Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-36f9-wxda-x3c2
Summary
Laravel Hijacked authentication cookies vulnerability
Laravel 4.1.26 introduces security improvements for "remember me" cookies. Before this update, if a remember cookie was hijacked by another malicious user, the cookie would remain valid for a long period of time, even after the true owner of the account reset their password, logged out, etc.

This change requires the addition of a new remember_token column to your users (or equivalent) database table. After this change, a fresh token will be assigned to the user each time they login to your application. The token will also be refreshed when the user logs out of the application. The implications of this change are: if a "remember me" cookie is hijacked, simply logging out of the application will invalidate the cookie.
Aliases
0
alias GHSA-q4xf-7fw5-4x8v
Fixed_packages
0
url pkg:composer/illuminate/auth@4.1.26
purl pkg:composer/illuminate/auth@4.1.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eqzu-3cmt-2ube
1
vulnerability VCID-t45c-4zgs-r7es
2
vulnerability VCID-yuwm-88g2-jke5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.26
Affected_packages
0
url pkg:composer/illuminate/auth@4.0.0
purl pkg:composer/illuminate/auth@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36f9-wxda-x3c2
1
vulnerability VCID-5xz2-td65-nyau
2
vulnerability VCID-eqzu-3cmt-2ube
3
vulnerability VCID-t45c-4zgs-r7es
4
vulnerability VCID-yuwm-88g2-jke5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.0.0
1
url pkg:composer/illuminate/auth@4.0.1
purl pkg:composer/illuminate/auth@4.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36f9-wxda-x3c2
1
vulnerability VCID-5xz2-td65-nyau
2
vulnerability VCID-eqzu-3cmt-2ube
3
vulnerability VCID-t45c-4zgs-r7es
4
vulnerability VCID-yuwm-88g2-jke5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.0.1
2
url pkg:composer/illuminate/auth@4.0.2
purl pkg:composer/illuminate/auth@4.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36f9-wxda-x3c2
1
vulnerability VCID-5xz2-td65-nyau
2
vulnerability VCID-eqzu-3cmt-2ube
3
vulnerability VCID-t45c-4zgs-r7es
4
vulnerability VCID-yuwm-88g2-jke5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.0.2
3
url pkg:composer/illuminate/auth@4.0.3
purl pkg:composer/illuminate/auth@4.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36f9-wxda-x3c2
1
vulnerability VCID-5xz2-td65-nyau
2
vulnerability VCID-eqzu-3cmt-2ube
3
vulnerability VCID-t45c-4zgs-r7es
4
vulnerability VCID-yuwm-88g2-jke5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.0.3
4
url pkg:composer/illuminate/auth@4.0.4
purl pkg:composer/illuminate/auth@4.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36f9-wxda-x3c2
1
vulnerability VCID-5xz2-td65-nyau
2
vulnerability VCID-eqzu-3cmt-2ube
3
vulnerability VCID-t45c-4zgs-r7es
4
vulnerability VCID-yuwm-88g2-jke5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.0.4
5
url pkg:composer/illuminate/auth@4.0.5
purl pkg:composer/illuminate/auth@4.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36f9-wxda-x3c2
1
vulnerability VCID-5xz2-td65-nyau
2
vulnerability VCID-eqzu-3cmt-2ube
3
vulnerability VCID-t45c-4zgs-r7es
4
vulnerability VCID-yuwm-88g2-jke5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.0.5
6
url pkg:composer/illuminate/auth@4.0.6
purl pkg:composer/illuminate/auth@4.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36f9-wxda-x3c2
1
vulnerability VCID-5xz2-td65-nyau
2
vulnerability VCID-eqzu-3cmt-2ube
3
vulnerability VCID-t45c-4zgs-r7es
4
vulnerability VCID-yuwm-88g2-jke5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.0.6
7
url pkg:composer/illuminate/auth@4.0.7
purl pkg:composer/illuminate/auth@4.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36f9-wxda-x3c2
1
vulnerability VCID-5xz2-td65-nyau
2
vulnerability VCID-eqzu-3cmt-2ube
3
vulnerability VCID-t45c-4zgs-r7es
4
vulnerability VCID-yuwm-88g2-jke5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.0.7
8
url pkg:composer/illuminate/auth@4.0.8
purl pkg:composer/illuminate/auth@4.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36f9-wxda-x3c2
1
vulnerability VCID-5xz2-td65-nyau
2
vulnerability VCID-eqzu-3cmt-2ube
3
vulnerability VCID-t45c-4zgs-r7es
4
vulnerability VCID-yuwm-88g2-jke5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.0.8
9
url pkg:composer/illuminate/auth@4.0.9
purl pkg:composer/illuminate/auth@4.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36f9-wxda-x3c2
1
vulnerability VCID-5xz2-td65-nyau
2
vulnerability VCID-eqzu-3cmt-2ube
3
vulnerability VCID-t45c-4zgs-r7es
4
vulnerability VCID-yuwm-88g2-jke5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.0.9
10
url pkg:composer/illuminate/auth@4.0.10
purl pkg:composer/illuminate/auth@4.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36f9-wxda-x3c2
1
vulnerability VCID-5xz2-td65-nyau
2
vulnerability VCID-eqzu-3cmt-2ube
3
vulnerability VCID-t45c-4zgs-r7es
4
vulnerability VCID-yuwm-88g2-jke5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.0.10
11
url pkg:composer/illuminate/auth@4.1.0
purl pkg:composer/illuminate/auth@4.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36f9-wxda-x3c2
1
vulnerability VCID-5xz2-td65-nyau
2
vulnerability VCID-eqzu-3cmt-2ube
3
vulnerability VCID-t45c-4zgs-r7es
4
vulnerability VCID-yuwm-88g2-jke5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.0
12
url pkg:composer/illuminate/auth@4.1.1
purl pkg:composer/illuminate/auth@4.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36f9-wxda-x3c2
1
vulnerability VCID-5xz2-td65-nyau
2
vulnerability VCID-eqzu-3cmt-2ube
3
vulnerability VCID-t45c-4zgs-r7es
4
vulnerability VCID-yuwm-88g2-jke5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.1
13
url pkg:composer/illuminate/auth@4.1.2
purl pkg:composer/illuminate/auth@4.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36f9-wxda-x3c2
1
vulnerability VCID-5xz2-td65-nyau
2
vulnerability VCID-eqzu-3cmt-2ube
3
vulnerability VCID-t45c-4zgs-r7es
4
vulnerability VCID-yuwm-88g2-jke5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.2
14
url pkg:composer/illuminate/auth@4.1.3
purl pkg:composer/illuminate/auth@4.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36f9-wxda-x3c2
1
vulnerability VCID-5xz2-td65-nyau
2
vulnerability VCID-eqzu-3cmt-2ube
3
vulnerability VCID-t45c-4zgs-r7es
4
vulnerability VCID-yuwm-88g2-jke5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.3
15
url pkg:composer/illuminate/auth@4.1.4
purl pkg:composer/illuminate/auth@4.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36f9-wxda-x3c2
1
vulnerability VCID-5xz2-td65-nyau
2
vulnerability VCID-eqzu-3cmt-2ube
3
vulnerability VCID-t45c-4zgs-r7es
4
vulnerability VCID-yuwm-88g2-jke5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.4
16
url pkg:composer/illuminate/auth@4.1.5
purl pkg:composer/illuminate/auth@4.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36f9-wxda-x3c2
1
vulnerability VCID-5xz2-td65-nyau
2
vulnerability VCID-eqzu-3cmt-2ube
3
vulnerability VCID-t45c-4zgs-r7es
4
vulnerability VCID-yuwm-88g2-jke5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.5
17
url pkg:composer/illuminate/auth@4.1.6
purl pkg:composer/illuminate/auth@4.1.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36f9-wxda-x3c2
1
vulnerability VCID-5xz2-td65-nyau
2
vulnerability VCID-eqzu-3cmt-2ube
3
vulnerability VCID-t45c-4zgs-r7es
4
vulnerability VCID-yuwm-88g2-jke5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.6
18
url pkg:composer/illuminate/auth@4.1.7
purl pkg:composer/illuminate/auth@4.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36f9-wxda-x3c2
1
vulnerability VCID-5xz2-td65-nyau
2
vulnerability VCID-eqzu-3cmt-2ube
3
vulnerability VCID-t45c-4zgs-r7es
4
vulnerability VCID-yuwm-88g2-jke5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.7
19
url pkg:composer/illuminate/auth@4.1.8
purl pkg:composer/illuminate/auth@4.1.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36f9-wxda-x3c2
1
vulnerability VCID-5xz2-td65-nyau
2
vulnerability VCID-eqzu-3cmt-2ube
3
vulnerability VCID-t45c-4zgs-r7es
4
vulnerability VCID-yuwm-88g2-jke5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.8
20
url pkg:composer/illuminate/auth@4.1.9
purl pkg:composer/illuminate/auth@4.1.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36f9-wxda-x3c2
1
vulnerability VCID-5xz2-td65-nyau
2
vulnerability VCID-eqzu-3cmt-2ube
3
vulnerability VCID-t45c-4zgs-r7es
4
vulnerability VCID-yuwm-88g2-jke5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.9
21
url pkg:composer/illuminate/auth@4.1.10
purl pkg:composer/illuminate/auth@4.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36f9-wxda-x3c2
1
vulnerability VCID-5xz2-td65-nyau
2
vulnerability VCID-eqzu-3cmt-2ube
3
vulnerability VCID-t45c-4zgs-r7es
4
vulnerability VCID-yuwm-88g2-jke5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.10
22
url pkg:composer/illuminate/auth@4.1.11
purl pkg:composer/illuminate/auth@4.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36f9-wxda-x3c2
1
vulnerability VCID-5xz2-td65-nyau
2
vulnerability VCID-eqzu-3cmt-2ube
3
vulnerability VCID-t45c-4zgs-r7es
4
vulnerability VCID-yuwm-88g2-jke5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.11
23
url pkg:composer/illuminate/auth@4.1.12
purl pkg:composer/illuminate/auth@4.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36f9-wxda-x3c2
1
vulnerability VCID-5xz2-td65-nyau
2
vulnerability VCID-eqzu-3cmt-2ube
3
vulnerability VCID-t45c-4zgs-r7es
4
vulnerability VCID-yuwm-88g2-jke5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.12
24
url pkg:composer/illuminate/auth@4.1.13
purl pkg:composer/illuminate/auth@4.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36f9-wxda-x3c2
1
vulnerability VCID-5xz2-td65-nyau
2
vulnerability VCID-eqzu-3cmt-2ube
3
vulnerability VCID-t45c-4zgs-r7es
4
vulnerability VCID-yuwm-88g2-jke5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.13
25
url pkg:composer/illuminate/auth@4.1.14
purl pkg:composer/illuminate/auth@4.1.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36f9-wxda-x3c2
1
vulnerability VCID-5xz2-td65-nyau
2
vulnerability VCID-eqzu-3cmt-2ube
3
vulnerability VCID-t45c-4zgs-r7es
4
vulnerability VCID-yuwm-88g2-jke5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.14
26
url pkg:composer/illuminate/auth@4.1.15
purl pkg:composer/illuminate/auth@4.1.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36f9-wxda-x3c2
1
vulnerability VCID-5xz2-td65-nyau
2
vulnerability VCID-eqzu-3cmt-2ube
3
vulnerability VCID-t45c-4zgs-r7es
4
vulnerability VCID-yuwm-88g2-jke5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.15
27
url pkg:composer/illuminate/auth@4.1.16
purl pkg:composer/illuminate/auth@4.1.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36f9-wxda-x3c2
1
vulnerability VCID-5xz2-td65-nyau
2
vulnerability VCID-eqzu-3cmt-2ube
3
vulnerability VCID-t45c-4zgs-r7es
4
vulnerability VCID-yuwm-88g2-jke5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.16
28
url pkg:composer/illuminate/auth@4.1.17
purl pkg:composer/illuminate/auth@4.1.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36f9-wxda-x3c2
1
vulnerability VCID-5xz2-td65-nyau
2
vulnerability VCID-eqzu-3cmt-2ube
3
vulnerability VCID-t45c-4zgs-r7es
4
vulnerability VCID-yuwm-88g2-jke5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.17
29
url pkg:composer/illuminate/auth@4.1.18
purl pkg:composer/illuminate/auth@4.1.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36f9-wxda-x3c2
1
vulnerability VCID-5xz2-td65-nyau
2
vulnerability VCID-eqzu-3cmt-2ube
3
vulnerability VCID-t45c-4zgs-r7es
4
vulnerability VCID-yuwm-88g2-jke5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.18
30
url pkg:composer/illuminate/auth@4.1.19
purl pkg:composer/illuminate/auth@4.1.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36f9-wxda-x3c2
1
vulnerability VCID-5xz2-td65-nyau
2
vulnerability VCID-eqzu-3cmt-2ube
3
vulnerability VCID-t45c-4zgs-r7es
4
vulnerability VCID-yuwm-88g2-jke5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.19
31
url pkg:composer/illuminate/auth@4.1.20
purl pkg:composer/illuminate/auth@4.1.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36f9-wxda-x3c2
1
vulnerability VCID-5xz2-td65-nyau
2
vulnerability VCID-eqzu-3cmt-2ube
3
vulnerability VCID-t45c-4zgs-r7es
4
vulnerability VCID-yuwm-88g2-jke5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.20
32
url pkg:composer/illuminate/auth@4.1.21
purl pkg:composer/illuminate/auth@4.1.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36f9-wxda-x3c2
1
vulnerability VCID-5xz2-td65-nyau
2
vulnerability VCID-eqzu-3cmt-2ube
3
vulnerability VCID-t45c-4zgs-r7es
4
vulnerability VCID-yuwm-88g2-jke5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.21
33
url pkg:composer/illuminate/auth@4.1.22
purl pkg:composer/illuminate/auth@4.1.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36f9-wxda-x3c2
1
vulnerability VCID-5xz2-td65-nyau
2
vulnerability VCID-eqzu-3cmt-2ube
3
vulnerability VCID-t45c-4zgs-r7es
4
vulnerability VCID-yuwm-88g2-jke5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.22
34
url pkg:composer/illuminate/auth@4.1.23
purl pkg:composer/illuminate/auth@4.1.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36f9-wxda-x3c2
1
vulnerability VCID-5xz2-td65-nyau
2
vulnerability VCID-eqzu-3cmt-2ube
3
vulnerability VCID-t45c-4zgs-r7es
4
vulnerability VCID-yuwm-88g2-jke5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.23
35
url pkg:composer/illuminate/auth@4.1.24
purl pkg:composer/illuminate/auth@4.1.24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36f9-wxda-x3c2
1
vulnerability VCID-5xz2-td65-nyau
2
vulnerability VCID-eqzu-3cmt-2ube
3
vulnerability VCID-t45c-4zgs-r7es
4
vulnerability VCID-yuwm-88g2-jke5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.24
36
url pkg:composer/illuminate/auth@4.1.25
purl pkg:composer/illuminate/auth@4.1.25
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36f9-wxda-x3c2
1
vulnerability VCID-5xz2-td65-nyau
2
vulnerability VCID-eqzu-3cmt-2ube
3
vulnerability VCID-t45c-4zgs-r7es
4
vulnerability VCID-yuwm-88g2-jke5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/auth@4.1.25
References
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/illuminate/auth/2014-04-15.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/illuminate/auth/2014-04-15.yaml
1
reference_url https://github.com/illuminate/auth
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/illuminate/auth
2
reference_url https://laravel.com/docs/5.1/upgrade#upgrade-4.1.26
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://laravel.com/docs/5.1/upgrade#upgrade-4.1.26
3
reference_url https://github.com/advisories/GHSA-q4xf-7fw5-4x8v
reference_id GHSA-q4xf-7fw5-4x8v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q4xf-7fw5-4x8v
Weaknesses
0
cwe_id 384
name Session Fixation
description Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-36f9-wxda-x3c2