Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-6fqb-hquy-1kgw
SummaryA mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system.
Aliases
0
alias CVE-2017-5454
Fixed_packages
0
url pkg:alpm/archlinux/firefox@53.0-1
purl pkg:alpm/archlinux/firefox@53.0-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@53.0-1
1
url pkg:deb/debian/firefox@52.0.1-1?distro=sid
purl pkg:deb/debian/firefox@52.0.1-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@52.0.1-1%3Fdistro=sid
2
url pkg:deb/debian/firefox@151.0.3-1?distro=sid
purl pkg:deb/debian/firefox@151.0.3-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid
Affected_packages
0
url pkg:alpm/archlinux/firefox@52.0.2-1
purl pkg:alpm/archlinux/firefox@52.0.2-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hmf-d9jw-eydf
1
vulnerability VCID-1req-6w1u-h7gr
2
vulnerability VCID-1zvx-n96g-5qgr
3
vulnerability VCID-3478-tt6y-3yex
4
vulnerability VCID-3e39-auan-xuhb
5
vulnerability VCID-4yun-8ff6-xbad
6
vulnerability VCID-5t1y-kt3x-83gn
7
vulnerability VCID-6fqb-hquy-1kgw
8
vulnerability VCID-6m3m-gcn8-hbbq
9
vulnerability VCID-6qnx-8zzy-nkek
10
vulnerability VCID-7aah-x36e-u3er
11
vulnerability VCID-7ryr-d2hw-1yhm
12
vulnerability VCID-7sz2-vy3r-jqe3
13
vulnerability VCID-8ase-exn4-kuhr
14
vulnerability VCID-8fd1-atnz-4ybe
15
vulnerability VCID-8pew-ffs9-tkhb
16
vulnerability VCID-9czz-bc1n-xkem
17
vulnerability VCID-9smz-q33h-hbaw
18
vulnerability VCID-aja9-emwk-xye3
19
vulnerability VCID-bj6j-ar4j-3bgg
20
vulnerability VCID-bqjp-jgr5-u7cb
21
vulnerability VCID-d3nj-g2ka-tue2
22
vulnerability VCID-fu4u-wn2z-gbgz
23
vulnerability VCID-ggg4-mqpu-fuba
24
vulnerability VCID-h9hn-tr9w-4ubn
25
vulnerability VCID-jthc-qw6t-53ff
26
vulnerability VCID-nz3g-jdgj-5kfv
27
vulnerability VCID-pa6e-373h-6ybr
28
vulnerability VCID-pcd7-6x4v-mkfu
29
vulnerability VCID-qkyq-4mv5-4qbd
30
vulnerability VCID-r9pw-nv4t-xfcj
31
vulnerability VCID-suq2-kh6t-1fdg
32
vulnerability VCID-u7h9-yevq-gqay
33
vulnerability VCID-xjyr-mns2-wuck
34
vulnerability VCID-zrj6-cf4r-wyak
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0.2-1
1
url pkg:rpm/redhat/firefox@52.1.0-2?arch=el7_3
purl pkg:rpm/redhat/firefox@52.1.0-2?arch=el7_3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hmf-d9jw-eydf
1
vulnerability VCID-1req-6w1u-h7gr
2
vulnerability VCID-1zvx-n96g-5qgr
3
vulnerability VCID-3478-tt6y-3yex
4
vulnerability VCID-3e39-auan-xuhb
5
vulnerability VCID-4yun-8ff6-xbad
6
vulnerability VCID-5t1y-kt3x-83gn
7
vulnerability VCID-6fqb-hquy-1kgw
8
vulnerability VCID-6m3m-gcn8-hbbq
9
vulnerability VCID-76bw-4hry-77bq
10
vulnerability VCID-7ryr-d2hw-1yhm
11
vulnerability VCID-7sz2-vy3r-jqe3
12
vulnerability VCID-8ase-exn4-kuhr
13
vulnerability VCID-8fd1-atnz-4ybe
14
vulnerability VCID-8pew-ffs9-tkhb
15
vulnerability VCID-9czz-bc1n-xkem
16
vulnerability VCID-9smz-q33h-hbaw
17
vulnerability VCID-aja9-emwk-xye3
18
vulnerability VCID-bj6j-ar4j-3bgg
19
vulnerability VCID-bqjp-jgr5-u7cb
20
vulnerability VCID-d3nj-g2ka-tue2
21
vulnerability VCID-fu4u-wn2z-gbgz
22
vulnerability VCID-h47s-xx3j-33eq
23
vulnerability VCID-h9hn-tr9w-4ubn
24
vulnerability VCID-jthc-qw6t-53ff
25
vulnerability VCID-nz3g-jdgj-5kfv
26
vulnerability VCID-qkyq-4mv5-4qbd
27
vulnerability VCID-r9pw-nv4t-xfcj
28
vulnerability VCID-rhx2-e6nu-vyc9
29
vulnerability VCID-suq2-kh6t-1fdg
30
vulnerability VCID-u7h9-yevq-gqay
31
vulnerability VCID-xjyr-mns2-wuck
32
vulnerability VCID-zrj6-cf4r-wyak
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/firefox@52.1.0-2%3Farch=el7_3
2
url pkg:rpm/redhat/thunderbird@52.1.0-1?arch=el6_9
purl pkg:rpm/redhat/thunderbird@52.1.0-1?arch=el6_9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hmf-d9jw-eydf
1
vulnerability VCID-1req-6w1u-h7gr
2
vulnerability VCID-1zvx-n96g-5qgr
3
vulnerability VCID-3478-tt6y-3yex
4
vulnerability VCID-3e39-auan-xuhb
5
vulnerability VCID-4yun-8ff6-xbad
6
vulnerability VCID-5t1y-kt3x-83gn
7
vulnerability VCID-6fqb-hquy-1kgw
8
vulnerability VCID-76bw-4hry-77bq
9
vulnerability VCID-7sz2-vy3r-jqe3
10
vulnerability VCID-8ase-exn4-kuhr
11
vulnerability VCID-8fd1-atnz-4ybe
12
vulnerability VCID-9czz-bc1n-xkem
13
vulnerability VCID-9smz-q33h-hbaw
14
vulnerability VCID-aja9-emwk-xye3
15
vulnerability VCID-bj6j-ar4j-3bgg
16
vulnerability VCID-d3nj-g2ka-tue2
17
vulnerability VCID-fu4u-wn2z-gbgz
18
vulnerability VCID-h47s-xx3j-33eq
19
vulnerability VCID-h9hn-tr9w-4ubn
20
vulnerability VCID-jthc-qw6t-53ff
21
vulnerability VCID-nz3g-jdgj-5kfv
22
vulnerability VCID-qkyq-4mv5-4qbd
23
vulnerability VCID-r9pw-nv4t-xfcj
24
vulnerability VCID-rhx2-e6nu-vyc9
25
vulnerability VCID-suq2-kh6t-1fdg
26
vulnerability VCID-u7h9-yevq-gqay
27
vulnerability VCID-xjyr-mns2-wuck
28
vulnerability VCID-zrj6-cf4r-wyak
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thunderbird@52.1.0-1%3Farch=el6_9
3
url pkg:rpm/redhat/thunderbird@52.1.0-1?arch=el7_3
purl pkg:rpm/redhat/thunderbird@52.1.0-1?arch=el7_3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hmf-d9jw-eydf
1
vulnerability VCID-1req-6w1u-h7gr
2
vulnerability VCID-1zvx-n96g-5qgr
3
vulnerability VCID-3478-tt6y-3yex
4
vulnerability VCID-3e39-auan-xuhb
5
vulnerability VCID-4yun-8ff6-xbad
6
vulnerability VCID-5t1y-kt3x-83gn
7
vulnerability VCID-6fqb-hquy-1kgw
8
vulnerability VCID-76bw-4hry-77bq
9
vulnerability VCID-7sz2-vy3r-jqe3
10
vulnerability VCID-8ase-exn4-kuhr
11
vulnerability VCID-8fd1-atnz-4ybe
12
vulnerability VCID-9czz-bc1n-xkem
13
vulnerability VCID-9smz-q33h-hbaw
14
vulnerability VCID-aja9-emwk-xye3
15
vulnerability VCID-bj6j-ar4j-3bgg
16
vulnerability VCID-d3nj-g2ka-tue2
17
vulnerability VCID-fu4u-wn2z-gbgz
18
vulnerability VCID-h47s-xx3j-33eq
19
vulnerability VCID-h9hn-tr9w-4ubn
20
vulnerability VCID-jthc-qw6t-53ff
21
vulnerability VCID-nz3g-jdgj-5kfv
22
vulnerability VCID-qkyq-4mv5-4qbd
23
vulnerability VCID-r9pw-nv4t-xfcj
24
vulnerability VCID-rhx2-e6nu-vyc9
25
vulnerability VCID-suq2-kh6t-1fdg
26
vulnerability VCID-u7h9-yevq-gqay
27
vulnerability VCID-xjyr-mns2-wuck
28
vulnerability VCID-zrj6-cf4r-wyak
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thunderbird@52.1.0-1%3Farch=el7_3
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5454.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5454.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-5454
reference_id
reference_type
scores
0
value 0.00533
scoring_system epss
scoring_elements 0.67749
published_at 2026-06-05T12:55:00Z
1
value 0.00533
scoring_system epss
scoring_elements 0.67708
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-5454
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:P/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1443338
reference_id 1443338
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1443338
4
reference_url https://security.archlinux.org/ASA-201704-6
reference_id ASA-201704-6
reference_type
scores
url https://security.archlinux.org/ASA-201704-6
5
reference_url https://security.archlinux.org/AVG-249
reference_id AVG-249
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-249
6
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2017-10
reference_id mfsa2017-10
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2017-10
7
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2017-12
reference_id mfsa2017-12
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2017-12
8
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2017-13
reference_id mfsa2017-13
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2017-13
9
reference_url https://access.redhat.com/errata/RHSA-2017:1106
reference_id RHSA-2017:1106
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:1106
10
reference_url https://access.redhat.com/errata/RHSA-2017:1201
reference_id RHSA-2017:1201
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:1201
11
reference_url https://usn.ubuntu.com/3260-1/
reference_id USN-3260-1
reference_type
scores
url https://usn.ubuntu.com/3260-1/
12
reference_url https://usn.ubuntu.com/3278-1/
reference_id USN-3278-1
reference_type
scores
url https://usn.ubuntu.com/3278-1/
Weaknesses
Exploits
Severity_range_score3.5 - 10.0
Exploitability0.5
Weighted_severity9.0
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-6fqb-hquy-1kgw