Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-e7xv-sdvz-g7e4
SummaryThe Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.
Aliases
0
alias CVE-2013-4152
1
alias GHSA-rp4p-g69r-438x
Fixed_packages
0
url pkg:deb/debian/libspring-java@3.0.6.RELEASE-10?distro=trixie
purl pkg:deb/debian/libspring-java@3.0.6.RELEASE-10?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@3.0.6.RELEASE-10%3Fdistro=trixie
1
url pkg:deb/debian/libspring-java@3.0.6.RELEASE-17
purl pkg:deb/debian/libspring-java@3.0.6.RELEASE-17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2nff-p7we-tuax
1
vulnerability VCID-4sj2-j914-9yfb
2
vulnerability VCID-53gt-nbgk-hyc2
3
vulnerability VCID-9v66-xp9z-8kea
4
vulnerability VCID-bpme-zq57-4uh7
5
vulnerability VCID-dfs4-emmn-f3eb
6
vulnerability VCID-ec6g-dnjb-vycb
7
vulnerability VCID-j3wr-npbv-8qcw
8
vulnerability VCID-kpma-e8rd-b7c8
9
vulnerability VCID-mqnn-spsw-8fg5
10
vulnerability VCID-pb7f-yasx-17ag
11
vulnerability VCID-pht6-8af8-b3f2
12
vulnerability VCID-qpxj-fzta-v7bs
13
vulnerability VCID-tu1q-zbk1-hbdm
14
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@3.0.6.RELEASE-17
2
url pkg:deb/debian/libspring-java@4.3.30-1?distro=trixie
purl pkg:deb/debian/libspring-java@4.3.30-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.30-1%3Fdistro=trixie
3
url pkg:deb/debian/libspring-java@4.3.30-2?distro=trixie
purl pkg:deb/debian/libspring-java@4.3.30-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.30-2%3Fdistro=trixie
4
url pkg:deb/debian/libspring-java@4.3.30-3?distro=trixie
purl pkg:deb/debian/libspring-java@4.3.30-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.30-3%3Fdistro=trixie
5
url pkg:deb/debian/libspring-java@4.3.30-4?distro=trixie
purl pkg:deb/debian/libspring-java@4.3.30-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@4.3.30-4%3Fdistro=trixie
6
url pkg:maven/org.springframework/spring-oxm@3.2.4.RELEASE
purl pkg:maven/org.springframework/spring-oxm@3.2.4.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r384-aque-vqcw
1
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-oxm@3.2.4.RELEASE
7
url pkg:maven/org.springframework/spring-oxm@4.0.1.RELEASE
purl pkg:maven/org.springframework/spring-oxm@4.0.1.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r384-aque-vqcw
1
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-oxm@4.0.1.RELEASE
Affected_packages
0
url pkg:deb/debian/libspring-java@3.0.6.RELEASE-6%2Bdeb7u3
purl pkg:deb/debian/libspring-java@3.0.6.RELEASE-6%2Bdeb7u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2nff-p7we-tuax
1
vulnerability VCID-4sj2-j914-9yfb
2
vulnerability VCID-53gt-nbgk-hyc2
3
vulnerability VCID-9v66-xp9z-8kea
4
vulnerability VCID-ajex-5x84-8ygb
5
vulnerability VCID-asmf-3c71-gqcb
6
vulnerability VCID-bpme-zq57-4uh7
7
vulnerability VCID-dfs4-emmn-f3eb
8
vulnerability VCID-e7xv-sdvz-g7e4
9
vulnerability VCID-ec6g-dnjb-vycb
10
vulnerability VCID-eer8-apxc-2ue6
11
vulnerability VCID-j3wr-npbv-8qcw
12
vulnerability VCID-kpma-e8rd-b7c8
13
vulnerability VCID-mqnn-spsw-8fg5
14
vulnerability VCID-mvx7-2y3s-fbbb
15
vulnerability VCID-pb7f-yasx-17ag
16
vulnerability VCID-pht6-8af8-b3f2
17
vulnerability VCID-qpxj-fzta-v7bs
18
vulnerability VCID-r384-aque-vqcw
19
vulnerability VCID-tu1q-zbk1-hbdm
20
vulnerability VCID-vkf8-5z5m-wqc7
21
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libspring-java@3.0.6.RELEASE-6%252Bdeb7u3
1
url pkg:maven/org.springframework/spring-oxm@3.0.0.RELEASE
purl pkg:maven/org.springframework/spring-oxm@3.0.0.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-asmf-3c71-gqcb
1
vulnerability VCID-e7xv-sdvz-g7e4
2
vulnerability VCID-eer8-apxc-2ue6
3
vulnerability VCID-r384-aque-vqcw
4
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-oxm@3.0.0.RELEASE
2
url pkg:maven/org.springframework/spring-oxm@3.0.1.RELEASE
purl pkg:maven/org.springframework/spring-oxm@3.0.1.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-asmf-3c71-gqcb
1
vulnerability VCID-e7xv-sdvz-g7e4
2
vulnerability VCID-eer8-apxc-2ue6
3
vulnerability VCID-r384-aque-vqcw
4
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-oxm@3.0.1.RELEASE
3
url pkg:maven/org.springframework/spring-oxm@3.0.2.RELEASE
purl pkg:maven/org.springframework/spring-oxm@3.0.2.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-asmf-3c71-gqcb
1
vulnerability VCID-e7xv-sdvz-g7e4
2
vulnerability VCID-eer8-apxc-2ue6
3
vulnerability VCID-r384-aque-vqcw
4
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-oxm@3.0.2.RELEASE
4
url pkg:maven/org.springframework/spring-oxm@3.0.3.RELEASE
purl pkg:maven/org.springframework/spring-oxm@3.0.3.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-asmf-3c71-gqcb
1
vulnerability VCID-e7xv-sdvz-g7e4
2
vulnerability VCID-eer8-apxc-2ue6
3
vulnerability VCID-r384-aque-vqcw
4
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-oxm@3.0.3.RELEASE
5
url pkg:maven/org.springframework/spring-oxm@3.0.4.RELEASE
purl pkg:maven/org.springframework/spring-oxm@3.0.4.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-asmf-3c71-gqcb
1
vulnerability VCID-e7xv-sdvz-g7e4
2
vulnerability VCID-eer8-apxc-2ue6
3
vulnerability VCID-r384-aque-vqcw
4
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-oxm@3.0.4.RELEASE
6
url pkg:maven/org.springframework/spring-oxm@3.0.5.RELEASE
purl pkg:maven/org.springframework/spring-oxm@3.0.5.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-asmf-3c71-gqcb
1
vulnerability VCID-e7xv-sdvz-g7e4
2
vulnerability VCID-eer8-apxc-2ue6
3
vulnerability VCID-r384-aque-vqcw
4
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-oxm@3.0.5.RELEASE
7
url pkg:maven/org.springframework/spring-oxm@3.0.6.RELEASE
purl pkg:maven/org.springframework/spring-oxm@3.0.6.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-asmf-3c71-gqcb
1
vulnerability VCID-e7xv-sdvz-g7e4
2
vulnerability VCID-eer8-apxc-2ue6
3
vulnerability VCID-r384-aque-vqcw
4
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-oxm@3.0.6.RELEASE
8
url pkg:maven/org.springframework/spring-oxm@3.0.7.RELEASE
purl pkg:maven/org.springframework/spring-oxm@3.0.7.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-asmf-3c71-gqcb
1
vulnerability VCID-e7xv-sdvz-g7e4
2
vulnerability VCID-eer8-apxc-2ue6
3
vulnerability VCID-r384-aque-vqcw
4
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-oxm@3.0.7.RELEASE
9
url pkg:maven/org.springframework/spring-oxm@3.1.0.RELEASE
purl pkg:maven/org.springframework/spring-oxm@3.1.0.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-asmf-3c71-gqcb
1
vulnerability VCID-e7xv-sdvz-g7e4
2
vulnerability VCID-eer8-apxc-2ue6
3
vulnerability VCID-r384-aque-vqcw
4
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-oxm@3.1.0.RELEASE
10
url pkg:maven/org.springframework/spring-oxm@3.1.1.RELEASE
purl pkg:maven/org.springframework/spring-oxm@3.1.1.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-asmf-3c71-gqcb
1
vulnerability VCID-e7xv-sdvz-g7e4
2
vulnerability VCID-eer8-apxc-2ue6
3
vulnerability VCID-r384-aque-vqcw
4
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-oxm@3.1.1.RELEASE
11
url pkg:maven/org.springframework/spring-oxm@3.1.2.RELEASE
purl pkg:maven/org.springframework/spring-oxm@3.1.2.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-asmf-3c71-gqcb
1
vulnerability VCID-e7xv-sdvz-g7e4
2
vulnerability VCID-eer8-apxc-2ue6
3
vulnerability VCID-r384-aque-vqcw
4
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-oxm@3.1.2.RELEASE
12
url pkg:maven/org.springframework/spring-oxm@3.1.3.RELEASE
purl pkg:maven/org.springframework/spring-oxm@3.1.3.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-asmf-3c71-gqcb
1
vulnerability VCID-e7xv-sdvz-g7e4
2
vulnerability VCID-eer8-apxc-2ue6
3
vulnerability VCID-r384-aque-vqcw
4
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-oxm@3.1.3.RELEASE
13
url pkg:maven/org.springframework/spring-oxm@3.1.4.RELEASE
purl pkg:maven/org.springframework/spring-oxm@3.1.4.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-asmf-3c71-gqcb
1
vulnerability VCID-e7xv-sdvz-g7e4
2
vulnerability VCID-eer8-apxc-2ue6
3
vulnerability VCID-r384-aque-vqcw
4
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-oxm@3.1.4.RELEASE
14
url pkg:maven/org.springframework/spring-oxm@3.2.0.RELEASE
purl pkg:maven/org.springframework/spring-oxm@3.2.0.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-asmf-3c71-gqcb
1
vulnerability VCID-e7xv-sdvz-g7e4
2
vulnerability VCID-eer8-apxc-2ue6
3
vulnerability VCID-r384-aque-vqcw
4
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-oxm@3.2.0.RELEASE
15
url pkg:maven/org.springframework/spring-oxm@3.2.1.RELEASE
purl pkg:maven/org.springframework/spring-oxm@3.2.1.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-asmf-3c71-gqcb
1
vulnerability VCID-e7xv-sdvz-g7e4
2
vulnerability VCID-eer8-apxc-2ue6
3
vulnerability VCID-r384-aque-vqcw
4
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-oxm@3.2.1.RELEASE
16
url pkg:maven/org.springframework/spring-oxm@3.2.2.RELEASE
purl pkg:maven/org.springframework/spring-oxm@3.2.2.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-e7xv-sdvz-g7e4
1
vulnerability VCID-eer8-apxc-2ue6
2
vulnerability VCID-r384-aque-vqcw
3
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-oxm@3.2.2.RELEASE
17
url pkg:maven/org.springframework/spring-oxm@3.2.3.RELEASE
purl pkg:maven/org.springframework/spring-oxm@3.2.3.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-e7xv-sdvz-g7e4
1
vulnerability VCID-eer8-apxc-2ue6
2
vulnerability VCID-r384-aque-vqcw
3
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-oxm@3.2.3.RELEASE
18
url pkg:maven/org.springframework/spring-oxm@4.0.0.RELEASE
purl pkg:maven/org.springframework/spring-oxm@4.0.0.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-e7xv-sdvz-g7e4
1
vulnerability VCID-r384-aque-vqcw
2
vulnerability VCID-y3uz-etva-sufh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-oxm@4.0.0.RELEASE
19
url pkg:rpm/redhat/activemq@5.9.0-4.redhat.610328?arch=el6op
purl pkg:rpm/redhat/activemq@5.9.0-4.redhat.610328?arch=el6op
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-423h-njb8-3uam
1
vulnerability VCID-5u1a-v9d1-rfac
2
vulnerability VCID-e7xv-sdvz-g7e4
3
vulnerability VCID-k4un-d8uk-ryhe
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/activemq@5.9.0-4.redhat.610328%3Farch=el6op
References
0
reference_url http://rhn.redhat.com/errata/RHSA-2014-0212.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0212.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-0245.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0245.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2014-0254.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0254.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2014-0400.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0400.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4152.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4152.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4152
reference_id
reference_type
scores
0
value 0.72323
scoring_system epss
scoring_elements 0.98758
published_at 2026-04-13T12:55:00Z
1
value 0.72323
scoring_system epss
scoring_elements 0.98761
published_at 2026-04-18T12:55:00Z
2
value 0.72323
scoring_system epss
scoring_elements 0.98746
published_at 2026-04-02T12:55:00Z
3
value 0.72323
scoring_system epss
scoring_elements 0.9875
published_at 2026-04-04T12:55:00Z
4
value 0.72323
scoring_system epss
scoring_elements 0.98753
published_at 2026-04-09T12:55:00Z
5
value 0.72323
scoring_system epss
scoring_elements 0.98754
published_at 2026-04-08T12:55:00Z
6
value 0.72323
scoring_system epss
scoring_elements 0.98756
published_at 2026-04-12T12:55:00Z
7
value 0.72323
scoring_system epss
scoring_elements 0.98762
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4152
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4152
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4152
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4152
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4152
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7315
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7315
9
reference_url http://seclists.org/bugtraq/2013/Aug/154
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/bugtraq/2013/Aug/154
10
reference_url http://seclists.org/fulldisclosure/2013/Nov/14
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2013/Nov/14
11
reference_url https://github.com/spring-projects/spring-framework/commit/434735fbf6e7f9051af2ef027657edb99120b173
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/434735fbf6e7f9051af2ef027657edb99120b173
12
reference_url https://github.com/spring-projects/spring-framework/commit/7576274874deeccb6da6b09a8d5bd62e8b5538b7
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/commit/7576274874deeccb6da6b09a8d5bd62e8b5538b7
13
reference_url https://github.com/spring-projects/spring-framework/pull/317/files
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-framework/pull/317/files
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4152
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4152
15
reference_url http://www.debian.org/security/2014/dsa-2842
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2014/dsa-2842
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1000186
reference_id 1000186
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1000186
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720902
reference_id 720902
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720902
18
reference_url http://www.gopivotal.com/security/cve-2013-4152
reference_id CVE-2013-4152
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.gopivotal.com/security/cve-2013-4152
19
reference_url https://github.com/advisories/GHSA-rp4p-g69r-438x
reference_id GHSA-rp4p-g69r-438x
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rp4p-g69r-438x
20
reference_url https://access.redhat.com/errata/RHSA-2014:0212
reference_id RHSA-2014:0212
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0212
21
reference_url https://access.redhat.com/errata/RHSA-2014:0245
reference_id RHSA-2014:0245
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0245
22
reference_url https://access.redhat.com/errata/RHSA-2014:0254
reference_id RHSA-2014:0254
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0254
23
reference_url https://access.redhat.com/errata/RHSA-2014:0400
reference_id RHSA-2014:0400
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0400
24
reference_url https://access.redhat.com/errata/RHSA-2014:0401
reference_id RHSA-2014:0401
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0401
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 264
name Permissions, Privileges, and Access Controls
description Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
3
cwe_id 352
name Cross-Site Request Forgery (CSRF)
description The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-e7xv-sdvz-g7e4