Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-1ubv-cmf7-3ffv
Summary
Improper Restriction of XML External Entity Reference
Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information.
Aliases
0
alias CVE-2023-6836
1
alias GHSA-cr8h-fr86-8vfv
Fixed_packages
0
url pkg:maven/org.wso2.am/wso2am@4.0.0-beta
purl pkg:maven/org.wso2.am/wso2am@4.0.0-beta
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.wso2.am/wso2am@4.0.0-beta
1
url pkg:maven/org.wso2.carbon.analytics-common/org.wso2.carbon.event.input.adapter.core@5.2.23
purl pkg:maven/org.wso2.carbon.analytics-common/org.wso2.carbon.event.input.adapter.core@5.2.23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.wso2.carbon.analytics-common/org.wso2.carbon.event.input.adapter.core@5.2.23
2
url pkg:maven/org.wso2.carbon.commons/org.wso2.carbon.ntask.core@4.7.24
purl pkg:maven/org.wso2.carbon.commons/org.wso2.carbon.ntask.core@4.7.24
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.wso2.carbon.commons/org.wso2.carbon.ntask.core@4.7.24
3
url pkg:maven/org.wso2.carbon.event-processing/org.wso2.carbon.event.processor.core@2.2.12
purl pkg:maven/org.wso2.carbon.event-processing/org.wso2.carbon.event.processor.core@2.2.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.wso2.carbon.event-processing/org.wso2.carbon.event.processor.core@2.2.12
4
url pkg:maven/org.wso2.carbon.governance/org.wso2.carbon.governance.common@4.8.13
purl pkg:maven/org.wso2.carbon.governance/org.wso2.carbon.governance.common@4.8.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.wso2.carbon.governance/org.wso2.carbon.governance.common@4.8.13
5
url pkg:maven/org.wso2.carbon.registry/org.wso2.carbon.registry.extensions@4.7.31
purl pkg:maven/org.wso2.carbon.registry/org.wso2.carbon.registry.extensions@4.7.31
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.wso2.carbon.registry/org.wso2.carbon.registry.extensions@4.7.31
Affected_packages
0
url pkg:maven/org.wso2.am.microgw/org.wso2.micro.gateway.core@2.2.0
purl pkg:maven/org.wso2.am.microgw/org.wso2.micro.gateway.core@2.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ubv-cmf7-3ffv
1
vulnerability VCID-afh6-1arv-wkbk
2
vulnerability VCID-cjdq-8bzy-8uft
3
vulnerability VCID-cs6r-dpvb-r7bw
4
vulnerability VCID-dwym-rb1b-8fd5
5
vulnerability VCID-mpxj-zk4u-mkdq
6
vulnerability VCID-snaq-p5fe-qfeu
7
vulnerability VCID-sp1k-1yzm-d7au
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.wso2.am.microgw/org.wso2.micro.gateway.core@2.2.0
1
url pkg:maven/org.wso2.carbon.analytics-common/org.wso2.carbon.event.publisher.core@2.2.0
purl pkg:maven/org.wso2.carbon.analytics-common/org.wso2.carbon.event.publisher.core@2.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ubv-cmf7-3ffv
1
vulnerability VCID-afh6-1arv-wkbk
2
vulnerability VCID-cs6r-dpvb-r7bw
3
vulnerability VCID-dwym-rb1b-8fd5
4
vulnerability VCID-snaq-p5fe-qfeu
5
vulnerability VCID-wgy3-nmnk-83gf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.wso2.carbon.analytics-common/org.wso2.carbon.event.publisher.core@2.2.0
2
url pkg:maven/org.wso2.carbon.analytics-common/org.wso2.carbon.event.publisher.core@2.5.0
purl pkg:maven/org.wso2.carbon.analytics-common/org.wso2.carbon.event.publisher.core@2.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ubv-cmf7-3ffv
1
vulnerability VCID-cs6r-dpvb-r7bw
2
vulnerability VCID-j2sz-yj97-dqcz
3
vulnerability VCID-nrva-qqy9-dbh3
4
vulnerability VCID-snaq-p5fe-qfeu
5
vulnerability VCID-wgy3-nmnk-83gf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.wso2.carbon.analytics-common/org.wso2.carbon.event.publisher.core@2.5.0
References
0
reference_url https://github.com/wso2/carbon-analytics-common/commit/9478336859306d3ea13b25cb386f29c183707fde
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wso2/carbon-analytics-common/commit/9478336859306d3ea13b25cb386f29c183707fde
1
reference_url https://github.com/wso2/carbon-commons/commit/a08a587e3dd5146121a7b47a0fdd06ddbcd903f4
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wso2/carbon-commons/commit/a08a587e3dd5146121a7b47a0fdd06ddbcd903f4
2
reference_url https://github.com/wso2/carbon-event-processing/commit/e9953afd46a45f704de341a081f710cbdfa3f975
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wso2/carbon-event-processing/commit/e9953afd46a45f704de341a081f710cbdfa3f975
3
reference_url https://github.com/wso2/carbon-governance/commit/ad36968d5a11d4fc35fa5cc4e8b5ae9a04e5bb4c
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wso2/carbon-governance/commit/ad36968d5a11d4fc35fa5cc4e8b5ae9a04e5bb4c
4
reference_url https://github.com/wso2/carbon-registry/commit/738b2a0b3e5f118527da236467ed72d9fd9ce40e
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wso2/carbon-registry/commit/738b2a0b3e5f118527da236467ed72d9fd9ce40e
5
reference_url https://github.com/wso2/product-apim/commit/96e8f5d6566d57bbbb8d4257f6f55057a79d00b5
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wso2/product-apim/commit/96e8f5d6566d57bbbb8d4257f6f55057a79d00b5
6
reference_url https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-0716
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-0716
7
reference_url https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-0716/
reference_id
reference_type
scores
url https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-0716/
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-6836
reference_id CVE-2023-6836
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-6836
9
reference_url https://github.com/advisories/GHSA-cr8h-fr86-8vfv
reference_id GHSA-cr8h-fr86-8vfv
reference_type
scores
url https://github.com/advisories/GHSA-cr8h-fr86-8vfv
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 611
name Improper Restriction of XML External Entity Reference
description The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-1ubv-cmf7-3ffv