Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-zafx-wzgj-uugv
Summary
Improper Input Validation
The client libraries in Apache Thrift might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function.
Aliases
0
alias CVE-2015-3254
Fixed_packages
0
url pkg:maven/org.apache.thrift/libthrift@0.9.3
purl pkg:maven/org.apache.thrift/libthrift@0.9.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6r6v-dxqb-3fe1
1
vulnerability VCID-bjpb-v3v5-5beg
2
vulnerability VCID-gkzd-prsr-gqc8
3
vulnerability VCID-rxjp-h3tu-tqh8
4
vulnerability VCID-y1ca-jr94-kfb4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.thrift/libthrift@0.9.3
Affected_packages
0
url pkg:maven/org.apache.thrift/libthrift@0.6.1
purl pkg:maven/org.apache.thrift/libthrift@0.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rxjp-h3tu-tqh8
1
vulnerability VCID-y1ca-jr94-kfb4
2
vulnerability VCID-zafx-wzgj-uugv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.thrift/libthrift@0.6.1
1
url pkg:maven/org.apache.thrift/libthrift@0.7.0
purl pkg:maven/org.apache.thrift/libthrift@0.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rxjp-h3tu-tqh8
1
vulnerability VCID-y1ca-jr94-kfb4
2
vulnerability VCID-zafx-wzgj-uugv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.thrift/libthrift@0.7.0
2
url pkg:maven/org.apache.thrift/libthrift@0.8.0
purl pkg:maven/org.apache.thrift/libthrift@0.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rxjp-h3tu-tqh8
1
vulnerability VCID-y1ca-jr94-kfb4
2
vulnerability VCID-zafx-wzgj-uugv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.thrift/libthrift@0.8.0
3
url pkg:maven/org.apache.thrift/libthrift@0.9.0
purl pkg:maven/org.apache.thrift/libthrift@0.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rxjp-h3tu-tqh8
1
vulnerability VCID-y1ca-jr94-kfb4
2
vulnerability VCID-zafx-wzgj-uugv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.thrift/libthrift@0.9.0
4
url pkg:maven/org.apache.thrift/libthrift@0.9.1
purl pkg:maven/org.apache.thrift/libthrift@0.9.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rxjp-h3tu-tqh8
1
vulnerability VCID-y1ca-jr94-kfb4
2
vulnerability VCID-zafx-wzgj-uugv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.thrift/libthrift@0.9.1
5
url pkg:maven/org.apache.thrift/libthrift@0.9.2
purl pkg:maven/org.apache.thrift/libthrift@0.9.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bjpb-v3v5-5beg
1
vulnerability VCID-rxjp-h3tu-tqh8
2
vulnerability VCID-y1ca-jr94-kfb4
3
vulnerability VCID-zafx-wzgj-uugv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.thrift/libthrift@0.9.2
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3254.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3254.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-3254
reference_id
reference_type
scores
0
value 0.01797
scoring_system epss
scoring_elements 0.82706
published_at 2026-04-01T12:55:00Z
1
value 0.01797
scoring_system epss
scoring_elements 0.82723
published_at 2026-04-02T12:55:00Z
2
value 0.01797
scoring_system epss
scoring_elements 0.82736
published_at 2026-04-04T12:55:00Z
3
value 0.01797
scoring_system epss
scoring_elements 0.82733
published_at 2026-04-07T12:55:00Z
4
value 0.01797
scoring_system epss
scoring_elements 0.82759
published_at 2026-04-08T12:55:00Z
5
value 0.01797
scoring_system epss
scoring_elements 0.82766
published_at 2026-04-09T12:55:00Z
6
value 0.01797
scoring_system epss
scoring_elements 0.82782
published_at 2026-04-11T12:55:00Z
7
value 0.01797
scoring_system epss
scoring_elements 0.82777
published_at 2026-04-12T12:55:00Z
8
value 0.01797
scoring_system epss
scoring_elements 0.82772
published_at 2026-04-13T12:55:00Z
9
value 0.01797
scoring_system epss
scoring_elements 0.82811
published_at 2026-04-16T12:55:00Z
10
value 0.01797
scoring_system epss
scoring_elements 0.8281
published_at 2026-04-18T12:55:00Z
11
value 0.01797
scoring_system epss
scoring_elements 0.82813
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-3254
2
reference_url https://issues.apache.org/jira/browse/THRIFT-3231
reference_id
reference_type
scores
url https://issues.apache.org/jira/browse/THRIFT-3231
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1462783
reference_id 1462783
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1462783
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-3254
reference_id CVE-2015-3254
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2015-3254
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 20
name Improper Input Validation
description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
3
cwe_id 835
name Loop with Unreachable Exit Condition ('Infinite Loop')
description The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Exploits
Severity_range_score6.5 - 6.5
Exploitability0.5
Weighted_severity5.9
Risk_score3.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-zafx-wzgj-uugv