Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-sf98-mryd-yfb3

Summary security update

Aliases

alias	CVE-2015-9096

alias	GHSA-2h3c-5vqm-gqfh

Fixed_packages

Affected_packages

url pkg:rpm/redhat/ruby3-3-main@3.3.10-23.1?arch=hum1

purl pkg:rpm/redhat/ruby3-3-main@3.3.10-23.1?arch=hum1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4qm3-nbsk-73he

vulnerability	VCID-4yvc-uzev-wua4

vulnerability	VCID-5xez-skrj-b3h4

vulnerability	VCID-91b7-xx8t-rqhr

vulnerability	VCID-a15m-bcma-vfa7

vulnerability	VCID-arjz-geyr-q7e3

vulnerability	VCID-ea13-mua4-1fb9

vulnerability	VCID-fw7k-88kf-1kgg

vulnerability	VCID-g7ju-q41v-wyhd

vulnerability	VCID-jj3a-fpsa-a7at

vulnerability	VCID-pegr-f5mh-ekdz

vulnerability	VCID-qyz5-zmnt-qucy

vulnerability	VCID-rwak-wvuw-qbcg

vulnerability	VCID-sf98-mryd-yfb3

vulnerability	VCID-sfzh-hn56-hbak

vulnerability	VCID-t9y5-hd9b-bkc4

vulnerability	VCID-wzdf-d9fv-u3hh

vulnerability	VCID-x126-x9qm-e7d3

vulnerability	VCID-xkd6-jvma-skfk

vulnerability	VCID-y56y-5am7-wkhr

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ruby3-3-main@3.3.10-23.1%3Farch=hum1

url pkg:rpm/redhat/ruby3-4-main@3.4.8-31.1?arch=hum1

purl pkg:rpm/redhat/ruby3-4-main@3.4.8-31.1?arch=hum1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4qm3-nbsk-73he

vulnerability	VCID-4yvc-uzev-wua4

vulnerability	VCID-5xez-skrj-b3h4

vulnerability	VCID-91b7-xx8t-rqhr

vulnerability	VCID-a15m-bcma-vfa7

vulnerability	VCID-arjz-geyr-q7e3

vulnerability	VCID-ea13-mua4-1fb9

vulnerability	VCID-fw7k-88kf-1kgg

vulnerability	VCID-g7ju-q41v-wyhd

vulnerability	VCID-jj3a-fpsa-a7at

vulnerability	VCID-pegr-f5mh-ekdz

vulnerability	VCID-qyz5-zmnt-qucy

vulnerability	VCID-rwak-wvuw-qbcg

vulnerability	VCID-sf98-mryd-yfb3

vulnerability	VCID-sfzh-hn56-hbak

vulnerability	VCID-t9y5-hd9b-bkc4

vulnerability	VCID-wzdf-d9fv-u3hh

vulnerability	VCID-x126-x9qm-e7d3

vulnerability	VCID-xkd6-jvma-skfk

vulnerability	VCID-y56y-5am7-wkhr

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ruby3-4-main@3.4.8-31.1%3Farch=hum1

url pkg:rpm/redhat/ruby4-0-main@4.0.0-33.3?arch=hum1

purl pkg:rpm/redhat/ruby4-0-main@4.0.0-33.3?arch=hum1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4qm3-nbsk-73he

vulnerability	VCID-4yvc-uzev-wua4

vulnerability	VCID-5xez-skrj-b3h4

vulnerability	VCID-91b7-xx8t-rqhr

vulnerability	VCID-a15m-bcma-vfa7

vulnerability	VCID-arjz-geyr-q7e3

vulnerability	VCID-ea13-mua4-1fb9

vulnerability	VCID-fw7k-88kf-1kgg

vulnerability	VCID-g7ju-q41v-wyhd

vulnerability	VCID-jj3a-fpsa-a7at

vulnerability	VCID-pegr-f5mh-ekdz

vulnerability	VCID-qyz5-zmnt-qucy

vulnerability	VCID-rwak-wvuw-qbcg

vulnerability	VCID-sf98-mryd-yfb3

vulnerability	VCID-sfzh-hn56-hbak

vulnerability	VCID-t9y5-hd9b-bkc4

vulnerability	VCID-wzdf-d9fv-u3hh

vulnerability	VCID-x126-x9qm-e7d3

vulnerability	VCID-xkd6-jvma-skfk

vulnerability	VCID-y56y-5am7-wkhr

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ruby4-0-main@4.0.0-33.3%3Farch=hum1

url pkg:ruby/ruby@2.4

purl pkg:ruby/ruby@2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cad-uybu-2uau

vulnerability	VCID-91b7-xx8t-rqhr

vulnerability	VCID-bad1-7aa4-cugv

vulnerability	VCID-beub-d11r-nbe4

vulnerability	VCID-c3y8-w4b4-3qea

vulnerability	VCID-fapg-pt6b-rfb2

vulnerability	VCID-kamp-zmtx-aqbz

vulnerability	VCID-qyz5-zmnt-qucy

vulnerability	VCID-rdme-1q3s-43d8

vulnerability	VCID-sf98-mryd-yfb3

vulnerability	VCID-tzne-zeeh-wuet

vulnerability	VCID-xkd6-jvma-skfk

vulnerability	VCID-y29u-wpkt-rkgp

vulnerability	VCID-zwxw-299r-wfgx

vulnerability	VCID-zybm-uuxu-67gh

resource_url http://public2.vulnerablecode.io/packages/pkg:ruby/ruby@2.4

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9096.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9096.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-9096

reference_id

reference_type

scores

value	0.01592
scoring_system	epss
scoring_elements	0.81593
published_at	2026-04-01T12:55:00Z

value	0.01592
scoring_system	epss
scoring_elements	0.81698
published_at	2026-04-21T12:55:00Z

value	0.01592
scoring_system	epss
scoring_elements	0.81662
published_at	2026-04-12T12:55:00Z

value	0.01592
scoring_system	epss
scoring_elements	0.81656
published_at	2026-04-13T12:55:00Z

value	0.01592
scoring_system	epss
scoring_elements	0.81694
published_at	2026-04-18T12:55:00Z

value	0.01592
scoring_system	epss
scoring_elements	0.81604
published_at	2026-04-02T12:55:00Z

value	0.01592
scoring_system	epss
scoring_elements	0.81625
published_at	2026-04-04T12:55:00Z

value	0.01592
scoring_system	epss
scoring_elements	0.81623
published_at	2026-04-07T12:55:00Z

value	0.01592
scoring_system	epss
scoring_elements	0.8165
published_at	2026-04-08T12:55:00Z

value	0.01592
scoring_system	epss
scoring_elements	0.81655
published_at	2026-04-09T12:55:00Z

value	0.01592
scoring_system	epss
scoring_elements	0.81676
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-9096

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9096
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9096

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0899
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0899

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0900

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0901
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0901

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0902
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0902

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14064
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14064

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/137631

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements

url

https://hackerone.com/reports/137631

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1461846
reference_id	1461846
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1461846

reference_url	https://access.redhat.com/errata/RHSA-2026:7305
reference_id	RHSA-2026:7305
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7305

reference_url	https://access.redhat.com/errata/RHSA-2026:7307
reference_id	RHSA-2026:7307
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7307

reference_url	https://access.redhat.com/errata/RHSA-2026:8838
reference_id	RHSA-2026:8838
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8838

reference_url	https://usn.ubuntu.com/3365-1/
reference_id	USN-3365-1
reference_type
scores
url	https://usn.ubuntu.com/3365-1/

Weaknesses

cwe_id	88
name	Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
description	The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

Exploits

Severity_range_score 4.3 - 6.1

Exploitability 0.5

Weighted_severity 4.9

Risk_score 2.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sf98-mryd-yfb3

Vulnerability Instance