Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-8nkf-1k3u-budg
Summaryvalidators.URLValidator in Django 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
Aliases
0
alias CVE-2015-5145
1
alias GHSA-cqf7-ff9h-7967
2
alias PYSEC-2015-21
Fixed_packages
0
url pkg:deb/debian/python-django@0?distro=trixie
purl pkg:deb/debian/python-django@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@0%3Fdistro=trixie
1
url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie
purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-3ccr-92q5-aqfk
2
vulnerability VCID-63c7-mkxw-ufav
3
vulnerability VCID-92z2-3rbz-77h9
4
vulnerability VCID-ape9-66ck-nfez
5
vulnerability VCID-cg44-thdw-cygg
6
vulnerability VCID-dac4-fa2z-bkdq
7
vulnerability VCID-g22z-jue5-8udz
8
vulnerability VCID-heum-8mwz-sbcw
9
vulnerability VCID-j2uz-w2ur-7ud4
10
vulnerability VCID-jt9m-kd3k-uqca
11
vulnerability VCID-q4cv-2m7d-3qd5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2%3Fdistro=trixie
2
url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-3ccr-92q5-aqfk
2
vulnerability VCID-63c7-mkxw-ufav
3
vulnerability VCID-92z2-3rbz-77h9
4
vulnerability VCID-ape9-66ck-nfez
5
vulnerability VCID-cg44-thdw-cygg
6
vulnerability VCID-dac4-fa2z-bkdq
7
vulnerability VCID-g22z-jue5-8udz
8
vulnerability VCID-heum-8mwz-sbcw
9
vulnerability VCID-j2uz-w2ur-7ud4
10
vulnerability VCID-jt9m-kd3k-uqca
11
vulnerability VCID-q4cv-2m7d-3qd5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2%3Fdistro=trixie
3
url pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32d1-b8f2-hud5
1
vulnerability VCID-3ccr-92q5-aqfk
2
vulnerability VCID-63c7-mkxw-ufav
3
vulnerability VCID-92z2-3rbz-77h9
4
vulnerability VCID-cg44-thdw-cygg
5
vulnerability VCID-dac4-fa2z-bkdq
6
vulnerability VCID-g22z-jue5-8udz
7
vulnerability VCID-heum-8mwz-sbcw
8
vulnerability VCID-j2uz-w2ur-7ud4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.28-0%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
purl pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3ccr-92q5-aqfk
1
vulnerability VCID-92z2-3rbz-77h9
2
vulnerability VCID-g22z-jue5-8udz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.30-1%3Fdistro=trixie
5
url pkg:deb/debian/python-django@3:5.2.14-2?distro=trixie
purl pkg:deb/debian/python-django@3:5.2.14-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:5.2.14-2%3Fdistro=trixie
6
url pkg:ebuild/dev-python/django@1.8.3
purl pkg:ebuild/dev-python/django@1.8.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-python/django@1.8.3
7
url pkg:pypi/django@1.8.3
purl pkg:pypi/django@1.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27qc-gba4-aqfd
1
vulnerability VCID-2bh9-k4at-r7hz
2
vulnerability VCID-5sxw-p38k-q7cp
3
vulnerability VCID-697r-xhy8-efa5
4
vulnerability VCID-6fef-e9tf-7kag
5
vulnerability VCID-6p2m-vyft-xfe8
6
vulnerability VCID-arff-yjfe-auhp
7
vulnerability VCID-cbg1-8tp8-7ube
8
vulnerability VCID-fynq-usj6-rfd3
9
vulnerability VCID-hs1y-thzf-qqct
10
vulnerability VCID-hzcv-euwq-eqeg
11
vulnerability VCID-j1jc-m7e2-5yck
12
vulnerability VCID-nh19-fbce-wbfu
13
vulnerability VCID-ptk1-k7b2-gkdm
14
vulnerability VCID-s4vz-wfcp-aygd
15
vulnerability VCID-yb2r-r8gy-3yhe
16
vulnerability VCID-zuca-q98m-w7bk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.3
Affected_packages
0
url pkg:pypi/django@1.8
purl pkg:pypi/django@1.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27qc-gba4-aqfd
1
vulnerability VCID-2bh9-k4at-r7hz
2
vulnerability VCID-5sxw-p38k-q7cp
3
vulnerability VCID-697r-xhy8-efa5
4
vulnerability VCID-6fef-e9tf-7kag
5
vulnerability VCID-6p2m-vyft-xfe8
6
vulnerability VCID-8nkf-1k3u-budg
7
vulnerability VCID-arff-yjfe-auhp
8
vulnerability VCID-azdn-r9pz-pqd4
9
vulnerability VCID-cbg1-8tp8-7ube
10
vulnerability VCID-fkch-835a-4ffd
11
vulnerability VCID-fynq-usj6-rfd3
12
vulnerability VCID-hs1y-thzf-qqct
13
vulnerability VCID-hzcv-euwq-eqeg
14
vulnerability VCID-j1jc-m7e2-5yck
15
vulnerability VCID-nh19-fbce-wbfu
16
vulnerability VCID-ptk1-k7b2-gkdm
17
vulnerability VCID-s4vz-wfcp-aygd
18
vulnerability VCID-x33t-tqwv-vygf
19
vulnerability VCID-yb2r-r8gy-3yhe
20
vulnerability VCID-zuca-q98m-w7bk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8
1
url pkg:pypi/django@1.8.1
purl pkg:pypi/django@1.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27qc-gba4-aqfd
1
vulnerability VCID-2bh9-k4at-r7hz
2
vulnerability VCID-5sxw-p38k-q7cp
3
vulnerability VCID-697r-xhy8-efa5
4
vulnerability VCID-6fef-e9tf-7kag
5
vulnerability VCID-6p2m-vyft-xfe8
6
vulnerability VCID-8nkf-1k3u-budg
7
vulnerability VCID-arff-yjfe-auhp
8
vulnerability VCID-azdn-r9pz-pqd4
9
vulnerability VCID-cbg1-8tp8-7ube
10
vulnerability VCID-fkch-835a-4ffd
11
vulnerability VCID-fynq-usj6-rfd3
12
vulnerability VCID-hs1y-thzf-qqct
13
vulnerability VCID-hzcv-euwq-eqeg
14
vulnerability VCID-j1jc-m7e2-5yck
15
vulnerability VCID-nh19-fbce-wbfu
16
vulnerability VCID-ptk1-k7b2-gkdm
17
vulnerability VCID-s4vz-wfcp-aygd
18
vulnerability VCID-x33t-tqwv-vygf
19
vulnerability VCID-yb2r-r8gy-3yhe
20
vulnerability VCID-zuca-q98m-w7bk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.1
2
url pkg:pypi/django@1.8.2
purl pkg:pypi/django@1.8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27qc-gba4-aqfd
1
vulnerability VCID-2bh9-k4at-r7hz
2
vulnerability VCID-5sxw-p38k-q7cp
3
vulnerability VCID-697r-xhy8-efa5
4
vulnerability VCID-6fef-e9tf-7kag
5
vulnerability VCID-6p2m-vyft-xfe8
6
vulnerability VCID-8nkf-1k3u-budg
7
vulnerability VCID-arff-yjfe-auhp
8
vulnerability VCID-azdn-r9pz-pqd4
9
vulnerability VCID-cbg1-8tp8-7ube
10
vulnerability VCID-fkch-835a-4ffd
11
vulnerability VCID-fynq-usj6-rfd3
12
vulnerability VCID-hs1y-thzf-qqct
13
vulnerability VCID-hzcv-euwq-eqeg
14
vulnerability VCID-j1jc-m7e2-5yck
15
vulnerability VCID-nh19-fbce-wbfu
16
vulnerability VCID-ptk1-k7b2-gkdm
17
vulnerability VCID-s4vz-wfcp-aygd
18
vulnerability VCID-yb2r-r8gy-3yhe
19
vulnerability VCID-zuca-q98m-w7bk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.8.2
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-5145
reference_id
reference_type
scores
0
value 0.00787
scoring_system epss
scoring_elements 0.74139
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-5145
1
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
2
reference_url https://github.com/django/django/blob/4555a823fd57e261e1b19c778429473256c8ea08/docs/releases/1.8.3.txt#L63-L68
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/blob/4555a823fd57e261e1b19c778429473256c8ea08/docs/releases/1.8.3.txt#L63-L68
3
reference_url https://github.com/django/django/commit/8f9a4d3a2bc42f14bb437defd30c7315adbff22c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/8f9a4d3a2bc42f14bb437defd30c7315adbff22c
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-21.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-21.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5145
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-5145
6
reference_url https://security.gentoo.org/glsa/201510-06
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201510-06
7
reference_url https://web.archive.org/web/20150924150801/http://www.securitytracker.com/id/1032820
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20150924150801/http://www.securitytracker.com/id/1032820
8
reference_url https://web.archive.org/web/20170526042302/http://www.securityfocus.com/bid/75691
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20170526042302/http://www.securityfocus.com/bid/75691
9
reference_url https://www.djangoproject.com/weblog/2015/jul/08/security-releases
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2015/jul/08/security-releases
10
reference_url https://www.djangoproject.com/weblog/2015/jul/08/security-releases/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/jul/08/security-releases/
11
reference_url http://www.securityfocus.com/bid/75691
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/75691
12
reference_url http://www.securitytracker.com/id/1032820
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1032820
Weaknesses
0
cwe_id 1333
name Inefficient Regular Expression Complexity
description The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.
1
cwe_id 400
name Uncontrolled Resource Consumption
description The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
Exploits
Severity_range_score7.0 - 8.9
Exploitability0.5
Weighted_severity0.0
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-8nkf-1k3u-budg