Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-vv32-p75k-qfc6
Summary
Denial of service in Grafana
The snapshot feature in Grafana before 7.4.2 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.
### Specific Go Packages Affected
github.com/grafana/grafana/pkg/middleware
Aliases
0
alias CVE-2021-27358
1
alias GHSA-h5rh-w6vm-9ghc
Fixed_packages
Affected_packages
0
url pkg:rpm/redhat/grafana@7.5.9-4?arch=el8
purl pkg:rpm/redhat/grafana@7.5.9-4?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-35du-rm88-k7bw
1
vulnerability VCID-7ahs-f1qh-g7an
2
vulnerability VCID-ayxa-s9j4-k7hd
3
vulnerability VCID-vv32-p75k-qfc6
4
vulnerability VCID-z1ct-cecz-mqer
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/grafana@7.5.9-4%3Farch=el8
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27358.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27358.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27358
reference_id
reference_type
scores
0
value 0.87429
scoring_system epss
scoring_elements 0.99462
published_at 2026-04-21T12:55:00Z
1
value 0.87429
scoring_system epss
scoring_elements 0.99457
published_at 2026-04-11T12:55:00Z
2
value 0.87429
scoring_system epss
scoring_elements 0.99461
published_at 2026-04-18T12:55:00Z
3
value 0.87429
scoring_system epss
scoring_elements 0.99458
published_at 2026-04-13T12:55:00Z
4
value 0.87429
scoring_system epss
scoring_elements 0.99451
published_at 2026-04-02T12:55:00Z
5
value 0.87429
scoring_system epss
scoring_elements 0.99452
published_at 2026-04-04T12:55:00Z
6
value 0.87429
scoring_system epss
scoring_elements 0.99454
published_at 2026-04-07T12:55:00Z
7
value 0.87429
scoring_system epss
scoring_elements 0.99455
published_at 2026-04-08T12:55:00Z
8
value 0.87429
scoring_system epss
scoring_elements 0.99456
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27358
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/grafana/grafana/blob/master/CHANGELOG.md
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:R
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grafana/grafana/blob/master/CHANGELOG.md
4
reference_url https://github.com/grafana/grafana/blob/master/CHANGELOG.md#742-2021-02-17
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:R
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grafana/grafana/blob/master/CHANGELOG.md#742-2021-02-17
5
reference_url https://github.com/grafana/grafana/pull/31263
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:R
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grafana/grafana/pull/31263
6
reference_url https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-2
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:R
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-2
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27358
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:R
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27358
8
reference_url https://security.netapp.com/advisory/ntap-20210513-0007
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:R
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210513-0007
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1941024
reference_id 1941024
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1941024
10
reference_url https://access.redhat.com/errata/RHSA-2021:4226
reference_id RHSA-2021:4226
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4226
Weaknesses
0
cwe_id 306
name Missing Authentication for Critical Function
description The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
1
cwe_id 400
name Uncontrolled Resource Consumption
description The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
2
cwe_id 770
name Allocation of Resources Without Limits or Throttling
description The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
Exploits
Severity_range_score4.0 - 8.2
Exploitability2.0
Weighted_severity7.4
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-vv32-p75k-qfc6