Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-9jzm-m7bx-akdg
Summary
etcd vulnerable to TOCTOU of gateway endpoint authentication
### Vulnerability type
Authentication

### Workarounds
Refer to the [gateway documentation](https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/gateway.md). The vulnerability was spotted due to unclear documentation of how the gateway handles endpoints validation. 

### Detail
The gateway only authenticates endpoints detected from DNS SRV records, and it only authenticates the detected endpoints once. Therefore, if an endpoint changes its authentication settings, the gateway will continue to assume the endpoint is still authenticated. The auditors has noted that appropriate documentation of this validation functionality plus deprecation of this misleading functionality is an acceptable path forward.

### References
Find out more on this vulnerability in the [security audit report](https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf)

### For more information
If you have any questions or comments about this advisory:
* Contact the [etcd security committee](https://github.com/etcd-io/etcd/blob/master/security/security-release-process.md#product-security-committee-psc)
Aliases
0
alias GHSA-h8g9-6gvh-5mrc
Fixed_packages
0
url pkg:golang/go.etcd.io/etcd/v3@3.3.23
purl pkg:golang/go.etcd.io/etcd/v3@3.3.23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/go.etcd.io/etcd/v3@3.3.23
1
url pkg:golang/go.etcd.io/etcd/v3@3.4.10
purl pkg:golang/go.etcd.io/etcd/v3@3.4.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/go.etcd.io/etcd/v3@3.4.10
Affected_packages
References
0
reference_url https://github.com/etcd-io/etcd
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/etcd-io/etcd
1
reference_url https://github.com/etcd-io/etcd/security/advisories/GHSA-h8g9-6gvh-5mrc
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/etcd-io/etcd/security/advisories/GHSA-h8g9-6gvh-5mrc
Weaknesses
0
cwe_id 367
name Time-of-check Time-of-use (TOCTOU) Race Condition
description The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.
Exploits
Severity_range_score0.1 - 3
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-9jzm-m7bx-akdg