Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-5n8q-zcds-gyen

Summary cmd/go: Go VCS Command Execution Vulnerability

Aliases

alias	CVE-2025-4674

Fixed_packages

url	pkg:apk/alpine/go@1.24.5-r0?arch=loongarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/go@1.24.5-r0?arch=loongarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.24.5-r0%3Farch=loongarch64&distroversion=edge&reponame=community

url	pkg:apk/alpine/go@1.24.5-r0?arch=riscv64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/go@1.24.5-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.24.5-r0%3Farch=riscv64&distroversion=edge&reponame=community

url	pkg:apk/alpine/go@1.24.5-r0?arch=s390x&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/go@1.24.5-r0?arch=s390x&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.24.5-r0%3Farch=s390x&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/go@1.24.5-r0?arch=armhf&distroversion=edge&reponame=community
purl	pkg:apk/alpine/go@1.24.5-r0?arch=armhf&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.24.5-r0%3Farch=armhf&distroversion=edge&reponame=community

url	pkg:apk/alpine/go@1.24.5-r0?arch=loongarch64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/go@1.24.5-r0?arch=loongarch64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.24.5-r0%3Farch=loongarch64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/go@1.24.5-r0?arch=x86&distroversion=edge&reponame=community
purl	pkg:apk/alpine/go@1.24.5-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.24.5-r0%3Farch=x86&distroversion=edge&reponame=community

url	pkg:apk/alpine/go@1.24.5-r0?arch=aarch64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/go@1.24.5-r0?arch=aarch64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.24.5-r0%3Farch=aarch64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/go@1.24.5-r0?arch=armhf&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/go@1.24.5-r0?arch=armhf&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.24.5-r0%3Farch=armhf&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/go@1.24.5-r0?arch=armv7&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/go@1.24.5-r0?arch=armv7&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.24.5-r0%3Farch=armv7&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/go@1.24.5-r0?arch=ppc64le&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/go@1.24.5-r0?arch=ppc64le&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.24.5-r0%3Farch=ppc64le&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/go@1.24.5-r0?arch=riscv64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/go@1.24.5-r0?arch=riscv64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.24.5-r0%3Farch=riscv64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/go@1.24.5-r0?arch=x86&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/go@1.24.5-r0?arch=x86&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.24.5-r0%3Farch=x86&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/go@1.24.5-r0?arch=x86_64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/go@1.24.5-r0?arch=x86_64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.24.5-r0%3Farch=x86_64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/go@1.24.5-r0?arch=x86_64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/go@1.24.5-r0?arch=x86_64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.24.5-r0%3Farch=x86_64&distroversion=edge&reponame=community

url	pkg:apk/alpine/go@1.24.5-r0?arch=armv7&distroversion=edge&reponame=community
purl	pkg:apk/alpine/go@1.24.5-r0?arch=armv7&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.24.5-r0%3Farch=armv7&distroversion=edge&reponame=community

url	pkg:apk/alpine/go@1.24.5-r0?arch=ppc64le&distroversion=edge&reponame=community
purl	pkg:apk/alpine/go@1.24.5-r0?arch=ppc64le&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.24.5-r0%3Farch=ppc64le&distroversion=edge&reponame=community

url	pkg:apk/alpine/go@1.24.5-r0?arch=s390x&distroversion=edge&reponame=community
purl	pkg:apk/alpine/go@1.24.5-r0?arch=s390x&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.24.5-r0%3Farch=s390x&distroversion=edge&reponame=community

url	pkg:apk/alpine/go@1.24.5-r0?arch=aarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/go@1.24.5-r0?arch=aarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.24.5-r0%3Farch=aarch64&distroversion=edge&reponame=community

url	pkg:apk/alpine/go@1.24.6-r0?arch=aarch64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/go@1.24.6-r0?arch=aarch64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.24.6-r0%3Farch=aarch64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/go@1.24.6-r0?arch=loongarch64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/go@1.24.6-r0?arch=loongarch64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.24.6-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/go@1.24.6-r0?arch=x86&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/go@1.24.6-r0?arch=x86&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.24.6-r0%3Farch=x86&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/go@1.24.6-r0?arch=armv7&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/go@1.24.6-r0?arch=armv7&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.24.6-r0%3Farch=armv7&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/go@1.24.6-r0?arch=s390x&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/go@1.24.6-r0?arch=s390x&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.24.6-r0%3Farch=s390x&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/go@1.24.6-r0?arch=x86_64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/go@1.24.6-r0?arch=x86_64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.24.6-r0%3Farch=x86_64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/go@1.24.6-r0?arch=armhf&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/go@1.24.6-r0?arch=armhf&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.24.6-r0%3Farch=armhf&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/go@1.24.6-r0?arch=ppc64le&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/go@1.24.6-r0?arch=ppc64le&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.24.6-r0%3Farch=ppc64le&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/go@1.24.6-r0?arch=riscv64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/go@1.24.6-r0?arch=riscv64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go@1.24.6-r0%3Farch=riscv64&distroversion=v3.22&reponame=community

url	pkg:deb/debian/golang-1.24@1.24.7-1?distro=trixie
purl	pkg:deb/debian/golang-1.24@1.24.7-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.24@1.24.7-1%3Fdistro=trixie

url	pkg:deb/debian/golang-1.24@1.24.9-1
purl	pkg:deb/debian/golang-1.24@1.24.9-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.24@1.24.9-1

url	pkg:deb/debian/golang-1.24@1.24.13-2?distro=trixie
purl	pkg:deb/debian/golang-1.24@1.24.13-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.24@1.24.13-2%3Fdistro=trixie

Affected_packages

url pkg:deb/debian/golang-1.24@1.24.4-1?distro=trixie

purl pkg:deb/debian/golang-1.24@1.24.4-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1aty-87pz-5yb8

vulnerability	VCID-254d-pjst-c7hx

vulnerability	VCID-3nqb-6mna-jyb4

vulnerability	VCID-5n8q-zcds-gyen

vulnerability	VCID-5q9b-a7c4-1yht

vulnerability	VCID-7n3z-vwk2-3ydr

vulnerability	VCID-9ky3-s2vk-cuge

vulnerability	VCID-br2f-7ux9-hkhg

vulnerability	VCID-bv1f-bee8-cbek

vulnerability	VCID-csmt-e61b-tued

vulnerability	VCID-dp1t-v58b-43du

vulnerability	VCID-dtt9-gmqf-nbaf

vulnerability	VCID-eyev-qpgs-hfbx

vulnerability	VCID-hay4-q9m3-ekdj

vulnerability	VCID-je6z-v5qw-ufew

vulnerability	VCID-mvsr-c2yh-mbdq

vulnerability	VCID-q9yj-ze4x-qyfr

vulnerability	VCID-rvbr-nser-sfe7

vulnerability	VCID-sb3w-x3yv-ffft

vulnerability	VCID-t2dr-6dz3-7qgt

vulnerability	VCID-usyf-s559-pkgx

vulnerability	VCID-wchc-as62-1fae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.24@1.24.4-1%3Fdistro=trixie

url pkg:deb/debian/golang-1.24@1.24.4-1

purl pkg:deb/debian/golang-1.24@1.24.4-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1aty-87pz-5yb8

vulnerability	VCID-254d-pjst-c7hx

vulnerability	VCID-3nqb-6mna-jyb4

vulnerability	VCID-5n8q-zcds-gyen

vulnerability	VCID-5q9b-a7c4-1yht

vulnerability	VCID-7n3z-vwk2-3ydr

vulnerability	VCID-9ky3-s2vk-cuge

vulnerability	VCID-br2f-7ux9-hkhg

vulnerability	VCID-bv1f-bee8-cbek

vulnerability	VCID-csmt-e61b-tued

vulnerability	VCID-dp1t-v58b-43du

vulnerability	VCID-dtt9-gmqf-nbaf

vulnerability	VCID-eyev-qpgs-hfbx

vulnerability	VCID-hay4-q9m3-ekdj

vulnerability	VCID-je6z-v5qw-ufew

vulnerability	VCID-mvsr-c2yh-mbdq

vulnerability	VCID-q9yj-ze4x-qyfr

vulnerability	VCID-rvbr-nser-sfe7

vulnerability	VCID-sb3w-x3yv-ffft

vulnerability	VCID-t2dr-6dz3-7qgt

vulnerability	VCID-usyf-s559-pkgx

vulnerability	VCID-wchc-as62-1fae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-1.24@1.24.4-1

url pkg:rpm/redhat/golang@1.19.13-18?arch=el9_2

purl pkg:rpm/redhat/golang@1.19.13-18?arch=el9_2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5n8q-zcds-gyen

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang@1.19.13-18%3Farch=el9_2

url pkg:rpm/redhat/golang@1.21.13-10?arch=el9_4

purl pkg:rpm/redhat/golang@1.21.13-10?arch=el9_4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5n8q-zcds-gyen

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang@1.21.13-10%3Farch=el9_4

url pkg:rpm/redhat/golang@1.24.6-1?arch=el10_0

purl pkg:rpm/redhat/golang@1.24.6-1?arch=el10_0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1aty-87pz-5yb8

vulnerability	VCID-5n8q-zcds-gyen

vulnerability	VCID-rvbr-nser-sfe7

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang@1.24.6-1%3Farch=el10_0

url pkg:rpm/redhat/golang@1.24.6-1?arch=el9_6

purl pkg:rpm/redhat/golang@1.24.6-1?arch=el9_6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1aty-87pz-5yb8

vulnerability	VCID-5n8q-zcds-gyen

vulnerability	VCID-rvbr-nser-sfe7

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang@1.24.6-1%3Farch=el9_6

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4674.json

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4674.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-4674

reference_id

reference_type

scores

value	5e-05
scoring_system	epss
scoring_elements	0.00256
published_at	2026-04-02T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00236
published_at	2026-04-13T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00237
published_at	2026-04-12T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00238
published_at	2026-04-11T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00239
published_at	2026-04-08T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00244
published_at	2026-04-04T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00242
published_at	2026-04-07T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00383
published_at	2026-04-21T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00356
published_at	2026-04-16T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.0036
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-4674

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4674
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4674

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109109
reference_id	1109109
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109109

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2384329
reference_id	2384329
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2384329

reference_url

https://go.dev/cl/686515

reference_id

686515

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-06T16:03:21Z/

url

https://go.dev/cl/686515

reference_url

https://go.dev/issue/74380

reference_id

74380

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-06T16:03:21Z/

url

https://go.dev/issue/74380

reference_url

https://pkg.go.dev/vuln/GO-2025-3828

reference_id

GO-2025-3828

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-06T16:03:21Z/

url

https://pkg.go.dev/vuln/GO-2025-3828

reference_url

https://groups.google.com/g/golang-announce/c/gTNJnDXmn34

reference_id

gTNJnDXmn34

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-06T16:03:21Z/

url

https://groups.google.com/g/golang-announce/c/gTNJnDXmn34

reference_url	https://access.redhat.com/errata/RHSA-2025:13935
reference_id	RHSA-2025:13935
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13935

reference_url	https://access.redhat.com/errata/RHSA-2025:13936
reference_id	RHSA-2025:13936
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13936

reference_url	https://access.redhat.com/errata/RHSA-2025:13939
reference_id	RHSA-2025:13939
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13939

reference_url	https://access.redhat.com/errata/RHSA-2025:13940
reference_id	RHSA-2025:13940
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13940

reference_url	https://access.redhat.com/errata/RHSA-2025:13941
reference_id	RHSA-2025:13941
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13941

reference_url	https://access.redhat.com/errata/RHSA-2025:14093
reference_id	RHSA-2025:14093
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14093

Weaknesses

cwe_id	74
name	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
description	The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

cwe_id	73
name	External Control of File Name or Path
description	The product allows user input to control or influence paths or file names that are used in filesystem operations.

Exploits

Severity_range_score 8.6 - 8.6

Exploitability 0.5

Weighted_severity 7.7

Risk_score 3.9

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5n8q-zcds-gyen

Vulnerability Instance