Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-n6s1-tsx2-7fee

Summary Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service).

Aliases

alias	CVE-2019-11756

Fixed_packages

url pkg:alpm/archlinux/firefox@71.0-1

purl pkg:alpm/archlinux/firefox@71.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6fvj-phnx-kfgs

vulnerability	VCID-7hkk-2k6p-vyc7

vulnerability	VCID-9v4g-hwwe-3ybg

vulnerability	VCID-ap8s-63rs-jyff

vulnerability	VCID-c4qs-a9kw-p3hc

vulnerability	VCID-javq-3r82-73fq

vulnerability	VCID-x12h-hqf2-37cc

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@71.0-1

url	pkg:deb/debian/firefox@71.0-1?distro=sid
purl	pkg:deb/debian/firefox@71.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@71.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:mozilla/Firefox@71.0.0
purl	pkg:mozilla/Firefox@71.0.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@71.0.0

Affected_packages

url pkg:alpm/archlinux/firefox@70.0.1-3

purl pkg:alpm/archlinux/firefox@70.0.1-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3smq-ax5u-ryd3

vulnerability	VCID-4sv2-j8zg-xkhf

vulnerability	VCID-8xkk-qc7d-fqg2

vulnerability	VCID-ex1b-2rdy-7qhw

vulnerability	VCID-ftfg-b795-qyan

vulnerability	VCID-n6s1-tsx2-7fee

vulnerability	VCID-pws7-8qmm-hfes

vulnerability	VCID-vzb9-aeqz-hybr

vulnerability	VCID-zh2m-qyw5-dkgn

vulnerability	VCID-zstj-sux9-ubdd

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@70.0.1-3

url pkg:rpm/redhat/nspr@4.25.0-2?arch=el7_9

purl pkg:rpm/redhat/nspr@4.25.0-2?arch=el7_9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6fvj-phnx-kfgs

vulnerability	VCID-7msj-wyd6-zkbe

vulnerability	VCID-8qtg-h4km-bfg2

vulnerability	VCID-k4a4-f1as-x3bj

vulnerability	VCID-mx8t-s47w-wud5

vulnerability	VCID-n6s1-tsx2-7fee

vulnerability	VCID-rk7t-zjzg-eqar

vulnerability	VCID-szzk-wxm2-cfgj

vulnerability	VCID-vjas-pry4-93cz

vulnerability	VCID-wavp-f4kn-j3cm

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nspr@4.25.0-2%3Farch=el7_9

url pkg:rpm/redhat/nspr@4.25.0-2?arch=el8_2

purl pkg:rpm/redhat/nspr@4.25.0-2?arch=el8_2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6fvj-phnx-kfgs

vulnerability	VCID-7msj-wyd6-zkbe

vulnerability	VCID-k2s2-zkua-8ydy

vulnerability	VCID-n6s1-tsx2-7fee

vulnerability	VCID-vjas-pry4-93cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nspr@4.25.0-2%3Farch=el8_2

url pkg:rpm/redhat/nss@3.36.0-9?arch=el7_6

purl pkg:rpm/redhat/nss@3.36.0-9?arch=el7_6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7msj-wyd6-zkbe

vulnerability	VCID-n6s1-tsx2-7fee

vulnerability	VCID-szzk-wxm2-cfgj

vulnerability	VCID-x1ty-wqph-gkak

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nss@3.36.0-9%3Farch=el7_6

url pkg:rpm/redhat/nss@3.53.1-3?arch=el7_9

purl pkg:rpm/redhat/nss@3.53.1-3?arch=el7_9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6fvj-phnx-kfgs

vulnerability	VCID-7msj-wyd6-zkbe

vulnerability	VCID-8qtg-h4km-bfg2

vulnerability	VCID-k4a4-f1as-x3bj

vulnerability	VCID-mx8t-s47w-wud5

vulnerability	VCID-n6s1-tsx2-7fee

vulnerability	VCID-rk7t-zjzg-eqar

vulnerability	VCID-szzk-wxm2-cfgj

vulnerability	VCID-vjas-pry4-93cz

vulnerability	VCID-wavp-f4kn-j3cm

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nss@3.53.1-3%3Farch=el7_9

url pkg:rpm/redhat/nss@3.53.1-11?arch=el8_2

purl pkg:rpm/redhat/nss@3.53.1-11?arch=el8_2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6fvj-phnx-kfgs

vulnerability	VCID-7msj-wyd6-zkbe

vulnerability	VCID-k2s2-zkua-8ydy

vulnerability	VCID-n6s1-tsx2-7fee

vulnerability	VCID-vjas-pry4-93cz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nss@3.53.1-11%3Farch=el8_2

url pkg:rpm/redhat/nss-softokn@3.28.3-10?arch=el7_4

purl pkg:rpm/redhat/nss-softokn@3.28.3-10?arch=el7_4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7msj-wyd6-zkbe

vulnerability	VCID-n6s1-tsx2-7fee

vulnerability	VCID-szzk-wxm2-cfgj

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nss-softokn@3.28.3-10%3Farch=el7_4

url pkg:rpm/redhat/nss-softokn@3.36.0-7?arch=el7_6

purl pkg:rpm/redhat/nss-softokn@3.36.0-7?arch=el7_6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7msj-wyd6-zkbe

vulnerability	VCID-n6s1-tsx2-7fee

vulnerability	VCID-szzk-wxm2-cfgj

vulnerability	VCID-x1ty-wqph-gkak

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nss-softokn@3.36.0-7%3Farch=el7_6

url pkg:rpm/redhat/nss-softokn@3.44.0-9?arch=el7_7

purl pkg:rpm/redhat/nss-softokn@3.44.0-9?arch=el7_7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7msj-wyd6-zkbe

vulnerability	VCID-n6s1-tsx2-7fee

vulnerability	VCID-szzk-wxm2-cfgj

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nss-softokn@3.44.0-9%3Farch=el7_7

url pkg:rpm/redhat/nss-softokn@3.53.1-6?arch=el7_9

purl pkg:rpm/redhat/nss-softokn@3.53.1-6?arch=el7_9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6fvj-phnx-kfgs

vulnerability	VCID-7msj-wyd6-zkbe

vulnerability	VCID-8qtg-h4km-bfg2

vulnerability	VCID-k4a4-f1as-x3bj

vulnerability	VCID-mx8t-s47w-wud5

vulnerability	VCID-n6s1-tsx2-7fee

vulnerability	VCID-rk7t-zjzg-eqar

vulnerability	VCID-szzk-wxm2-cfgj

vulnerability	VCID-vjas-pry4-93cz

vulnerability	VCID-wavp-f4kn-j3cm

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nss-softokn@3.53.1-6%3Farch=el7_9

url pkg:rpm/redhat/nss-util@3.53.1-1?arch=el7_9

purl pkg:rpm/redhat/nss-util@3.53.1-1?arch=el7_9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6fvj-phnx-kfgs

vulnerability	VCID-7msj-wyd6-zkbe

vulnerability	VCID-8qtg-h4km-bfg2

vulnerability	VCID-k4a4-f1as-x3bj

vulnerability	VCID-mx8t-s47w-wud5

vulnerability	VCID-n6s1-tsx2-7fee

vulnerability	VCID-rk7t-zjzg-eqar

vulnerability	VCID-szzk-wxm2-cfgj

vulnerability	VCID-vjas-pry4-93cz

vulnerability	VCID-wavp-f4kn-j3cm

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nss-util@3.53.1-1%3Farch=el7_9

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11756.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11756.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-11756

reference_id

reference_type

scores

value	0.00256
scoring_system	epss
scoring_elements	0.48895
published_at	2026-04-01T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.49008
published_at	2026-04-16T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48955
published_at	2026-04-12T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48962
published_at	2026-04-13T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48932
published_at	2026-04-02T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48958
published_at	2026-04-04T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48912
published_at	2026-04-07T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48966
published_at	2026-04-08T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48963
published_at	2026-04-09T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.4898
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-11756

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1774835
reference_id	1774835
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1774835

reference_url	https://security.archlinux.org/ASA-201912-1
reference_id	ASA-201912-1
reference_type
scores
url	https://security.archlinux.org/ASA-201912-1

reference_url

https://security.archlinux.org/AVG-1071

reference_id

AVG-1071

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1071

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-36

reference_id

mfsa2019-36

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-36

reference_url	https://access.redhat.com/errata/RHSA-2020:3280
reference_id	RHSA-2020:3280
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3280

reference_url	https://access.redhat.com/errata/RHSA-2020:4076
reference_id	RHSA-2020:4076
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4076

reference_url	https://access.redhat.com/errata/RHSA-2021:0758
reference_id	RHSA-2021:0758
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0758

reference_url	https://access.redhat.com/errata/RHSA-2021:0876
reference_id	RHSA-2021:0876
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0876

reference_url	https://access.redhat.com/errata/RHSA-2021:0949
reference_id	RHSA-2021:0949
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0949

reference_url	https://access.redhat.com/errata/RHSA-2021:1026
reference_id	RHSA-2021:1026
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1026

reference_url	https://usn.ubuntu.com/4216-1/
reference_id	USN-4216-1
reference_type
scores
url	https://usn.ubuntu.com/4216-1/

reference_url	https://usn.ubuntu.com/4216-2/
reference_id	USN-4216-2
reference_type
scores
url	https://usn.ubuntu.com/4216-2/

Weaknesses

cwe_id	416
name	Use After Free
description	Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Exploits

Severity_range_score 7.0 - 10.0

Exploitability 0.5

Weighted_severity 9.0

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n6s1-tsx2-7fee

Vulnerability Instance