Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-kkjc-yykt-t3f3
Summary
Denial of Service due to parser crash
## Withdrawn

This advisory has been withdrawn because it has been found to be a duplicate. Please see the issue [here](https://github.com/x-stream/xstream/issues/304#issuecomment-1293654236) for more information.

## Original Despcription 

Those using FasterXML/woodstox to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

This vulnerability is only relevant for users making use of the DTD parsing functionality.
Aliases
0
alias CVE-2022-40153
1
alias GHSA-fv22-xp26-mm9w
Fixed_packages
0
url pkg:maven/com.fasterxml.woodstox/woodstox-core@5.4.0
purl pkg:maven/com.fasterxml.woodstox/woodstox-core@5.4.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.woodstox/woodstox-core@5.4.0
1
url pkg:maven/com.fasterxml.woodstox/woodstox-core@6.4.0
purl pkg:maven/com.fasterxml.woodstox/woodstox-core@6.4.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.woodstox/woodstox-core@6.4.0
Affected_packages
0
url pkg:maven/com.fasterxml.woodstox/woodstox-core@6.0.0
purl pkg:maven/com.fasterxml.woodstox/woodstox-core@6.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xyr-vr5v-tbea
1
vulnerability VCID-9kde-ya39-8bee
2
vulnerability VCID-hqzr-vc5w-9ff5
3
vulnerability VCID-kkjc-yykt-t3f3
4
vulnerability VCID-zcks-qd7r-vkd9
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.woodstox/woodstox-core@6.0.0
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40153.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40153.json
1
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49858
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49858
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/FasterXML/woodstox
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/woodstox
4
reference_url https://github.com/FasterXML/woodstox/issues/157
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/woodstox/issues/157
5
reference_url https://github.com/FasterXML/woodstox/issues/160
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/woodstox/issues/160
6
reference_url https://github.com/FasterXML/woodstox/pull/159
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/woodstox/pull/159
7
reference_url https://github.com/x-stream/xstream/issues/304
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/x-stream/xstream/issues/304
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-40153
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-40153
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2134290
reference_id 2134290
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2134290
10
reference_url https://github.com/advisories/GHSA-fv22-xp26-mm9w
reference_id GHSA-fv22-xp26-mm9w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fv22-xp26-mm9w
11
reference_url https://access.redhat.com/errata/RHSA-2023:0469
reference_id RHSA-2023:0469
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0469
Weaknesses
0
cwe_id 787
name Out-of-bounds Write
description The product writes data past the end, or before the beginning, of the intended buffer.
1
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score5.9 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-kkjc-yykt-t3f3