Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-w9ts-2s35-5qb8
SummarySetting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the Secure attribute.
Aliases
0
alias CVE-2025-8037
Fixed_packages
0
url pkg:deb/debian/firefox@141.0-1?distro=sid
purl pkg:deb/debian/firefox@141.0-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@141.0-1%3Fdistro=sid
1
url pkg:deb/debian/firefox@149.0-1?distro=sid
purl pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid
2
url pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid
3
url pkg:deb/debian/firefox@150.0-1?distro=sid
purl pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid
Affected_packages
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8037.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8037.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-8037
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.09636
published_at 2026-04-04T12:55:00Z
1
value 0.00033
scoring_system epss
scoring_elements 0.09585
published_at 2026-04-02T12:55:00Z
2
value 0.00049
scoring_system epss
scoring_elements 0.15252
published_at 2026-04-07T12:55:00Z
3
value 0.00049
scoring_system epss
scoring_elements 0.1516
published_at 2026-04-16T12:55:00Z
4
value 0.00049
scoring_system epss
scoring_elements 0.15246
published_at 2026-04-13T12:55:00Z
5
value 0.00049
scoring_system epss
scoring_elements 0.15312
published_at 2026-04-12T12:55:00Z
6
value 0.00049
scoring_system epss
scoring_elements 0.1535
published_at 2026-04-11T12:55:00Z
7
value 0.00049
scoring_system epss
scoring_elements 0.1539
published_at 2026-04-09T12:55:00Z
8
value 0.00049
scoring_system epss
scoring_elements 0.1534
published_at 2026-04-08T12:55:00Z
9
value 0.00055
scoring_system epss
scoring_elements 0.17219
published_at 2026-04-21T12:55:00Z
10
value 0.00055
scoring_system epss
scoring_elements 0.17125
published_at 2026-04-24T12:55:00Z
11
value 0.00055
scoring_system epss
scoring_elements 0.17184
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-8037
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2382719
reference_id 2382719
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2382719
4
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-56
reference_id mfsa2025-56
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-56
5
reference_url https://www.mozilla.org/security/advisories/mfsa2025-56/
reference_id mfsa2025-56
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-07-23T14:22:54Z/
url https://www.mozilla.org/security/advisories/mfsa2025-56/
6
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-59
reference_id mfsa2025-59
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-59
7
reference_url https://www.mozilla.org/security/advisories/mfsa2025-59/
reference_id mfsa2025-59
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-07-23T14:22:54Z/
url https://www.mozilla.org/security/advisories/mfsa2025-59/
8
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-61
reference_id mfsa2025-61
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-61
9
reference_url https://www.mozilla.org/security/advisories/mfsa2025-61/
reference_id mfsa2025-61
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-07-23T14:22:54Z/
url https://www.mozilla.org/security/advisories/mfsa2025-61/
10
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-63
reference_id mfsa2025-63
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-63
11
reference_url https://www.mozilla.org/security/advisories/mfsa2025-63/
reference_id mfsa2025-63
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-07-23T14:22:54Z/
url https://www.mozilla.org/security/advisories/mfsa2025-63/
12
reference_url https://bugzilla.mozilla.org/show_bug.cgi?id=1964767
reference_id show_bug.cgi?id=1964767
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-07-23T14:22:54Z/
url https://bugzilla.mozilla.org/show_bug.cgi?id=1964767
13
reference_url https://usn.ubuntu.com/7991-1/
reference_id USN-7991-1
reference_type
scores
url https://usn.ubuntu.com/7991-1/
Weaknesses
0
cwe_id 614
name Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
description The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session.
Exploits
Severity_range_score5.4 - 9.1
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-w9ts-2s35-5qb8