Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-j3sv-ccme-rbdn
Summary
SimpleSAMLphp Link Injection vulnerability
The following scripts were not checking the URLs obtained via the HTTP request before displaying them as the target of links that the user may click on:

- www/logout.php
- modules/core/www/no_cookie.php
The issue allowed attackers to display links targeting a malicious website inside a trusted site running SimpleSAMLphp, due to the lack of security checks involving the link_href and retryURL HTTP parameters, respectively. The issue was resolved by including a verification of the URLs received in the request against a white list of websites specified in the trusted.url.domains configuration option.
Aliases
0
alias GHSA-v858-922f-fj9v
Fixed_packages
0
url pkg:composer/simplesamlphp/simplesamlphp@1.14.4
purl pkg:composer/simplesamlphp/simplesamlphp@1.14.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4gux-4jrc-w7ce
1
vulnerability VCID-6fwf-1xps-t7g5
2
vulnerability VCID-96db-3jav-tkay
3
vulnerability VCID-b3fn-bnh5-qyg4
4
vulnerability VCID-cmqz-hp34-8kcx
5
vulnerability VCID-d1cm-xhdp-8qhv
6
vulnerability VCID-d1d1-jng1-4fe6
7
vulnerability VCID-dgs2-3xbu-c3ff
8
vulnerability VCID-dvwj-zd42-nbhe
9
vulnerability VCID-gwtm-bdae-3ufj
10
vulnerability VCID-hhq1-kxga-87ea
11
vulnerability VCID-k5d6-k216-8ub8
12
vulnerability VCID-mfwu-mfhq-fkh8
13
vulnerability VCID-pskx-9d46-bfdt
14
vulnerability VCID-ugw3-xgan-k3fm
15
vulnerability VCID-va8h-3qxg-uqh2
16
vulnerability VCID-yn8q-d76k-q3h2
17
vulnerability VCID-ywuy-my3f-x7cd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.14.4
Affected_packages
0
url pkg:composer/simplesamlphp/simplesamlphp@1.12.0
purl pkg:composer/simplesamlphp/simplesamlphp@1.12.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2etk-v7gt-pqhn
1
vulnerability VCID-3d8m-wtww-2yah
2
vulnerability VCID-4gux-4jrc-w7ce
3
vulnerability VCID-6fwf-1xps-t7g5
4
vulnerability VCID-96db-3jav-tkay
5
vulnerability VCID-b3fn-bnh5-qyg4
6
vulnerability VCID-cmqz-hp34-8kcx
7
vulnerability VCID-d1cm-xhdp-8qhv
8
vulnerability VCID-d1d1-jng1-4fe6
9
vulnerability VCID-dgs2-3xbu-c3ff
10
vulnerability VCID-dvwj-zd42-nbhe
11
vulnerability VCID-gwtm-bdae-3ufj
12
vulnerability VCID-hhq1-kxga-87ea
13
vulnerability VCID-j3sv-ccme-rbdn
14
vulnerability VCID-jv7n-m3cf-jfex
15
vulnerability VCID-mfwu-mfhq-fkh8
16
vulnerability VCID-pskx-9d46-bfdt
17
vulnerability VCID-ugw3-xgan-k3fm
18
vulnerability VCID-va8h-3qxg-uqh2
19
vulnerability VCID-yn8q-d76k-q3h2
20
vulnerability VCID-ywuy-my3f-x7cd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.12.0
1
url pkg:composer/simplesamlphp/simplesamlphp@1.13.0-rc1
purl pkg:composer/simplesamlphp/simplesamlphp@1.13.0-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2etk-v7gt-pqhn
1
vulnerability VCID-3d8m-wtww-2yah
2
vulnerability VCID-4gux-4jrc-w7ce
3
vulnerability VCID-6fwf-1xps-t7g5
4
vulnerability VCID-96db-3jav-tkay
5
vulnerability VCID-b3fn-bnh5-qyg4
6
vulnerability VCID-cmqz-hp34-8kcx
7
vulnerability VCID-d1cm-xhdp-8qhv
8
vulnerability VCID-d1d1-jng1-4fe6
9
vulnerability VCID-dgs2-3xbu-c3ff
10
vulnerability VCID-dvwj-zd42-nbhe
11
vulnerability VCID-gwtm-bdae-3ufj
12
vulnerability VCID-hhq1-kxga-87ea
13
vulnerability VCID-j3sv-ccme-rbdn
14
vulnerability VCID-jv7n-m3cf-jfex
15
vulnerability VCID-mfwu-mfhq-fkh8
16
vulnerability VCID-pskx-9d46-bfdt
17
vulnerability VCID-ugw3-xgan-k3fm
18
vulnerability VCID-va8h-3qxg-uqh2
19
vulnerability VCID-yn8q-d76k-q3h2
20
vulnerability VCID-ywuy-my3f-x7cd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.13.0-rc1
2
url pkg:composer/simplesamlphp/simplesamlphp@1.13.0-rc2
purl pkg:composer/simplesamlphp/simplesamlphp@1.13.0-rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2etk-v7gt-pqhn
1
vulnerability VCID-3d8m-wtww-2yah
2
vulnerability VCID-4gux-4jrc-w7ce
3
vulnerability VCID-6fwf-1xps-t7g5
4
vulnerability VCID-96db-3jav-tkay
5
vulnerability VCID-b3fn-bnh5-qyg4
6
vulnerability VCID-cmqz-hp34-8kcx
7
vulnerability VCID-d1cm-xhdp-8qhv
8
vulnerability VCID-d1d1-jng1-4fe6
9
vulnerability VCID-dgs2-3xbu-c3ff
10
vulnerability VCID-dvwj-zd42-nbhe
11
vulnerability VCID-gwtm-bdae-3ufj
12
vulnerability VCID-hhq1-kxga-87ea
13
vulnerability VCID-j3sv-ccme-rbdn
14
vulnerability VCID-jv7n-m3cf-jfex
15
vulnerability VCID-mfwu-mfhq-fkh8
16
vulnerability VCID-pskx-9d46-bfdt
17
vulnerability VCID-ugw3-xgan-k3fm
18
vulnerability VCID-va8h-3qxg-uqh2
19
vulnerability VCID-yn8q-d76k-q3h2
20
vulnerability VCID-ywuy-my3f-x7cd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.13.0-rc2
3
url pkg:composer/simplesamlphp/simplesamlphp@1.13.0
purl pkg:composer/simplesamlphp/simplesamlphp@1.13.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2etk-v7gt-pqhn
1
vulnerability VCID-3d8m-wtww-2yah
2
vulnerability VCID-4gux-4jrc-w7ce
3
vulnerability VCID-6fwf-1xps-t7g5
4
vulnerability VCID-96db-3jav-tkay
5
vulnerability VCID-b3fn-bnh5-qyg4
6
vulnerability VCID-cmqz-hp34-8kcx
7
vulnerability VCID-d1cm-xhdp-8qhv
8
vulnerability VCID-d1d1-jng1-4fe6
9
vulnerability VCID-dgs2-3xbu-c3ff
10
vulnerability VCID-dvwj-zd42-nbhe
11
vulnerability VCID-gwtm-bdae-3ufj
12
vulnerability VCID-hhq1-kxga-87ea
13
vulnerability VCID-j3sv-ccme-rbdn
14
vulnerability VCID-jv7n-m3cf-jfex
15
vulnerability VCID-mfwu-mfhq-fkh8
16
vulnerability VCID-pskx-9d46-bfdt
17
vulnerability VCID-ugw3-xgan-k3fm
18
vulnerability VCID-va8h-3qxg-uqh2
19
vulnerability VCID-yn8q-d76k-q3h2
20
vulnerability VCID-ywuy-my3f-x7cd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.13.0
4
url pkg:composer/simplesamlphp/simplesamlphp@1.13.1
purl pkg:composer/simplesamlphp/simplesamlphp@1.13.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2etk-v7gt-pqhn
1
vulnerability VCID-3d8m-wtww-2yah
2
vulnerability VCID-4gux-4jrc-w7ce
3
vulnerability VCID-6fwf-1xps-t7g5
4
vulnerability VCID-96db-3jav-tkay
5
vulnerability VCID-b3fn-bnh5-qyg4
6
vulnerability VCID-cmqz-hp34-8kcx
7
vulnerability VCID-d1cm-xhdp-8qhv
8
vulnerability VCID-d1d1-jng1-4fe6
9
vulnerability VCID-dgs2-3xbu-c3ff
10
vulnerability VCID-dvwj-zd42-nbhe
11
vulnerability VCID-gwtm-bdae-3ufj
12
vulnerability VCID-hhq1-kxga-87ea
13
vulnerability VCID-j3sv-ccme-rbdn
14
vulnerability VCID-jv7n-m3cf-jfex
15
vulnerability VCID-mfwu-mfhq-fkh8
16
vulnerability VCID-pskx-9d46-bfdt
17
vulnerability VCID-ugw3-xgan-k3fm
18
vulnerability VCID-va8h-3qxg-uqh2
19
vulnerability VCID-yn8q-d76k-q3h2
20
vulnerability VCID-ywuy-my3f-x7cd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.13.1
5
url pkg:composer/simplesamlphp/simplesamlphp@1.13.2
purl pkg:composer/simplesamlphp/simplesamlphp@1.13.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2etk-v7gt-pqhn
1
vulnerability VCID-3d8m-wtww-2yah
2
vulnerability VCID-4gux-4jrc-w7ce
3
vulnerability VCID-6fwf-1xps-t7g5
4
vulnerability VCID-96db-3jav-tkay
5
vulnerability VCID-b3fn-bnh5-qyg4
6
vulnerability VCID-cmqz-hp34-8kcx
7
vulnerability VCID-d1cm-xhdp-8qhv
8
vulnerability VCID-d1d1-jng1-4fe6
9
vulnerability VCID-dgs2-3xbu-c3ff
10
vulnerability VCID-dvwj-zd42-nbhe
11
vulnerability VCID-gwtm-bdae-3ufj
12
vulnerability VCID-hhq1-kxga-87ea
13
vulnerability VCID-j3sv-ccme-rbdn
14
vulnerability VCID-jv7n-m3cf-jfex
15
vulnerability VCID-mfwu-mfhq-fkh8
16
vulnerability VCID-pskx-9d46-bfdt
17
vulnerability VCID-ugw3-xgan-k3fm
18
vulnerability VCID-va8h-3qxg-uqh2
19
vulnerability VCID-yn8q-d76k-q3h2
20
vulnerability VCID-ywuy-my3f-x7cd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.13.2
6
url pkg:composer/simplesamlphp/simplesamlphp@1.14.0-rc1
purl pkg:composer/simplesamlphp/simplesamlphp@1.14.0-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2etk-v7gt-pqhn
1
vulnerability VCID-3d8m-wtww-2yah
2
vulnerability VCID-4gux-4jrc-w7ce
3
vulnerability VCID-6fwf-1xps-t7g5
4
vulnerability VCID-96db-3jav-tkay
5
vulnerability VCID-b3fn-bnh5-qyg4
6
vulnerability VCID-cmqz-hp34-8kcx
7
vulnerability VCID-d1cm-xhdp-8qhv
8
vulnerability VCID-d1d1-jng1-4fe6
9
vulnerability VCID-dgs2-3xbu-c3ff
10
vulnerability VCID-dvwj-zd42-nbhe
11
vulnerability VCID-gwtm-bdae-3ufj
12
vulnerability VCID-hhq1-kxga-87ea
13
vulnerability VCID-j3sv-ccme-rbdn
14
vulnerability VCID-jv7n-m3cf-jfex
15
vulnerability VCID-mfwu-mfhq-fkh8
16
vulnerability VCID-pskx-9d46-bfdt
17
vulnerability VCID-ugw3-xgan-k3fm
18
vulnerability VCID-va8h-3qxg-uqh2
19
vulnerability VCID-yn8q-d76k-q3h2
20
vulnerability VCID-ywuy-my3f-x7cd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.14.0-rc1
7
url pkg:composer/simplesamlphp/simplesamlphp@1.14.0
purl pkg:composer/simplesamlphp/simplesamlphp@1.14.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2etk-v7gt-pqhn
1
vulnerability VCID-3d8m-wtww-2yah
2
vulnerability VCID-4gux-4jrc-w7ce
3
vulnerability VCID-6fwf-1xps-t7g5
4
vulnerability VCID-96db-3jav-tkay
5
vulnerability VCID-b3fn-bnh5-qyg4
6
vulnerability VCID-cmqz-hp34-8kcx
7
vulnerability VCID-d1cm-xhdp-8qhv
8
vulnerability VCID-d1d1-jng1-4fe6
9
vulnerability VCID-dgs2-3xbu-c3ff
10
vulnerability VCID-dvwj-zd42-nbhe
11
vulnerability VCID-gwtm-bdae-3ufj
12
vulnerability VCID-hhq1-kxga-87ea
13
vulnerability VCID-j3sv-ccme-rbdn
14
vulnerability VCID-jv7n-m3cf-jfex
15
vulnerability VCID-k5d6-k216-8ub8
16
vulnerability VCID-mfwu-mfhq-fkh8
17
vulnerability VCID-pskx-9d46-bfdt
18
vulnerability VCID-ugw3-xgan-k3fm
19
vulnerability VCID-va8h-3qxg-uqh2
20
vulnerability VCID-yn8q-d76k-q3h2
21
vulnerability VCID-ywuy-my3f-x7cd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.14.0
8
url pkg:composer/simplesamlphp/simplesamlphp@1.14.1
purl pkg:composer/simplesamlphp/simplesamlphp@1.14.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2etk-v7gt-pqhn
1
vulnerability VCID-3d8m-wtww-2yah
2
vulnerability VCID-4gux-4jrc-w7ce
3
vulnerability VCID-6fwf-1xps-t7g5
4
vulnerability VCID-96db-3jav-tkay
5
vulnerability VCID-b3fn-bnh5-qyg4
6
vulnerability VCID-cmqz-hp34-8kcx
7
vulnerability VCID-d1cm-xhdp-8qhv
8
vulnerability VCID-d1d1-jng1-4fe6
9
vulnerability VCID-dgs2-3xbu-c3ff
10
vulnerability VCID-dvwj-zd42-nbhe
11
vulnerability VCID-gwtm-bdae-3ufj
12
vulnerability VCID-hhq1-kxga-87ea
13
vulnerability VCID-j3sv-ccme-rbdn
14
vulnerability VCID-k5d6-k216-8ub8
15
vulnerability VCID-mfwu-mfhq-fkh8
16
vulnerability VCID-pskx-9d46-bfdt
17
vulnerability VCID-ugw3-xgan-k3fm
18
vulnerability VCID-va8h-3qxg-uqh2
19
vulnerability VCID-yn8q-d76k-q3h2
20
vulnerability VCID-ywuy-my3f-x7cd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.14.1
9
url pkg:composer/simplesamlphp/simplesamlphp@1.14.2
purl pkg:composer/simplesamlphp/simplesamlphp@1.14.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2etk-v7gt-pqhn
1
vulnerability VCID-3d8m-wtww-2yah
2
vulnerability VCID-4gux-4jrc-w7ce
3
vulnerability VCID-6fwf-1xps-t7g5
4
vulnerability VCID-96db-3jav-tkay
5
vulnerability VCID-b3fn-bnh5-qyg4
6
vulnerability VCID-cmqz-hp34-8kcx
7
vulnerability VCID-d1cm-xhdp-8qhv
8
vulnerability VCID-d1d1-jng1-4fe6
9
vulnerability VCID-dgs2-3xbu-c3ff
10
vulnerability VCID-dvwj-zd42-nbhe
11
vulnerability VCID-gwtm-bdae-3ufj
12
vulnerability VCID-hhq1-kxga-87ea
13
vulnerability VCID-j3sv-ccme-rbdn
14
vulnerability VCID-k5d6-k216-8ub8
15
vulnerability VCID-mfwu-mfhq-fkh8
16
vulnerability VCID-pskx-9d46-bfdt
17
vulnerability VCID-ugw3-xgan-k3fm
18
vulnerability VCID-va8h-3qxg-uqh2
19
vulnerability VCID-yn8q-d76k-q3h2
20
vulnerability VCID-ywuy-my3f-x7cd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.14.2
10
url pkg:composer/simplesamlphp/simplesamlphp@1.14.3
purl pkg:composer/simplesamlphp/simplesamlphp@1.14.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2etk-v7gt-pqhn
1
vulnerability VCID-3d8m-wtww-2yah
2
vulnerability VCID-4gux-4jrc-w7ce
3
vulnerability VCID-6fwf-1xps-t7g5
4
vulnerability VCID-96db-3jav-tkay
5
vulnerability VCID-b3fn-bnh5-qyg4
6
vulnerability VCID-cmqz-hp34-8kcx
7
vulnerability VCID-d1cm-xhdp-8qhv
8
vulnerability VCID-d1d1-jng1-4fe6
9
vulnerability VCID-dgs2-3xbu-c3ff
10
vulnerability VCID-dvwj-zd42-nbhe
11
vulnerability VCID-gwtm-bdae-3ufj
12
vulnerability VCID-hhq1-kxga-87ea
13
vulnerability VCID-j3sv-ccme-rbdn
14
vulnerability VCID-k5d6-k216-8ub8
15
vulnerability VCID-mfwu-mfhq-fkh8
16
vulnerability VCID-pskx-9d46-bfdt
17
vulnerability VCID-ugw3-xgan-k3fm
18
vulnerability VCID-va8h-3qxg-uqh2
19
vulnerability VCID-yn8q-d76k-q3h2
20
vulnerability VCID-ywuy-my3f-x7cd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.14.3
References
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/201606-01.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/201606-01.yaml
1
reference_url https://github.com/simplesamlphp/simplesamlphp
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/simplesamlphp
2
reference_url https://github.com/simplesamlphp/simplesamlphp/commit/b1af4e47c81bca2bee633b3f84f4fde624f359ba
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/simplesamlphp/commit/b1af4e47c81bca2bee633b3f84f4fde624f359ba
3
reference_url https://github.com/simplesamlphp/simplesamlphp/commit/d26eb8f17dc9916a5ef2fd0a286b0fc96a561e71
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/simplesamlphp/commit/d26eb8f17dc9916a5ef2fd0a286b0fc96a561e71
4
reference_url https://simplesamlphp.org/security/201606-01
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://simplesamlphp.org/security/201606-01
5
reference_url https://github.com/advisories/GHSA-v858-922f-fj9v
reference_id GHSA-v858-922f-fj9v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v858-922f-fj9v
Weaknesses
0
cwe_id 74
name Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
description The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-j3sv-ccme-rbdn