Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-z4vf-knv2-7qeb
Summary
ReDoS via long string of semicolons
Tough-cookie contain a vulnerable regular expression that, under certain conditions involving long strings of semicolons in the "Set-Cookie" header, causes the event loop to block for excessive amounts of time.
Aliases
0
alias GMS-2016-49
Fixed_packages
0
url pkg:npm/tough-cookie@2.3.0
purl pkg:npm/tough-cookie@2.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-wjaq-7np6-z3bk
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@2.3.0
Affected_packages
0
url pkg:npm/tough-cookie@0.9.7
purl pkg:npm/tough-cookie@0.9.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.9.7
1
url pkg:npm/tough-cookie@0.9.8
purl pkg:npm/tough-cookie@0.9.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.9.8
2
url pkg:npm/tough-cookie@0.9.9
purl pkg:npm/tough-cookie@0.9.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.9.9
3
url pkg:npm/tough-cookie@0.9.11
purl pkg:npm/tough-cookie@0.9.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.9.11
4
url pkg:npm/tough-cookie@0.9.12
purl pkg:npm/tough-cookie@0.9.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.9.12
5
url pkg:npm/tough-cookie@0.9.13
purl pkg:npm/tough-cookie@0.9.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.9.13
6
url pkg:npm/tough-cookie@0.9.14
purl pkg:npm/tough-cookie@0.9.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.9.14
7
url pkg:npm/tough-cookie@0.9.15
purl pkg:npm/tough-cookie@0.9.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.9.15
8
url pkg:npm/tough-cookie@0.10.0
purl pkg:npm/tough-cookie@0.10.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.10.0
9
url pkg:npm/tough-cookie@0.11.0
purl pkg:npm/tough-cookie@0.11.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.11.0
10
url pkg:npm/tough-cookie@0.12.0
purl pkg:npm/tough-cookie@0.12.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.12.0
11
url pkg:npm/tough-cookie@0.12.1
purl pkg:npm/tough-cookie@0.12.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.12.1
12
url pkg:npm/tough-cookie@0.13.0
purl pkg:npm/tough-cookie@0.13.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.13.0
13
url pkg:npm/tough-cookie@1.0.0
purl pkg:npm/tough-cookie@1.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@1.0.0
14
url pkg:npm/tough-cookie@1.1.0
purl pkg:npm/tough-cookie@1.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@1.1.0
15
url pkg:npm/tough-cookie@1.2.0
purl pkg:npm/tough-cookie@1.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@1.2.0
16
url pkg:npm/tough-cookie@2.0.0
purl pkg:npm/tough-cookie@2.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@2.0.0
17
url pkg:npm/tough-cookie@2.1.0
purl pkg:npm/tough-cookie@2.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@2.1.0
18
url pkg:npm/tough-cookie@2.2.0
purl pkg:npm/tough-cookie@2.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@2.2.0
19
url pkg:npm/tough-cookie@2.2.1
purl pkg:npm/tough-cookie@2.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@2.2.1
20
url pkg:npm/tough-cookie@2.2.2
purl pkg:npm/tough-cookie@2.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3buh-pfq7-9kf2
1
vulnerability VCID-am2z-v7gj-nqch
2
vulnerability VCID-gcrq-1at1-bygq
3
vulnerability VCID-wjaq-7np6-z3bk
4
vulnerability VCID-z4vf-knv2-7qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@2.2.2
References
0
reference_url https://github.com/SalesforceEng/tough-cookie/pull/68
reference_id
reference_type
scores
url https://github.com/SalesforceEng/tough-cookie/pull/68
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitability0.5
Weighted_severity0.0
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-z4vf-knv2-7qeb