Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-n8tm-snsu-53bn
SummaryIstio is an open platform to connect, manage, and secure microservices. In versions 1.25.0 through 1.27.8, 1.28.0 through 1.28.5, 1.29.0, and 1.29.1, the serviceAccounts and notServiceAccounts fields in AuthorizationPolicy incorrectly interpret dots (.) as a regular expression matcher. Because . is a valid character in a service account name, an AuthorizationPolicy ALLOW rule targeting a service account such as cert-manager.io also matches cert-manager-io, cert-managerXio, etc. A DENY rule targeting the same name fails to block those variants. Fixes are available in versions 1.29.2, 1.28.6, and 1.27.9.
Aliases
0
alias CVE-2026-39350
1
alias GHSA-9gcg-w975-3rjh
Fixed_packages
Affected_packages
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39350.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39350.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-39350
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01584
published_at 2026-06-14T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.0157
published_at 2026-06-11T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01576
published_at 2026-06-13T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.01573
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-39350
2
reference_url https://github.com/istio/istio
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/istio/istio
3
reference_url https://github.com/istio/istio/commit/692e460c342d8f308a35b6ecbdace47807da8ade
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/istio/istio/commit/692e460c342d8f308a35b6ecbdace47807da8ade
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-39350
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-39350
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2458851
reference_id 2458851
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2458851
6
reference_url https://github.com/istio/istio/security/advisories/GHSA-9gcg-w975-3rjh
reference_id GHSA-9gcg-w975-3rjh
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T11:13:51Z/
url https://github.com/istio/istio/security/advisories/GHSA-9gcg-w975-3rjh
Weaknesses
0
cwe_id 185
name Incorrect Regular Expression
description The product specifies a regular expression in a way that causes data to be improperly matched or compared.
1
cwe_id 863
name Incorrect Authorization
description The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
2
cwe_id 625
name Permissive Regular Expression
description The product uses a regular expression that does not sufficiently restrict the set of allowed values.
Exploits
Severity_range_score4.0 - 6.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-n8tm-snsu-53bn