Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-ybmv-s2pm-ybe5
SummaryPeople is an application to handle users and teams, and distribute permissions across La Suite. Prior to version 1.25.0, a user holding the Administrator role on a mail domain could send a crafted invitation request to promote any existing user (including users with no current domain access) to the Owner role. The exploit requires a single authenticated HTTP request and grants full domain ownership immediately, without any acceptance step from the target. This issue has been patched in version 1.25.0.
Aliases
0
alias CVE-2026-42185
Fixed_packages
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42185
reference_id
reference_type
scores
0
value 0.00036
scoring_system epss
scoring_elements 0.11202
published_at 2026-06-11T12:55:00Z
1
value 0.00036
scoring_system epss
scoring_elements 0.1126
published_at 2026-06-13T12:55:00Z
2
value 0.00036
scoring_system epss
scoring_elements 0.11269
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42185
1
reference_url https://github.com/suitenumerique/people/commit/6a51b96d8e907483fa8fc489d8714cc35fb4099b
reference_id 6a51b96d8e907483fa8fc489d8714cc35fb4099b
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-08T19:52:50Z/
url https://github.com/suitenumerique/people/commit/6a51b96d8e907483fa8fc489d8714cc35fb4099b
2
reference_url https://github.com/suitenumerique/people/security/advisories/GHSA-42cf-rv2h-v8rf
reference_id GHSA-42cf-rv2h-v8rf
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-08T19:52:50Z/
url https://github.com/suitenumerique/people/security/advisories/GHSA-42cf-rv2h-v8rf
3
reference_url https://github.com/suitenumerique/people/releases/tag/v1.25.0
reference_id v1.25.0
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-08T19:52:50Z/
url https://github.com/suitenumerique/people/releases/tag/v1.25.0
Weaknesses
0
cwe_id 269
name Improper Privilege Management
description The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Exploits
Severity_range_score5.5 - 5.5
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-ybmv-s2pm-ybe5