Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-4wbb-yfna-3qgn
Summaryarbitrary command execution
Aliases
0
alias CVE-2017-8291
Fixed_packages
0
url pkg:alpm/archlinux/ghostscript@9.21-2
purl pkg:alpm/archlinux/ghostscript@9.21-2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ghostscript@9.21-2
1
url pkg:deb/debian/ghostscript@9.06~dfsg-2%2Bdeb8u7
purl pkg:deb/debian/ghostscript@9.06~dfsg-2%2Bdeb8u7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4wbb-yfna-3qgn
1
vulnerability VCID-69wu-x6x3-u3ft
2
vulnerability VCID-6rwb-apc6-jyfp
3
vulnerability VCID-96ma-mp34-sqd5
4
vulnerability VCID-ajxd-rc63-afc2
5
vulnerability VCID-cb7n-yy69-dbek
6
vulnerability VCID-gjeh-2dqw-6qcg
7
vulnerability VCID-h17c-85mb-vyfa
8
vulnerability VCID-p4nv-1zw3-gue4
9
vulnerability VCID-tef4-t2kr-r3h9
10
vulnerability VCID-tevq-sfa8-m7dr
11
vulnerability VCID-u1n1-5gwt-17fp
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ghostscript@9.06~dfsg-2%252Bdeb8u7
2
url pkg:deb/debian/ghostscript@9.20~dfsg-3.1?distro=trixie
purl pkg:deb/debian/ghostscript@9.20~dfsg-3.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ghostscript@9.20~dfsg-3.1%3Fdistro=trixie
3
url pkg:deb/debian/ghostscript@9.26a~dfsg-0%2Bdeb9u6
purl pkg:deb/debian/ghostscript@9.26a~dfsg-0%2Bdeb9u6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6rwb-apc6-jyfp
1
vulnerability VCID-ajxd-rc63-afc2
2
vulnerability VCID-cb7n-yy69-dbek
3
vulnerability VCID-gjeh-2dqw-6qcg
4
vulnerability VCID-p4nv-1zw3-gue4
5
vulnerability VCID-tef4-t2kr-r3h9
6
vulnerability VCID-tevq-sfa8-m7dr
7
vulnerability VCID-u1n1-5gwt-17fp
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ghostscript@9.26a~dfsg-0%252Bdeb9u6
4
url pkg:deb/debian/ghostscript@9.53.3~dfsg-7%2Bdeb11u7?distro=trixie
purl pkg:deb/debian/ghostscript@9.53.3~dfsg-7%2Bdeb11u7?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gnq-h48d-kkb7
1
vulnerability VCID-3bxh-1wn9-9baa
2
vulnerability VCID-79h4-1vr5-7fbz
3
vulnerability VCID-fm18-2c57-yyav
4
vulnerability VCID-ph56-3bx6-u7bj
5
vulnerability VCID-s49w-4m43-1fcb
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ghostscript@9.53.3~dfsg-7%252Bdeb11u7%3Fdistro=trixie
5
url pkg:deb/debian/ghostscript@10.0.0~dfsg-11%2Bdeb12u8?distro=trixie
purl pkg:deb/debian/ghostscript@10.0.0~dfsg-11%2Bdeb12u8?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gnq-h48d-kkb7
1
vulnerability VCID-3bxh-1wn9-9baa
2
vulnerability VCID-79h4-1vr5-7fbz
3
vulnerability VCID-fm18-2c57-yyav
4
vulnerability VCID-ph56-3bx6-u7bj
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ghostscript@10.0.0~dfsg-11%252Bdeb12u8%3Fdistro=trixie
6
url pkg:deb/debian/ghostscript@10.05.1~dfsg-1%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/ghostscript@10.05.1~dfsg-1%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gnq-h48d-kkb7
1
vulnerability VCID-ph56-3bx6-u7bj
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ghostscript@10.05.1~dfsg-1%252Bdeb13u1%3Fdistro=trixie
7
url pkg:deb/debian/ghostscript@10.07.1~dfsg-1?distro=trixie
purl pkg:deb/debian/ghostscript@10.07.1~dfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ghostscript@10.07.1~dfsg-1%3Fdistro=trixie
8
url pkg:ebuild/app-text/ghostscript-gpl@9.21
purl pkg:ebuild/app-text/ghostscript-gpl@9.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/app-text/ghostscript-gpl@9.21
Affected_packages
0
url pkg:alpm/archlinux/ghostscript@9.21-1
purl pkg:alpm/archlinux/ghostscript@9.21-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4wbb-yfna-3qgn
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ghostscript@9.21-1
1
url pkg:deb/debian/ghostscript@8.62.dfsg.1-3.2lenny5
purl pkg:deb/debian/ghostscript@8.62.dfsg.1-3.2lenny5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1tdy-s8pu-b7cb
1
vulnerability VCID-4wbb-yfna-3qgn
2
vulnerability VCID-69wu-x6x3-u3ft
3
vulnerability VCID-6rwb-apc6-jyfp
4
vulnerability VCID-7n7u-mctg-y7ex
5
vulnerability VCID-8zd7-8fgg-5bc2
6
vulnerability VCID-96ma-mp34-sqd5
7
vulnerability VCID-ajxd-rc63-afc2
8
vulnerability VCID-cb7n-yy69-dbek
9
vulnerability VCID-ccue-1cmm-g7cj
10
vulnerability VCID-dh95-nzjg-qba5
11
vulnerability VCID-g9ew-u3bv-xyhz
12
vulnerability VCID-gjeh-2dqw-6qcg
13
vulnerability VCID-h17c-85mb-vyfa
14
vulnerability VCID-my7v-whwc-k7cm
15
vulnerability VCID-n99y-t84f-fqg4
16
vulnerability VCID-p4nv-1zw3-gue4
17
vulnerability VCID-tef4-t2kr-r3h9
18
vulnerability VCID-tevq-sfa8-m7dr
19
vulnerability VCID-u1n1-5gwt-17fp
20
vulnerability VCID-xjzq-ddbr-uudk
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ghostscript@8.62.dfsg.1-3.2lenny5
2
url pkg:deb/debian/ghostscript@8.71~dfsg2-9%2Bsqueeze1
purl pkg:deb/debian/ghostscript@8.71~dfsg2-9%2Bsqueeze1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1tdy-s8pu-b7cb
1
vulnerability VCID-4wbb-yfna-3qgn
2
vulnerability VCID-69wu-x6x3-u3ft
3
vulnerability VCID-6rwb-apc6-jyfp
4
vulnerability VCID-7n7u-mctg-y7ex
5
vulnerability VCID-8zd7-8fgg-5bc2
6
vulnerability VCID-96ma-mp34-sqd5
7
vulnerability VCID-ajxd-rc63-afc2
8
vulnerability VCID-cb7n-yy69-dbek
9
vulnerability VCID-g9ew-u3bv-xyhz
10
vulnerability VCID-gjeh-2dqw-6qcg
11
vulnerability VCID-h17c-85mb-vyfa
12
vulnerability VCID-my7v-whwc-k7cm
13
vulnerability VCID-p4nv-1zw3-gue4
14
vulnerability VCID-tef4-t2kr-r3h9
15
vulnerability VCID-tevq-sfa8-m7dr
16
vulnerability VCID-u1n1-5gwt-17fp
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ghostscript@8.71~dfsg2-9%252Bsqueeze1
3
url pkg:deb/debian/ghostscript@8.71~dfsg2-9%2Bsqueeze2
purl pkg:deb/debian/ghostscript@8.71~dfsg2-9%2Bsqueeze2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1tdy-s8pu-b7cb
1
vulnerability VCID-4wbb-yfna-3qgn
2
vulnerability VCID-69wu-x6x3-u3ft
3
vulnerability VCID-6rwb-apc6-jyfp
4
vulnerability VCID-7n7u-mctg-y7ex
5
vulnerability VCID-8zd7-8fgg-5bc2
6
vulnerability VCID-96ma-mp34-sqd5
7
vulnerability VCID-ajxd-rc63-afc2
8
vulnerability VCID-cb7n-yy69-dbek
9
vulnerability VCID-g9ew-u3bv-xyhz
10
vulnerability VCID-gjeh-2dqw-6qcg
11
vulnerability VCID-h17c-85mb-vyfa
12
vulnerability VCID-my7v-whwc-k7cm
13
vulnerability VCID-p4nv-1zw3-gue4
14
vulnerability VCID-tef4-t2kr-r3h9
15
vulnerability VCID-tevq-sfa8-m7dr
16
vulnerability VCID-u1n1-5gwt-17fp
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ghostscript@8.71~dfsg2-9%252Bsqueeze2
4
url pkg:deb/debian/ghostscript@9.05~dfsg-6.3%2Bdeb7u2
purl pkg:deb/debian/ghostscript@9.05~dfsg-6.3%2Bdeb7u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1tdy-s8pu-b7cb
1
vulnerability VCID-4wbb-yfna-3qgn
2
vulnerability VCID-69wu-x6x3-u3ft
3
vulnerability VCID-6rwb-apc6-jyfp
4
vulnerability VCID-7n7u-mctg-y7ex
5
vulnerability VCID-8zd7-8fgg-5bc2
6
vulnerability VCID-96ma-mp34-sqd5
7
vulnerability VCID-ajxd-rc63-afc2
8
vulnerability VCID-cb7n-yy69-dbek
9
vulnerability VCID-g9ew-u3bv-xyhz
10
vulnerability VCID-gjeh-2dqw-6qcg
11
vulnerability VCID-h17c-85mb-vyfa
12
vulnerability VCID-my7v-whwc-k7cm
13
vulnerability VCID-p4nv-1zw3-gue4
14
vulnerability VCID-tef4-t2kr-r3h9
15
vulnerability VCID-tevq-sfa8-m7dr
16
vulnerability VCID-u1n1-5gwt-17fp
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ghostscript@9.05~dfsg-6.3%252Bdeb7u2
5
url pkg:deb/debian/ghostscript@9.06~dfsg-2
purl pkg:deb/debian/ghostscript@9.06~dfsg-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1tdy-s8pu-b7cb
1
vulnerability VCID-4wbb-yfna-3qgn
2
vulnerability VCID-69wu-x6x3-u3ft
3
vulnerability VCID-6rwb-apc6-jyfp
4
vulnerability VCID-7n7u-mctg-y7ex
5
vulnerability VCID-8zd7-8fgg-5bc2
6
vulnerability VCID-96ma-mp34-sqd5
7
vulnerability VCID-ajxd-rc63-afc2
8
vulnerability VCID-cb7n-yy69-dbek
9
vulnerability VCID-g9ew-u3bv-xyhz
10
vulnerability VCID-gjeh-2dqw-6qcg
11
vulnerability VCID-h17c-85mb-vyfa
12
vulnerability VCID-my7v-whwc-k7cm
13
vulnerability VCID-p4nv-1zw3-gue4
14
vulnerability VCID-tef4-t2kr-r3h9
15
vulnerability VCID-tevq-sfa8-m7dr
16
vulnerability VCID-u1n1-5gwt-17fp
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ghostscript@9.06~dfsg-2
6
url pkg:deb/debian/ghostscript@9.06~dfsg-2%2Bdeb8u7
purl pkg:deb/debian/ghostscript@9.06~dfsg-2%2Bdeb8u7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4wbb-yfna-3qgn
1
vulnerability VCID-69wu-x6x3-u3ft
2
vulnerability VCID-6rwb-apc6-jyfp
3
vulnerability VCID-96ma-mp34-sqd5
4
vulnerability VCID-ajxd-rc63-afc2
5
vulnerability VCID-cb7n-yy69-dbek
6
vulnerability VCID-gjeh-2dqw-6qcg
7
vulnerability VCID-h17c-85mb-vyfa
8
vulnerability VCID-p4nv-1zw3-gue4
9
vulnerability VCID-tef4-t2kr-r3h9
10
vulnerability VCID-tevq-sfa8-m7dr
11
vulnerability VCID-u1n1-5gwt-17fp
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ghostscript@9.06~dfsg-2%252Bdeb8u7
7
url pkg:rpm/redhat/ghostscript@8.70-23.el6_9?arch=2
purl pkg:rpm/redhat/ghostscript@8.70-23.el6_9?arch=2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4wbb-yfna-3qgn
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ghostscript@8.70-23.el6_9%3Farch=2
8
url pkg:rpm/redhat/ghostscript@9.07-20.el7_3?arch=5
purl pkg:rpm/redhat/ghostscript@9.07-20.el7_3?arch=5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4wbb-yfna-3qgn
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ghostscript@9.07-20.el7_3%3Farch=5
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8291.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8291.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-8291
reference_id
reference_type
scores
0
value 0.92931
scoring_system epss
scoring_elements 0.99782
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-8291
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10219
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10219
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10220
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10220
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5951
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5951
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7207
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7207
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8291
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8291
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1446063
reference_id 1446063
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1446063
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861295
reference_id 861295
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861295
9
reference_url https://security.archlinux.org/ASA-201705-3
reference_id ASA-201705-3
reference_type
scores
url https://security.archlinux.org/ASA-201705-3
10
reference_url https://security.archlinux.org/AVG-256
reference_id AVG-256
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-256
11
reference_url https://github.com/rapid7/metasploit-framework/blob/03e4ee91c2473775c2a8f28aa36c2023da2854bf/modules/exploits/unix/fileformat/ghostscript_type_confusion.rb
reference_id CVE-2017-8291
reference_type exploit
scores
url https://github.com/rapid7/metasploit-framework/blob/03e4ee91c2473775c2a8f28aa36c2023da2854bf/modules/exploits/unix/fileformat/ghostscript_type_confusion.rb
12
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/41955.rb
reference_id CVE-2017-8291
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/41955.rb
13
reference_url https://security.gentoo.org/glsa/201708-06
reference_id GLSA-201708-06
reference_type
scores
url https://security.gentoo.org/glsa/201708-06
14
reference_url https://access.redhat.com/errata/RHSA-2017:1230
reference_id RHSA-2017:1230
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:1230
Weaknesses
0
cwe_id 77
name Improper Neutralization of Special Elements used in a Command ('Command Injection')
description The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Exploits
0
date_added null
description 
This module exploits a type confusion vulnerability in Ghostscript that can
          be exploited to obtain arbitrary command execution. This vulnerability affects
          Ghostscript versions 9.21 and earlier and can be exploited through libraries
          such as ImageMagick and Pillow.
required_action null
due_date null
notes 
Stability:
  - crash-safe
SideEffects: []
Reliability: []
AKA:
  - ghostbutt
RelatedModules:
  - exploit/multi/fileformat/ghostscript_failed_restore
  - exploit/unix/fileformat/imagemagick_delegate
known_ransomware_campaign_use false
source_date_published 2017-04-27
exploit_type null
platform Unix
source_date_updated null
data_source Metasploit
source_url https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/unix/fileformat/ghostscript_type_confusion.rb
1
date_added 2017-05-02
description Ghostscript 9.21 - Type Confusion Arbitrary Command Execution (Metasploit)
required_action null
due_date null
notes null
known_ransomware_campaign_use true
source_date_published 2017-05-02
exploit_type local
platform linux
source_date_updated 2017-05-02
data_source Exploit-DB
source_url https://github.com/rapid7/metasploit-framework/blob/03e4ee91c2473775c2a8f28aa36c2023da2854bf/modules/exploits/unix/fileformat/ghostscript_type_confusion.rb
2
date_added 2022-05-24
description Artifex Ghostscript allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile.
required_action Apply updates per vendor instructions.
due_date 2022-06-14
notes https://nvd.nist.gov/vuln/detail/CVE-2017-8291
known_ransomware_campaign_use false
source_date_published null
exploit_type null
platform null
source_date_updated null
data_source KEV
source_url null
Severity_range_score7.0 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-4wbb-yfna-3qgn