

vulnerability	VCID-yw7e-93us-8qh8

vulnerability	VCID-z48d-eyxz-bycq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-python38-python-cryptography@2.8-5%3Farch=el7

url pkg:rpm/redhat/rh-python38-python-jinja2@2.10.3-6?arch=el7

purl pkg:rpm/redhat/rh-python38-python-jinja2@2.10.3-6?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2j3t-a3r6-vfg7

vulnerability	VCID-75s4-h132-6fe1

vulnerability	VCID-8a7h-5rn5-gubx

vulnerability	VCID-8par-whwz-6kft

vulnerability	VCID-bjpd-6kh8-1bbs

vulnerability	VCID-ct6h-d1eh-7bgj

vulnerability	VCID-dkxn-j9dr-sqbp

vulnerability	VCID-j8hj-k7wy-yfch

vulnerability	VCID-j95d-56fv-jfae

vulnerability	VCID-jpa1-g154-1ye8

vulnerability	VCID-szsp-k3sg-r3eu

vulnerability	VCID-u7xg-3dp7-vkc2

vulnerability	VCID-vmx8-tjg2-uuec

vulnerability	VCID-vpwj-d49q-1uh8

vulnerability	VCID-w6k8-js68-87g4

vulnerability	VCID-yw7e-93us-8qh8

vulnerability	VCID-z48d-eyxz-bycq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-python38-python-jinja2@2.10.3-6%3Farch=el7

url pkg:rpm/redhat/rh-python38-python-lxml@4.4.1-7?arch=el7

purl pkg:rpm/redhat/rh-python38-python-lxml@4.4.1-7?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2j3t-a3r6-vfg7

vulnerability	VCID-75s4-h132-6fe1

vulnerability	VCID-8a7h-5rn5-gubx

vulnerability	VCID-8par-whwz-6kft

vulnerability	VCID-bjpd-6kh8-1bbs

vulnerability	VCID-ct6h-d1eh-7bgj

vulnerability	VCID-dkxn-j9dr-sqbp

vulnerability	VCID-j8hj-k7wy-yfch

vulnerability	VCID-j95d-56fv-jfae

vulnerability	VCID-jpa1-g154-1ye8

vulnerability	VCID-szsp-k3sg-r3eu

vulnerability	VCID-u7xg-3dp7-vkc2

vulnerability	VCID-vmx8-tjg2-uuec

vulnerability	VCID-vpwj-d49q-1uh8

vulnerability	VCID-w6k8-js68-87g4

vulnerability	VCID-yw7e-93us-8qh8

vulnerability	VCID-z48d-eyxz-bycq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-python38-python-lxml@4.4.1-7%3Farch=el7

url pkg:rpm/redhat/rh-python38-python-pip@19.3.1-2?arch=el7

purl pkg:rpm/redhat/rh-python38-python-pip@19.3.1-2?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2j3t-a3r6-vfg7

vulnerability	VCID-75s4-h132-6fe1

vulnerability	VCID-8a7h-5rn5-gubx

vulnerability	VCID-8par-whwz-6kft

vulnerability	VCID-bjpd-6kh8-1bbs

vulnerability	VCID-ct6h-d1eh-7bgj

vulnerability	VCID-dkxn-j9dr-sqbp

vulnerability	VCID-j8hj-k7wy-yfch

vulnerability	VCID-j95d-56fv-jfae

vulnerability	VCID-jpa1-g154-1ye8

vulnerability	VCID-szsp-k3sg-r3eu

vulnerability	VCID-u7xg-3dp7-vkc2

vulnerability	VCID-vmx8-tjg2-uuec

vulnerability	VCID-vpwj-d49q-1uh8

vulnerability	VCID-w6k8-js68-87g4

vulnerability	VCID-yw7e-93us-8qh8

vulnerability	VCID-z48d-eyxz-bycq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-python38-python-pip@19.3.1-2%3Farch=el7

url pkg:rpm/redhat/rh-python38-python-urllib3@1.25.7-7?arch=el7

purl pkg:rpm/redhat/rh-python38-python-urllib3@1.25.7-7?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2j3t-a3r6-vfg7

vulnerability	VCID-75s4-h132-6fe1

vulnerability	VCID-8a7h-5rn5-gubx

vulnerability	VCID-8par-whwz-6kft

vulnerability	VCID-bjpd-6kh8-1bbs

vulnerability	VCID-ct6h-d1eh-7bgj

vulnerability	VCID-dkxn-j9dr-sqbp

vulnerability	VCID-j8hj-k7wy-yfch

vulnerability	VCID-j95d-56fv-jfae

vulnerability	VCID-jpa1-g154-1ye8

vulnerability	VCID-szsp-k3sg-r3eu

vulnerability	VCID-u7xg-3dp7-vkc2

vulnerability	VCID-vmx8-tjg2-uuec

vulnerability	VCID-vpwj-d49q-1uh8

vulnerability	VCID-w6k8-js68-87g4

vulnerability	VCID-yw7e-93us-8qh8

vulnerability	VCID-z48d-eyxz-bycq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-python38-python-urllib3@1.25.7-7%3Farch=el7

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20095.json

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20095.json

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1955615
reference_id	1955615
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1955615

reference_url	https://security.archlinux.org/ASA-202105-15
reference_id	ASA-202105-15
reference_type
scores
url	https://security.archlinux.org/ASA-202105-15

reference_url

https://security.archlinux.org/AVG-1894

reference_id

AVG-1894

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1894

reference_url	https://security.gentoo.org/glsa/202208-03
reference_id	GLSA-202208-03
reference_type
scores
url	https://security.gentoo.org/glsa/202208-03

reference_url	https://access.redhat.com/errata/RHSA-2021:3252
reference_id	RHSA-2021:3252
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3252

reference_url	https://access.redhat.com/errata/RHSA-2021:4151
reference_id	RHSA-2021:4151
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4151

reference_url	https://access.redhat.com/errata/RHSA-2021:4162
reference_id	RHSA-2021:4162
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4162

reference_url	https://access.redhat.com/errata/RHSA-2021:4201
reference_id	RHSA-2021:4201
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4201

reference_url	https://usn.ubuntu.com/4962-1/
reference_id	USN-4962-1
reference_type
scores
url	https://usn.ubuntu.com/4962-1/

Weaknesses

cwe_id	22
name	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
description	The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Exploits

Severity_range_score 4.0 - 7.8

Exploitability 0.5

Weighted_severity 7.0

Risk_score 3.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-szsp-k3sg-r3eu

Vulnerability Instance