Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-sz6v-udpx-wbav

Summary In Apache Airflow 1.8.2 and earlier, an authenticated user can execute code remotely on the Airflow webserver by creating a special object.

Aliases

alias	CVE-2017-15720

alias	GHSA-8fg4-j562-mjrc

alias	PYSEC-2019-147

Fixed_packages

url pkg:pypi/apache-airflow@1.9.0

purl pkg:pypi/apache-airflow@1.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1963-1kyn-2ban

vulnerability	VCID-1azm-hsvr-f3e8

vulnerability	VCID-1ptn-xvsy-d3hu

vulnerability	VCID-2q7x-bua5-37h7

vulnerability	VCID-2xpf-ut63-tbcx

vulnerability	VCID-37nw-x186-puds

vulnerability	VCID-4693-xwwu-7uem

vulnerability	VCID-4btd-59ga-1yd4

vulnerability	VCID-4u8d-ezsr-sqcz

vulnerability	VCID-5j9w-1tng-k3ac

vulnerability	VCID-5ph5-s3qc-guf4

vulnerability	VCID-5qe8-jdbh-x7b4

vulnerability	VCID-5ufe-1rrj-rkgp

vulnerability	VCID-6hxm-nnhg-buex

vulnerability	VCID-7z8j-8f4d-53dm

vulnerability	VCID-82p8-yujf-hkdd

vulnerability	VCID-8m3p-yzr8-yyhj

vulnerability	VCID-8npr-rvfd-jkfj

vulnerability	VCID-8ykk-1kak-6bfd

vulnerability	VCID-91ta-vnkv-5ydh

vulnerability	VCID-9f34-2r5y-sydz

vulnerability	VCID-arbk-dryb-qkda

vulnerability	VCID-bgp2-bzbr-1uh5

vulnerability	VCID-bn9u-brjp-yudy

vulnerability	VCID-bxw8-918z-1be5

vulnerability	VCID-c1bw-f7ck-2ybw

vulnerability	VCID-ctd9-hxfn-8fcs

vulnerability	VCID-d3kc-fn21-xqar

vulnerability	VCID-dk1y-938p-k3bv

vulnerability	VCID-dp6s-jdma-a7cc

vulnerability	VCID-e19b-adrm-x7fu

vulnerability	VCID-fctg-457f-4uae

vulnerability	VCID-fnsx-gtgn-27dr

vulnerability	VCID-gbgf-jfzt-tqg1

vulnerability	VCID-gg94-fdbv-y7g1

vulnerability	VCID-gt7b-5554-y7dq

vulnerability	VCID-hgq2-kuex-y3a3

vulnerability	VCID-hpf3-3z3m-6ydt

vulnerability	VCID-j6uh-kx6m-sydp

vulnerability	VCID-kb4a-mm13-63bj

vulnerability	VCID-kgfb-yphg-n3ec

vulnerability	VCID-krjr-ctw4-r3d3

vulnerability	VCID-ms13-tzaa-hkej

vulnerability	VCID-nfbc-tutd-37bw

vulnerability	VCID-p42d-ta7v-7yhn

vulnerability	VCID-pb3b-22wk-pbh5

vulnerability	VCID-pmtw-nwnc-nyfw

vulnerability	VCID-pqgj-ry81-6ua3

vulnerability	VCID-qxnw-7urw-fud2

vulnerability	VCID-r6fk-1tfv-wkgq

vulnerability	VCID-rysu-xhvt-yqda

vulnerability	VCID-s49h-br5r-5yh8

vulnerability	VCID-ssbp-gvfd-2kef

vulnerability	VCID-syqv-6kj7-j3e5

vulnerability	VCID-tcjg-f9cn-mubj

vulnerability	VCID-tpjn-4kru-vucv

vulnerability	VCID-vj7z-pmk3-cydg

vulnerability	VCID-vras-f42j-xqfg

vulnerability	VCID-vy44-rbar-w3fn

vulnerability	VCID-w8ff-8479-rbfq

vulnerability	VCID-x8g4-88t4-cqdz

vulnerability	VCID-xwza-guvs-83a9

vulnerability	VCID-ygjc-77t9-yfge

vulnerability	VCID-ykge-bnhg-g7c4

vulnerability	VCID-yrx8-dtav-83av

vulnerability	VCID-yz8w-uv1z-5ybw

vulnerability	VCID-zqdb-94dc-vqfh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.9.0

Affected_packages

url pkg:pypi/apache-airflow@1.8.1

purl pkg:pypi/apache-airflow@1.8.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1963-1kyn-2ban

vulnerability	VCID-1azm-hsvr-f3e8

vulnerability	VCID-1ptn-xvsy-d3hu

vulnerability	VCID-2q7x-bua5-37h7

vulnerability	VCID-2xpf-ut63-tbcx

vulnerability	VCID-37nw-x186-puds

vulnerability	VCID-4693-xwwu-7uem

vulnerability	VCID-4btd-59ga-1yd4

vulnerability	VCID-4u8d-ezsr-sqcz

vulnerability	VCID-5j9w-1tng-k3ac

vulnerability	VCID-5ph5-s3qc-guf4

vulnerability	VCID-5qe8-jdbh-x7b4

vulnerability	VCID-5ufe-1rrj-rkgp

vulnerability	VCID-6hxm-nnhg-buex

vulnerability	VCID-7z8j-8f4d-53dm

vulnerability	VCID-82p8-yujf-hkdd

vulnerability	VCID-8m3p-yzr8-yyhj

vulnerability	VCID-8npr-rvfd-jkfj

vulnerability	VCID-8ykk-1kak-6bfd

vulnerability	VCID-91ta-vnkv-5ydh

vulnerability	VCID-9f34-2r5y-sydz

vulnerability	VCID-arbk-dryb-qkda

vulnerability	VCID-bgp2-bzbr-1uh5

vulnerability	VCID-bn9u-brjp-yudy

vulnerability	VCID-bxw8-918z-1be5

vulnerability	VCID-c1bw-f7ck-2ybw

vulnerability	VCID-ctd9-hxfn-8fcs

vulnerability	VCID-d3kc-fn21-xqar

vulnerability	VCID-dk1y-938p-k3bv

vulnerability	VCID-dp6s-jdma-a7cc

vulnerability	VCID-e19b-adrm-x7fu

vulnerability	VCID-fctg-457f-4uae

vulnerability	VCID-fnsx-gtgn-27dr

vulnerability	VCID-gbgf-jfzt-tqg1

vulnerability	VCID-gg94-fdbv-y7g1

vulnerability	VCID-gt7b-5554-y7dq

vulnerability	VCID-hgq2-kuex-y3a3

vulnerability	VCID-hpf3-3z3m-6ydt

vulnerability	VCID-j6uh-kx6m-sydp

vulnerability	VCID-kb4a-mm13-63bj

vulnerability	VCID-kgfb-yphg-n3ec

vulnerability	VCID-krjr-ctw4-r3d3

vulnerability	VCID-ms13-tzaa-hkej

vulnerability	VCID-nfbc-tutd-37bw

vulnerability	VCID-p42d-ta7v-7yhn

vulnerability	VCID-p9rb-ehta-2bhc

vulnerability	VCID-pb3b-22wk-pbh5

vulnerability	VCID-pmtw-nwnc-nyfw

vulnerability	VCID-pqgj-ry81-6ua3

vulnerability	VCID-qxnw-7urw-fud2

vulnerability	VCID-r6fk-1tfv-wkgq

vulnerability	VCID-rysu-xhvt-yqda

vulnerability	VCID-s49h-br5r-5yh8

vulnerability	VCID-ssbp-gvfd-2kef

vulnerability	VCID-syqv-6kj7-j3e5

vulnerability	VCID-sz6v-udpx-wbav

vulnerability	VCID-tcjg-f9cn-mubj

vulnerability	VCID-tpjn-4kru-vucv

vulnerability	VCID-vj7z-pmk3-cydg

vulnerability	VCID-vras-f42j-xqfg

vulnerability	VCID-vy44-rbar-w3fn

vulnerability	VCID-w8ff-8479-rbfq

vulnerability	VCID-wm1m-yj2y-yfa3

vulnerability	VCID-x8g4-88t4-cqdz

vulnerability	VCID-xbt7-ks9g-c7gd

vulnerability	VCID-xwza-guvs-83a9

vulnerability	VCID-ygjc-77t9-yfge

vulnerability	VCID-ykge-bnhg-g7c4

vulnerability	VCID-yrx8-dtav-83av

vulnerability	VCID-yz8w-uv1z-5ybw

vulnerability	VCID-zqdb-94dc-vqfh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.8.1

url pkg:pypi/apache-airflow@1.8.2rc1

purl pkg:pypi/apache-airflow@1.8.2rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1963-1kyn-2ban

vulnerability	VCID-1azm-hsvr-f3e8

vulnerability	VCID-1ptn-xvsy-d3hu

vulnerability	VCID-2q7x-bua5-37h7

vulnerability	VCID-2xpf-ut63-tbcx

vulnerability	VCID-37nw-x186-puds

vulnerability	VCID-4693-xwwu-7uem

vulnerability	VCID-4btd-59ga-1yd4

vulnerability	VCID-4u8d-ezsr-sqcz

vulnerability	VCID-5j9w-1tng-k3ac

vulnerability	VCID-5ph5-s3qc-guf4

vulnerability	VCID-5qe8-jdbh-x7b4

vulnerability	VCID-5ufe-1rrj-rkgp

vulnerability	VCID-6hxm-nnhg-buex

vulnerability	VCID-7z8j-8f4d-53dm

vulnerability	VCID-82p8-yujf-hkdd

vulnerability	VCID-8m3p-yzr8-yyhj

vulnerability	VCID-8npr-rvfd-jkfj

vulnerability	VCID-8ykk-1kak-6bfd

vulnerability	VCID-91ta-vnkv-5ydh

vulnerability	VCID-9f34-2r5y-sydz

vulnerability	VCID-arbk-dryb-qkda

vulnerability	VCID-bgp2-bzbr-1uh5

vulnerability	VCID-bn9u-brjp-yudy

vulnerability	VCID-bxw8-918z-1be5

vulnerability	VCID-c1bw-f7ck-2ybw

vulnerability	VCID-ctd9-hxfn-8fcs

vulnerability	VCID-d3kc-fn21-xqar

vulnerability	VCID-dk1y-938p-k3bv

vulnerability	VCID-dp6s-jdma-a7cc

vulnerability	VCID-e19b-adrm-x7fu

vulnerability	VCID-fctg-457f-4uae

vulnerability	VCID-fnsx-gtgn-27dr

vulnerability	VCID-gbgf-jfzt-tqg1

vulnerability	VCID-gg94-fdbv-y7g1

vulnerability	VCID-gt7b-5554-y7dq

vulnerability	VCID-hgq2-kuex-y3a3

vulnerability	VCID-hpf3-3z3m-6ydt

vulnerability	VCID-j6uh-kx6m-sydp

vulnerability	VCID-kb4a-mm13-63bj

vulnerability	VCID-kgfb-yphg-n3ec

vulnerability	VCID-krjr-ctw4-r3d3

vulnerability	VCID-ms13-tzaa-hkej

vulnerability	VCID-nfbc-tutd-37bw

vulnerability	VCID-p42d-ta7v-7yhn

vulnerability	VCID-p9rb-ehta-2bhc

vulnerability	VCID-pb3b-22wk-pbh5

vulnerability	VCID-pmtw-nwnc-nyfw

vulnerability	VCID-pqgj-ry81-6ua3

vulnerability	VCID-qxnw-7urw-fud2

vulnerability	VCID-r6fk-1tfv-wkgq

vulnerability	VCID-rysu-xhvt-yqda

vulnerability	VCID-s49h-br5r-5yh8

vulnerability	VCID-ssbp-gvfd-2kef

vulnerability	VCID-syqv-6kj7-j3e5

vulnerability	VCID-sz6v-udpx-wbav

vulnerability	VCID-tcjg-f9cn-mubj

vulnerability	VCID-tpjn-4kru-vucv

vulnerability	VCID-vj7z-pmk3-cydg

vulnerability	VCID-vras-f42j-xqfg

vulnerability	VCID-vy44-rbar-w3fn

vulnerability	VCID-w8ff-8479-rbfq

vulnerability	VCID-wm1m-yj2y-yfa3

vulnerability	VCID-x8g4-88t4-cqdz

vulnerability	VCID-xbt7-ks9g-c7gd

vulnerability	VCID-xwza-guvs-83a9

vulnerability	VCID-ygjc-77t9-yfge

vulnerability	VCID-ykge-bnhg-g7c4

vulnerability	VCID-yrx8-dtav-83av

vulnerability	VCID-yz8w-uv1z-5ybw

vulnerability	VCID-zqdb-94dc-vqfh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.8.2rc1

url pkg:pypi/apache-airflow@1.8.2

purl pkg:pypi/apache-airflow@1.8.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1963-1kyn-2ban

vulnerability	VCID-1azm-hsvr-f3e8

vulnerability	VCID-1ptn-xvsy-d3hu

vulnerability	VCID-2q7x-bua5-37h7

vulnerability	VCID-2xpf-ut63-tbcx

vulnerability	VCID-37nw-x186-puds

vulnerability	VCID-4693-xwwu-7uem

vulnerability	VCID-4btd-59ga-1yd4

vulnerability	VCID-4u8d-ezsr-sqcz

vulnerability	VCID-5j9w-1tng-k3ac

vulnerability	VCID-5ph5-s3qc-guf4

vulnerability	VCID-5qe8-jdbh-x7b4

vulnerability	VCID-5ufe-1rrj-rkgp

vulnerability	VCID-6hxm-nnhg-buex

vulnerability	VCID-7z8j-8f4d-53dm

vulnerability	VCID-82p8-yujf-hkdd

vulnerability	VCID-8m3p-yzr8-yyhj

vulnerability	VCID-8npr-rvfd-jkfj

vulnerability	VCID-8ykk-1kak-6bfd

vulnerability	VCID-91ta-vnkv-5ydh

vulnerability	VCID-9f34-2r5y-sydz

vulnerability	VCID-arbk-dryb-qkda

vulnerability	VCID-bgp2-bzbr-1uh5

vulnerability	VCID-bn9u-brjp-yudy

vulnerability	VCID-bxw8-918z-1be5

vulnerability	VCID-c1bw-f7ck-2ybw

vulnerability	VCID-ctd9-hxfn-8fcs

vulnerability	VCID-d3kc-fn21-xqar

vulnerability	VCID-dk1y-938p-k3bv

vulnerability	VCID-dp6s-jdma-a7cc

vulnerability	VCID-e19b-adrm-x7fu

vulnerability	VCID-fctg-457f-4uae

vulnerability	VCID-fnsx-gtgn-27dr

vulnerability	VCID-gbgf-jfzt-tqg1

vulnerability	VCID-gg94-fdbv-y7g1

vulnerability	VCID-gt7b-5554-y7dq

vulnerability	VCID-hgq2-kuex-y3a3

vulnerability	VCID-hpf3-3z3m-6ydt

vulnerability	VCID-j6uh-kx6m-sydp

vulnerability	VCID-kb4a-mm13-63bj

vulnerability	VCID-kgfb-yphg-n3ec

vulnerability	VCID-krjr-ctw4-r3d3

vulnerability	VCID-ms13-tzaa-hkej

vulnerability	VCID-nfbc-tutd-37bw

vulnerability	VCID-p42d-ta7v-7yhn

vulnerability	VCID-p9rb-ehta-2bhc

vulnerability	VCID-pb3b-22wk-pbh5

vulnerability	VCID-pmtw-nwnc-nyfw

vulnerability	VCID-pqgj-ry81-6ua3

vulnerability	VCID-qxnw-7urw-fud2

vulnerability	VCID-r6fk-1tfv-wkgq

vulnerability	VCID-rysu-xhvt-yqda

vulnerability	VCID-s49h-br5r-5yh8

vulnerability	VCID-ssbp-gvfd-2kef

vulnerability	VCID-syqv-6kj7-j3e5

vulnerability	VCID-sz6v-udpx-wbav

vulnerability	VCID-tcjg-f9cn-mubj

vulnerability	VCID-tpjn-4kru-vucv

vulnerability	VCID-vj7z-pmk3-cydg

vulnerability	VCID-vras-f42j-xqfg

vulnerability	VCID-vy44-rbar-w3fn

vulnerability	VCID-w8ff-8479-rbfq

vulnerability	VCID-wm1m-yj2y-yfa3

vulnerability	VCID-x8g4-88t4-cqdz

vulnerability	VCID-xbt7-ks9g-c7gd

vulnerability	VCID-xwza-guvs-83a9

vulnerability	VCID-ygjc-77t9-yfge

vulnerability	VCID-ykge-bnhg-g7c4

vulnerability	VCID-yrx8-dtav-83av

vulnerability	VCID-yz8w-uv1z-5ybw

vulnerability	VCID-zqdb-94dc-vqfh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.8.2

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-15720

reference_id

reference_type

scores

value	0.00277
scoring_system	epss
scoring_elements	0.51373
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15720

reference_url

https://github.com/advisories/GHSA-8fg4-j562-mjrc

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-8fg4-j562-mjrc

reference_url

https://github.com/apache/airflow

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/airflow

reference_url

https://github.com/apache/airflow/commit/04cacdd0a7526927137b452f38c3e894a5d2ce4a

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/airflow/commit/04cacdd0a7526927137b452f38c3e894a5d2ce4a

reference_url

https://github.com/apache/airflow/commit/daa281c0364609d6812921123cf47e4118b40484

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/airflow/commit/daa281c0364609d6812921123cf47e4118b40484

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2019-147.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2019-147.yaml

reference_url

https://lists.apache.org/thread.html/ade4d54ebf614f68dc81a08891755e60ea58ba88e0209233eeea5f57@%3Cdev.airflow.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ade4d54ebf614f68dc81a08891755e60ea58ba88e0209233eeea5f57@%3Cdev.airflow.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-15720

reference_id

CVE-2017-15720

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-15720

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	20
name	Improper Input Validation
description	The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sz6v-udpx-wbav

Vulnerability Instance