Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-29ev-vnzj-bfe5

Summary

Laravel Cookie serialization vulnerability
Laravel 5.6.30 is a security release of Laravel and is recommended as an immediate upgrade for all users. Laravel 5.6.30 also contains a breaking change to cookie encryption and serialization logic. Refer to [laravel advisory](https://laravel.com/docs/5.6/upgrade#upgrade-5.6.30) for more details and read the notes carefully when upgrading your application.

Aliases

alias	GHSA-2867-6rrm-38gr

Fixed_packages

url pkg:composer/illuminate/cookie@5.6.30

purl pkg:composer/illuminate/cookie@5.6.30

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9rpm-c9n3-77d3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.6.30

Affected_packages

url pkg:composer/illuminate/cookie@5.5.0

purl pkg:composer/illuminate/cookie@5.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.5.0

url pkg:composer/illuminate/cookie@5.5.2

purl pkg:composer/illuminate/cookie@5.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.5.2

url pkg:composer/illuminate/cookie@5.5.16

purl pkg:composer/illuminate/cookie@5.5.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.5.16

url pkg:composer/illuminate/cookie@5.5.17

purl pkg:composer/illuminate/cookie@5.5.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.5.17

url pkg:composer/illuminate/cookie@5.5.28

purl pkg:composer/illuminate/cookie@5.5.28

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.5.28

url pkg:composer/illuminate/cookie@5.5.33

purl pkg:composer/illuminate/cookie@5.5.33

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.5.33

url pkg:composer/illuminate/cookie@5.5.34

purl pkg:composer/illuminate/cookie@5.5.34

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.5.34

url pkg:composer/illuminate/cookie@5.5.35

purl pkg:composer/illuminate/cookie@5.5.35

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.5.35

url pkg:composer/illuminate/cookie@5.5.36

purl pkg:composer/illuminate/cookie@5.5.36

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.5.36

url pkg:composer/illuminate/cookie@5.5.37

purl pkg:composer/illuminate/cookie@5.5.37

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.5.37

url pkg:composer/illuminate/cookie@5.5.39

purl pkg:composer/illuminate/cookie@5.5.39

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.5.39

url pkg:composer/illuminate/cookie@5.5.40

purl pkg:composer/illuminate/cookie@5.5.40

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.5.40

url pkg:composer/illuminate/cookie@5.5.41

purl pkg:composer/illuminate/cookie@5.5.41

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.5.41

url pkg:composer/illuminate/cookie@5.5.43

purl pkg:composer/illuminate/cookie@5.5.43

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.5.43

url pkg:composer/illuminate/cookie@5.5.44

purl pkg:composer/illuminate/cookie@5.5.44

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.5.44

url pkg:composer/illuminate/cookie@5.6.0

purl pkg:composer/illuminate/cookie@5.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.6.0

url pkg:composer/illuminate/cookie@5.6.1

purl pkg:composer/illuminate/cookie@5.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.6.1

url pkg:composer/illuminate/cookie@5.6.2

purl pkg:composer/illuminate/cookie@5.6.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.6.2

url pkg:composer/illuminate/cookie@5.6.3

purl pkg:composer/illuminate/cookie@5.6.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.6.3

url pkg:composer/illuminate/cookie@5.6.4

purl pkg:composer/illuminate/cookie@5.6.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.6.4

url pkg:composer/illuminate/cookie@5.6.5

purl pkg:composer/illuminate/cookie@5.6.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.6.5

url pkg:composer/illuminate/cookie@5.6.6

purl pkg:composer/illuminate/cookie@5.6.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.6.6

url pkg:composer/illuminate/cookie@5.6.7

purl pkg:composer/illuminate/cookie@5.6.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.6.7

url pkg:composer/illuminate/cookie@5.6.8

purl pkg:composer/illuminate/cookie@5.6.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.6.8

url pkg:composer/illuminate/cookie@5.6.9

purl pkg:composer/illuminate/cookie@5.6.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.6.9

url pkg:composer/illuminate/cookie@5.6.10

purl pkg:composer/illuminate/cookie@5.6.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.6.10

url pkg:composer/illuminate/cookie@5.6.11

purl pkg:composer/illuminate/cookie@5.6.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.6.11

url pkg:composer/illuminate/cookie@5.6.12

purl pkg:composer/illuminate/cookie@5.6.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.6.12

url pkg:composer/illuminate/cookie@5.6.13

purl pkg:composer/illuminate/cookie@5.6.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.6.13

url pkg:composer/illuminate/cookie@5.6.14

purl pkg:composer/illuminate/cookie@5.6.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.6.14

url pkg:composer/illuminate/cookie@5.6.15

purl pkg:composer/illuminate/cookie@5.6.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.6.15

url pkg:composer/illuminate/cookie@5.6.16

purl pkg:composer/illuminate/cookie@5.6.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.6.16

url pkg:composer/illuminate/cookie@5.6.17

purl pkg:composer/illuminate/cookie@5.6.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.6.17

url pkg:composer/illuminate/cookie@5.6.19

purl pkg:composer/illuminate/cookie@5.6.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.6.19

url pkg:composer/illuminate/cookie@5.6.20

purl pkg:composer/illuminate/cookie@5.6.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.6.20

url pkg:composer/illuminate/cookie@5.6.21

purl pkg:composer/illuminate/cookie@5.6.21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.6.21

url pkg:composer/illuminate/cookie@5.6.22

purl pkg:composer/illuminate/cookie@5.6.22

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.6.22

url pkg:composer/illuminate/cookie@5.6.23

purl pkg:composer/illuminate/cookie@5.6.23

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.6.23

url pkg:composer/illuminate/cookie@5.6.24

purl pkg:composer/illuminate/cookie@5.6.24

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.6.24

url pkg:composer/illuminate/cookie@5.6.25

purl pkg:composer/illuminate/cookie@5.6.25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.6.25

url pkg:composer/illuminate/cookie@5.6.26

purl pkg:composer/illuminate/cookie@5.6.26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.6.26

url pkg:composer/illuminate/cookie@5.6.27

purl pkg:composer/illuminate/cookie@5.6.27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.6.27

url pkg:composer/illuminate/cookie@5.6.28

purl pkg:composer/illuminate/cookie@5.6.28

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.6.28

url pkg:composer/illuminate/cookie@5.6.29

purl pkg:composer/illuminate/cookie@5.6.29

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-29ev-vnzj-bfe5

vulnerability	VCID-9rpm-c9n3-77d3

vulnerability	VCID-s2uq-yyre-ubh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/illuminate/cookie@5.6.29

References

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/illuminate/cookie/2018-08-08-1.yaml

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/illuminate/cookie/2018-08-08-1.yaml

reference_url

https://github.com/illuminate/cookie

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/illuminate/cookie

reference_url

https://laravel.com/docs/5.6/upgrade#upgrade-5.6.30

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://laravel.com/docs/5.6/upgrade#upgrade-5.6.30

reference_url

https://github.com/advisories/GHSA-2867-6rrm-38gr

reference_id

GHSA-2867-6rrm-38gr

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2867-6rrm-38gr

Weaknesses

cwe_id	502
name	Deserialization of Untrusted Data
description	The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-29ev-vnzj-bfe5

Vulnerability Instance