Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-6hfy-2gcp-1uh4
SummaryAn issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display an obfuscated password hash was bypassed if a user has only the "view" permission (new in Django 2.1), resulting in display of the entire password hash to those users. This may result in a vulnerability for sites with legacy user accounts using insecure hashes.
Aliases
0
alias CVE-2018-16984
1
alias GHSA-6mx3-3vqg-hpp2
2
alias PYSEC-2018-3
Fixed_packages
0
url pkg:alpm/archlinux/python-django@2.1.2-1
purl pkg:alpm/archlinux/python-django@2.1.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/python-django@2.1.2-1
1
url pkg:deb/debian/python-django@0?distro=trixie
purl pkg:deb/debian/python-django@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@0%3Fdistro=trixie
2
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2%3Fdistro=trixie
3
url pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-django@3:3.2.19-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-jzae-1awh-k7cm
6
vulnerability VCID-mga4-an1w-qqf9
7
vulnerability VCID-ssut-reka-r3f8
8
vulnerability VCID-xhpa-mffz-syfy
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.19-1%252Bdeb12u1%3Fdistro=trixie
4
url pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ac4c-321h-tqfk
3
vulnerability VCID-ff2a-at5f-2qa8
4
vulnerability VCID-gfym-spzk-w7gk
5
vulnerability VCID-ssut-reka-r3f8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.28-0%252Bdeb13u1%3Fdistro=trixie
5
url pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.29-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1adz-zw3h-pqek
1
vulnerability VCID-46pv-pzsu-jucd
2
vulnerability VCID-ff2a-at5f-2qa8
3
vulnerability VCID-gfym-spzk-w7gk
4
vulnerability VCID-ssut-reka-r3f8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.29-1%3Fdistro=trixie
6
url pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.30-1%3Fdistro=trixie
7
url pkg:pypi/django@2.1.2
purl pkg:pypi/django@2.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1v22-g646-wbay
1
vulnerability VCID-2zb9-27sm-3kgh
2
vulnerability VCID-3s9f-prpy-hbcx
3
vulnerability VCID-56na-n4w5-8fak
4
vulnerability VCID-6gss-ppm5-3yc9
5
vulnerability VCID-6xs7-fpvj-mbbw
6
vulnerability VCID-84mm-45p6-xkau
7
vulnerability VCID-896g-hqec-ryb9
8
vulnerability VCID-8jaq-53td-wbeg
9
vulnerability VCID-9uzd-mmyv-mfh4
10
vulnerability VCID-a8zx-jamf-cfcm
11
vulnerability VCID-b2ds-36xh-zfhp
12
vulnerability VCID-be38-bevp-y7ae
13
vulnerability VCID-c2kc-1jh1-j3ha
14
vulnerability VCID-c3ne-nkd9-pug8
15
vulnerability VCID-e2jd-yd4j-kqgt
16
vulnerability VCID-f7dh-ahya-hfar
17
vulnerability VCID-hpg4-c6bk-s7c7
18
vulnerability VCID-jtru-9jmz-kkek
19
vulnerability VCID-k114-8z8u-2qh1
20
vulnerability VCID-mjsc-w5v5-t7cg
21
vulnerability VCID-qjez-qe32-e3b6
22
vulnerability VCID-qm34-ec8s-tfd7
23
vulnerability VCID-w2dv-u8h6-sbgs
24
vulnerability VCID-w4pr-k5nj-ckgy
25
vulnerability VCID-x664-bfna-6qdv
26
vulnerability VCID-xaqg-mhqa-7keg
27
vulnerability VCID-xne6-9e55-uued
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.2
Affected_packages
0
url pkg:alpm/archlinux/python-django@2.1.1-1
purl pkg:alpm/archlinux/python-django@2.1.1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6hfy-2gcp-1uh4
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/python-django@2.1.1-1
1
url pkg:pypi/django@2.1
purl pkg:pypi/django@2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1v22-g646-wbay
1
vulnerability VCID-2zb9-27sm-3kgh
2
vulnerability VCID-3s9f-prpy-hbcx
3
vulnerability VCID-56na-n4w5-8fak
4
vulnerability VCID-6gss-ppm5-3yc9
5
vulnerability VCID-6hfy-2gcp-1uh4
6
vulnerability VCID-6xs7-fpvj-mbbw
7
vulnerability VCID-84mm-45p6-xkau
8
vulnerability VCID-896g-hqec-ryb9
9
vulnerability VCID-8jaq-53td-wbeg
10
vulnerability VCID-9uzd-mmyv-mfh4
11
vulnerability VCID-a8zx-jamf-cfcm
12
vulnerability VCID-b2ds-36xh-zfhp
13
vulnerability VCID-be38-bevp-y7ae
14
vulnerability VCID-c2kc-1jh1-j3ha
15
vulnerability VCID-c3ne-nkd9-pug8
16
vulnerability VCID-e2jd-yd4j-kqgt
17
vulnerability VCID-f7dh-ahya-hfar
18
vulnerability VCID-hpg4-c6bk-s7c7
19
vulnerability VCID-jtru-9jmz-kkek
20
vulnerability VCID-k114-8z8u-2qh1
21
vulnerability VCID-mjsc-w5v5-t7cg
22
vulnerability VCID-qjez-qe32-e3b6
23
vulnerability VCID-qm34-ec8s-tfd7
24
vulnerability VCID-w2dv-u8h6-sbgs
25
vulnerability VCID-w4pr-k5nj-ckgy
26
vulnerability VCID-x664-bfna-6qdv
27
vulnerability VCID-xaqg-mhqa-7keg
28
vulnerability VCID-xne6-9e55-uued
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1
2
url pkg:pypi/django@2.1.1
purl pkg:pypi/django@2.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1v22-g646-wbay
1
vulnerability VCID-2zb9-27sm-3kgh
2
vulnerability VCID-3s9f-prpy-hbcx
3
vulnerability VCID-56na-n4w5-8fak
4
vulnerability VCID-6gss-ppm5-3yc9
5
vulnerability VCID-6hfy-2gcp-1uh4
6
vulnerability VCID-6xs7-fpvj-mbbw
7
vulnerability VCID-84mm-45p6-xkau
8
vulnerability VCID-896g-hqec-ryb9
9
vulnerability VCID-8jaq-53td-wbeg
10
vulnerability VCID-9uzd-mmyv-mfh4
11
vulnerability VCID-a8zx-jamf-cfcm
12
vulnerability VCID-b2ds-36xh-zfhp
13
vulnerability VCID-be38-bevp-y7ae
14
vulnerability VCID-c2kc-1jh1-j3ha
15
vulnerability VCID-c3ne-nkd9-pug8
16
vulnerability VCID-e2jd-yd4j-kqgt
17
vulnerability VCID-f7dh-ahya-hfar
18
vulnerability VCID-hpg4-c6bk-s7c7
19
vulnerability VCID-jtru-9jmz-kkek
20
vulnerability VCID-k114-8z8u-2qh1
21
vulnerability VCID-mjsc-w5v5-t7cg
22
vulnerability VCID-qjez-qe32-e3b6
23
vulnerability VCID-qm34-ec8s-tfd7
24
vulnerability VCID-w2dv-u8h6-sbgs
25
vulnerability VCID-w4pr-k5nj-ckgy
26
vulnerability VCID-x664-bfna-6qdv
27
vulnerability VCID-xaqg-mhqa-7keg
28
vulnerability VCID-xne6-9e55-uued
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@2.1.1
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16984.json
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16984.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-16984
reference_id
reference_type
scores
0
value 0.00721
scoring_system epss
scoring_elements 0.72432
published_at 2026-04-07T12:55:00Z
1
value 0.00721
scoring_system epss
scoring_elements 0.7252
published_at 2026-04-16T12:55:00Z
2
value 0.00721
scoring_system epss
scoring_elements 0.72478
published_at 2026-04-13T12:55:00Z
3
value 0.00721
scoring_system epss
scoring_elements 0.72488
published_at 2026-04-12T12:55:00Z
4
value 0.00721
scoring_system epss
scoring_elements 0.72506
published_at 2026-04-11T12:55:00Z
5
value 0.00721
scoring_system epss
scoring_elements 0.72483
published_at 2026-04-09T12:55:00Z
6
value 0.00721
scoring_system epss
scoring_elements 0.7247
published_at 2026-04-08T12:55:00Z
7
value 0.00721
scoring_system epss
scoring_elements 0.72437
published_at 2026-04-02T12:55:00Z
8
value 0.00721
scoring_system epss
scoring_elements 0.72455
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-16984
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/advisories/GHSA-6mx3-3vqg-hpp2
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-6mx3-3vqg-hpp2
4
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
5
reference_url https://github.com/django/django/commit/bf39978a53f117ca02e9a0c78b76664a41a54745
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/bf39978a53f117ca02e9a0c78b76664a41a54745
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-3.yaml
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-3.yaml
7
reference_url https://security.netapp.com/advisory/ntap-20190502-0009
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190502-0009
8
reference_url https://security.netapp.com/advisory/ntap-20190502-0009/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190502-0009/
9
reference_url https://web.archive.org/web/20200517123022/http://www.securitytracker.com/id/1041749
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200517123022/http://www.securitytracker.com/id/1041749
10
reference_url https://www.djangoproject.com/weblog/2018/oct/01/security-release
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2018/oct/01/security-release
11
reference_url https://www.djangoproject.com/weblog/2018/oct/01/security-release/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2018/oct/01/security-release/
12
reference_url http://www.securitytracker.com/id/1041749
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1041749
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1639398
reference_id 1639398
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1639398
14
reference_url https://security.archlinux.org/ASA-201810-5
reference_id ASA-201810-5
reference_type
scores
url https://security.archlinux.org/ASA-201810-5
15
reference_url https://security.archlinux.org/AVG-773
reference_id AVG-773
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-773
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-16984
reference_id CVE-2018-16984
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-16984
Weaknesses
0
cwe_id 522
name Insufficiently Protected Credentials
description The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
3
cwe_id 200
name Exposure of Sensitive Information to an Unauthorized Actor
description The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Exploits
Severity_range_score2.7 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-6hfy-2gcp-1uh4