Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-gc1t-v1q2-kkez

Summary

When an email contains multiple attachments with external links
via the X-Mozilla-External-Attachment-URL header, only the last
link is shown when hovering over any attachment. Although the
correct link is used on click, the misleading hover text could
trick users into downloading content from untrusted sources.

Aliases

alias	CVE-2025-3523

Fixed_packages

Affected_packages

References

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-26

reference_id

mfsa2025-26

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-26

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-27

reference_id

mfsa2025-27

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-27

Weaknesses

Exploits

Severity_range_score 7.0 - 8.9

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gc1t-v1q2-kkez

Vulnerability Instance