Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-xbt7-ks9g-c7gd

Summary In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow.

Aliases

alias	CVE-2017-17835

alias	GHSA-68wv-rjrm-576p

alias	PYSEC-2019-148

Fixed_packages

url pkg:pypi/apache-airflow@1.9.0

purl pkg:pypi/apache-airflow@1.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1963-1kyn-2ban

vulnerability	VCID-1azm-hsvr-f3e8

vulnerability	VCID-1ptn-xvsy-d3hu

vulnerability	VCID-2q7x-bua5-37h7

vulnerability	VCID-2xpf-ut63-tbcx

vulnerability	VCID-37nw-x186-puds

vulnerability	VCID-4693-xwwu-7uem

vulnerability	VCID-4btd-59ga-1yd4

vulnerability	VCID-4u8d-ezsr-sqcz

vulnerability	VCID-5j9w-1tng-k3ac

vulnerability	VCID-5ph5-s3qc-guf4

vulnerability	VCID-5qe8-jdbh-x7b4

vulnerability	VCID-5ufe-1rrj-rkgp

vulnerability	VCID-6hxm-nnhg-buex

vulnerability	VCID-7z8j-8f4d-53dm

vulnerability	VCID-82p8-yujf-hkdd

vulnerability	VCID-8m3p-yzr8-yyhj

vulnerability	VCID-8npr-rvfd-jkfj

vulnerability	VCID-8ykk-1kak-6bfd

vulnerability	VCID-91ta-vnkv-5ydh

vulnerability	VCID-9f34-2r5y-sydz

vulnerability	VCID-arbk-dryb-qkda

vulnerability	VCID-bgp2-bzbr-1uh5

vulnerability	VCID-bn9u-brjp-yudy

vulnerability	VCID-bxw8-918z-1be5

vulnerability	VCID-c1bw-f7ck-2ybw

vulnerability	VCID-ctd9-hxfn-8fcs

vulnerability	VCID-d3kc-fn21-xqar

vulnerability	VCID-dk1y-938p-k3bv

vulnerability	VCID-dp6s-jdma-a7cc

vulnerability	VCID-e19b-adrm-x7fu

vulnerability	VCID-fctg-457f-4uae

vulnerability	VCID-fnsx-gtgn-27dr

vulnerability	VCID-gbgf-jfzt-tqg1

vulnerability	VCID-gg94-fdbv-y7g1

vulnerability	VCID-gt7b-5554-y7dq

vulnerability	VCID-hgq2-kuex-y3a3

vulnerability	VCID-hpf3-3z3m-6ydt

vulnerability	VCID-j6uh-kx6m-sydp

vulnerability	VCID-kb4a-mm13-63bj

vulnerability	VCID-kgfb-yphg-n3ec

vulnerability	VCID-krjr-ctw4-r3d3

vulnerability	VCID-ms13-tzaa-hkej

vulnerability	VCID-nfbc-tutd-37bw

vulnerability	VCID-p42d-ta7v-7yhn

vulnerability	VCID-pb3b-22wk-pbh5

vulnerability	VCID-pmtw-nwnc-nyfw

vulnerability	VCID-pqgj-ry81-6ua3

vulnerability	VCID-qxnw-7urw-fud2

vulnerability	VCID-rysu-xhvt-yqda

vulnerability	VCID-s49h-br5r-5yh8

vulnerability	VCID-ssbp-gvfd-2kef

vulnerability	VCID-syqv-6kj7-j3e5

vulnerability	VCID-tcjg-f9cn-mubj

vulnerability	VCID-tpjn-4kru-vucv

vulnerability	VCID-vj7z-pmk3-cydg

vulnerability	VCID-vras-f42j-xqfg

vulnerability	VCID-vy44-rbar-w3fn

vulnerability	VCID-w8ff-8479-rbfq

vulnerability	VCID-x8g4-88t4-cqdz

vulnerability	VCID-xwza-guvs-83a9

vulnerability	VCID-ygjc-77t9-yfge

vulnerability	VCID-ykge-bnhg-g7c4

vulnerability	VCID-yrx8-dtav-83av

vulnerability	VCID-yz8w-uv1z-5ybw

vulnerability	VCID-zqdb-94dc-vqfh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.9.0

Affected_packages

url pkg:pypi/apache-airflow@1.8.1

purl pkg:pypi/apache-airflow@1.8.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1963-1kyn-2ban

vulnerability	VCID-1azm-hsvr-f3e8

vulnerability	VCID-1ptn-xvsy-d3hu

vulnerability	VCID-2q7x-bua5-37h7

vulnerability	VCID-2xpf-ut63-tbcx

vulnerability	VCID-37nw-x186-puds

vulnerability	VCID-4693-xwwu-7uem

vulnerability	VCID-4btd-59ga-1yd4

vulnerability	VCID-4u8d-ezsr-sqcz

vulnerability	VCID-5j9w-1tng-k3ac

vulnerability	VCID-5ph5-s3qc-guf4

vulnerability	VCID-5qe8-jdbh-x7b4

vulnerability	VCID-5ufe-1rrj-rkgp

vulnerability	VCID-6hxm-nnhg-buex

vulnerability	VCID-7z8j-8f4d-53dm

vulnerability	VCID-82p8-yujf-hkdd

vulnerability	VCID-8m3p-yzr8-yyhj

vulnerability	VCID-8npr-rvfd-jkfj

vulnerability	VCID-8ykk-1kak-6bfd

vulnerability	VCID-91ta-vnkv-5ydh

vulnerability	VCID-9f34-2r5y-sydz

vulnerability	VCID-arbk-dryb-qkda

vulnerability	VCID-bgp2-bzbr-1uh5

vulnerability	VCID-bn9u-brjp-yudy

vulnerability	VCID-bxw8-918z-1be5

vulnerability	VCID-c1bw-f7ck-2ybw

vulnerability	VCID-ctd9-hxfn-8fcs

vulnerability	VCID-d3kc-fn21-xqar

vulnerability	VCID-dk1y-938p-k3bv

vulnerability	VCID-dp6s-jdma-a7cc

vulnerability	VCID-e19b-adrm-x7fu

vulnerability	VCID-fctg-457f-4uae

vulnerability	VCID-fnsx-gtgn-27dr

vulnerability	VCID-gbgf-jfzt-tqg1

vulnerability	VCID-gg94-fdbv-y7g1

vulnerability	VCID-gt7b-5554-y7dq

vulnerability	VCID-hgq2-kuex-y3a3

vulnerability	VCID-hpf3-3z3m-6ydt

vulnerability	VCID-j6uh-kx6m-sydp

vulnerability	VCID-kb4a-mm13-63bj

vulnerability	VCID-kgfb-yphg-n3ec

vulnerability	VCID-krjr-ctw4-r3d3

vulnerability	VCID-ms13-tzaa-hkej

vulnerability	VCID-nfbc-tutd-37bw

vulnerability	VCID-p42d-ta7v-7yhn

vulnerability	VCID-p9rb-ehta-2bhc

vulnerability	VCID-pb3b-22wk-pbh5

vulnerability	VCID-pmtw-nwnc-nyfw

vulnerability	VCID-pqgj-ry81-6ua3

vulnerability	VCID-qxnw-7urw-fud2

vulnerability	VCID-rysu-xhvt-yqda

vulnerability	VCID-s49h-br5r-5yh8

vulnerability	VCID-ssbp-gvfd-2kef

vulnerability	VCID-syqv-6kj7-j3e5

vulnerability	VCID-sz6v-udpx-wbav

vulnerability	VCID-tcjg-f9cn-mubj

vulnerability	VCID-tpjn-4kru-vucv

vulnerability	VCID-vj7z-pmk3-cydg

vulnerability	VCID-vras-f42j-xqfg

vulnerability	VCID-vy44-rbar-w3fn

vulnerability	VCID-w8ff-8479-rbfq

vulnerability	VCID-wm1m-yj2y-yfa3

vulnerability	VCID-x8g4-88t4-cqdz

vulnerability	VCID-xbt7-ks9g-c7gd

vulnerability	VCID-xwza-guvs-83a9

vulnerability	VCID-ygjc-77t9-yfge

vulnerability	VCID-ykge-bnhg-g7c4

vulnerability	VCID-yrx8-dtav-83av

vulnerability	VCID-yz8w-uv1z-5ybw

vulnerability	VCID-zqdb-94dc-vqfh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.8.1

url pkg:pypi/apache-airflow@1.8.2rc1

purl pkg:pypi/apache-airflow@1.8.2rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1963-1kyn-2ban

vulnerability	VCID-1azm-hsvr-f3e8

vulnerability	VCID-1ptn-xvsy-d3hu

vulnerability	VCID-2q7x-bua5-37h7

vulnerability	VCID-2xpf-ut63-tbcx

vulnerability	VCID-37nw-x186-puds

vulnerability	VCID-4693-xwwu-7uem

vulnerability	VCID-4btd-59ga-1yd4

vulnerability	VCID-4u8d-ezsr-sqcz

vulnerability	VCID-5j9w-1tng-k3ac

vulnerability	VCID-5ph5-s3qc-guf4

vulnerability	VCID-5qe8-jdbh-x7b4

vulnerability	VCID-5ufe-1rrj-rkgp

vulnerability	VCID-6hxm-nnhg-buex

vulnerability	VCID-7z8j-8f4d-53dm

vulnerability	VCID-82p8-yujf-hkdd

vulnerability	VCID-8m3p-yzr8-yyhj

vulnerability	VCID-8npr-rvfd-jkfj

vulnerability	VCID-8ykk-1kak-6bfd

vulnerability	VCID-91ta-vnkv-5ydh

vulnerability	VCID-9f34-2r5y-sydz

vulnerability	VCID-arbk-dryb-qkda

vulnerability	VCID-bgp2-bzbr-1uh5

vulnerability	VCID-bn9u-brjp-yudy

vulnerability	VCID-bxw8-918z-1be5

vulnerability	VCID-c1bw-f7ck-2ybw

vulnerability	VCID-ctd9-hxfn-8fcs

vulnerability	VCID-d3kc-fn21-xqar

vulnerability	VCID-dk1y-938p-k3bv

vulnerability	VCID-dp6s-jdma-a7cc

vulnerability	VCID-e19b-adrm-x7fu

vulnerability	VCID-fctg-457f-4uae

vulnerability	VCID-fnsx-gtgn-27dr

vulnerability	VCID-gbgf-jfzt-tqg1

vulnerability	VCID-gg94-fdbv-y7g1

vulnerability	VCID-gt7b-5554-y7dq

vulnerability	VCID-hgq2-kuex-y3a3

vulnerability	VCID-hpf3-3z3m-6ydt

vulnerability	VCID-j6uh-kx6m-sydp

vulnerability	VCID-kb4a-mm13-63bj

vulnerability	VCID-kgfb-yphg-n3ec

vulnerability	VCID-krjr-ctw4-r3d3

vulnerability	VCID-ms13-tzaa-hkej

vulnerability	VCID-nfbc-tutd-37bw

vulnerability	VCID-p42d-ta7v-7yhn

vulnerability	VCID-p9rb-ehta-2bhc

vulnerability	VCID-pb3b-22wk-pbh5

vulnerability	VCID-pmtw-nwnc-nyfw

vulnerability	VCID-pqgj-ry81-6ua3

vulnerability	VCID-qxnw-7urw-fud2

vulnerability	VCID-rysu-xhvt-yqda

vulnerability	VCID-s49h-br5r-5yh8

vulnerability	VCID-ssbp-gvfd-2kef

vulnerability	VCID-syqv-6kj7-j3e5

vulnerability	VCID-sz6v-udpx-wbav

vulnerability	VCID-tcjg-f9cn-mubj

vulnerability	VCID-tpjn-4kru-vucv

vulnerability	VCID-vj7z-pmk3-cydg

vulnerability	VCID-vras-f42j-xqfg

vulnerability	VCID-vy44-rbar-w3fn

vulnerability	VCID-w8ff-8479-rbfq

vulnerability	VCID-wm1m-yj2y-yfa3

vulnerability	VCID-x8g4-88t4-cqdz

vulnerability	VCID-xbt7-ks9g-c7gd

vulnerability	VCID-xwza-guvs-83a9

vulnerability	VCID-ygjc-77t9-yfge

vulnerability	VCID-ykge-bnhg-g7c4

vulnerability	VCID-yrx8-dtav-83av

vulnerability	VCID-yz8w-uv1z-5ybw

vulnerability	VCID-zqdb-94dc-vqfh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.8.2rc1

url pkg:pypi/apache-airflow@1.8.2

purl pkg:pypi/apache-airflow@1.8.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1963-1kyn-2ban

vulnerability	VCID-1azm-hsvr-f3e8

vulnerability	VCID-1ptn-xvsy-d3hu

vulnerability	VCID-2q7x-bua5-37h7

vulnerability	VCID-2xpf-ut63-tbcx

vulnerability	VCID-37nw-x186-puds

vulnerability	VCID-4693-xwwu-7uem

vulnerability	VCID-4btd-59ga-1yd4

vulnerability	VCID-4u8d-ezsr-sqcz

vulnerability	VCID-5j9w-1tng-k3ac

vulnerability	VCID-5ph5-s3qc-guf4

vulnerability	VCID-5qe8-jdbh-x7b4

vulnerability	VCID-5ufe-1rrj-rkgp

vulnerability	VCID-6hxm-nnhg-buex

vulnerability	VCID-7z8j-8f4d-53dm

vulnerability	VCID-82p8-yujf-hkdd

vulnerability	VCID-8m3p-yzr8-yyhj

vulnerability	VCID-8npr-rvfd-jkfj

vulnerability	VCID-8ykk-1kak-6bfd

vulnerability	VCID-91ta-vnkv-5ydh

vulnerability	VCID-9f34-2r5y-sydz

vulnerability	VCID-arbk-dryb-qkda

vulnerability	VCID-bgp2-bzbr-1uh5

vulnerability	VCID-bn9u-brjp-yudy

vulnerability	VCID-bxw8-918z-1be5

vulnerability	VCID-c1bw-f7ck-2ybw

vulnerability	VCID-ctd9-hxfn-8fcs

vulnerability	VCID-d3kc-fn21-xqar

vulnerability	VCID-dk1y-938p-k3bv

vulnerability	VCID-dp6s-jdma-a7cc

vulnerability	VCID-e19b-adrm-x7fu

vulnerability	VCID-fctg-457f-4uae

vulnerability	VCID-fnsx-gtgn-27dr

vulnerability	VCID-gbgf-jfzt-tqg1

vulnerability	VCID-gg94-fdbv-y7g1

vulnerability	VCID-gt7b-5554-y7dq

vulnerability	VCID-hgq2-kuex-y3a3

vulnerability	VCID-hpf3-3z3m-6ydt

vulnerability	VCID-j6uh-kx6m-sydp

vulnerability	VCID-kb4a-mm13-63bj

vulnerability	VCID-kgfb-yphg-n3ec

vulnerability	VCID-krjr-ctw4-r3d3

vulnerability	VCID-ms13-tzaa-hkej

vulnerability	VCID-nfbc-tutd-37bw

vulnerability	VCID-p42d-ta7v-7yhn

vulnerability	VCID-p9rb-ehta-2bhc

vulnerability	VCID-pb3b-22wk-pbh5

vulnerability	VCID-pmtw-nwnc-nyfw

vulnerability	VCID-pqgj-ry81-6ua3

vulnerability	VCID-qxnw-7urw-fud2

vulnerability	VCID-rysu-xhvt-yqda

vulnerability	VCID-s49h-br5r-5yh8

vulnerability	VCID-ssbp-gvfd-2kef

vulnerability	VCID-syqv-6kj7-j3e5

vulnerability	VCID-sz6v-udpx-wbav

vulnerability	VCID-tcjg-f9cn-mubj

vulnerability	VCID-tpjn-4kru-vucv

vulnerability	VCID-vj7z-pmk3-cydg

vulnerability	VCID-vras-f42j-xqfg

vulnerability	VCID-vy44-rbar-w3fn

vulnerability	VCID-w8ff-8479-rbfq

vulnerability	VCID-wm1m-yj2y-yfa3

vulnerability	VCID-x8g4-88t4-cqdz

vulnerability	VCID-xbt7-ks9g-c7gd

vulnerability	VCID-xwza-guvs-83a9

vulnerability	VCID-ygjc-77t9-yfge

vulnerability	VCID-ykge-bnhg-g7c4

vulnerability	VCID-yrx8-dtav-83av

vulnerability	VCID-yz8w-uv1z-5ybw

vulnerability	VCID-zqdb-94dc-vqfh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.8.2

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-17835

reference_id

reference_type

scores

value	0.00413
scoring_system	epss
scoring_elements	0.61811
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-17835

reference_url

https://github.com/advisories/GHSA-68wv-rjrm-576p

reference_id

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-68wv-rjrm-576p

reference_url	https://github.com/apache/airflow
reference_id
reference_type
scores
url	https://github.com/apache/airflow

reference_url	https://github.com/apache/airflow/commit/673026c740411cc6447aede8c6a816460fe03a59
reference_id
reference_type
scores
url	https://github.com/apache/airflow/commit/673026c740411cc6447aede8c6a816460fe03a59

reference_url	https://github.com/apache/airflow/commit/6aca2c2d395952341ab1b201c59011920b5a5c77
reference_id
reference_type
scores
url	https://github.com/apache/airflow/commit/6aca2c2d395952341ab1b201c59011920b5a5c77

reference_url	https://github.com/apache/airflow/commit/c9dc9263986c1a55520ba44b6e5b0fcbd6c48712
reference_id
reference_type
scores
url	https://github.com/apache/airflow/commit/c9dc9263986c1a55520ba44b6e5b0fcbd6c48712

reference_url	https://github.com/apache/airflow/commit/dca5e7d116b5c8b103df13f89f061757c13c41ae
reference_id
reference_type
scores
url	https://github.com/apache/airflow/commit/dca5e7d116b5c8b103df13f89f061757c13c41ae

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2019-148.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2019-148.yaml

reference_url	https://lists.apache.org/thread.html/ade4d54ebf614f68dc81a08891755e60ea58ba88e0209233eeea5f57@%3Cdev.airflow.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/ade4d54ebf614f68dc81a08891755e60ea58ba88e0209233eeea5f57@%3Cdev.airflow.apache.org%3E

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-17835
reference_id	CVE-2017-17835
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-17835

Weaknesses

cwe_id	352
name	Cross-Site Request Forgery (CSRF)
description	The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xbt7-ks9g-c7gd

Vulnerability Instance