Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-zpk9-2fb7-sqfj

Summary OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowing redirection to untrusted sites. OMERO.web 5.9.0 adds URL validation before redirecting. External URLs are not considered valid, unless specified in the omero.web.redirect_allowed_hosts setting.

Aliases

alias	CVE-2021-21377

alias	GHSA-g4rf-pc26-6hmr

alias	PYSEC-2021-32

Fixed_packages

url pkg:pypi/omero-web@5.9.0

purl pkg:pypi/omero-web@5.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-31u4-a1rs-e7gs

vulnerability	VCID-9au9-67c5-p7c6

vulnerability	VCID-skae-vc4n-5qem

vulnerability	VCID-wtbe-17ty-jke2

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.9.0

Affected_packages

url pkg:pypi/omero-web@5.5.dev1

purl pkg:pypi/omero-web@5.5.dev1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-31u4-a1rs-e7gs

vulnerability	VCID-7rje-5fyr-8udj

vulnerability	VCID-9au9-67c5-p7c6

vulnerability	VCID-qqhk-myh6-3ffw

vulnerability	VCID-skae-vc4n-5qem

vulnerability	VCID-wtbe-17ty-jke2

vulnerability	VCID-zpk9-2fb7-sqfj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.5.dev1

url pkg:pypi/omero-web@5.5.dev2

purl pkg:pypi/omero-web@5.5.dev2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-31u4-a1rs-e7gs

vulnerability	VCID-7rje-5fyr-8udj

vulnerability	VCID-9au9-67c5-p7c6

vulnerability	VCID-qqhk-myh6-3ffw

vulnerability	VCID-skae-vc4n-5qem

vulnerability	VCID-wtbe-17ty-jke2

vulnerability	VCID-zpk9-2fb7-sqfj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.5.dev2

url pkg:pypi/omero-web@5.6.dev1

purl pkg:pypi/omero-web@5.6.dev1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-31u4-a1rs-e7gs

vulnerability	VCID-7rje-5fyr-8udj

vulnerability	VCID-9au9-67c5-p7c6

vulnerability	VCID-qqhk-myh6-3ffw

vulnerability	VCID-skae-vc4n-5qem

vulnerability	VCID-wtbe-17ty-jke2

vulnerability	VCID-zpk9-2fb7-sqfj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.6.dev1

url pkg:pypi/omero-web@5.6.dev2

purl pkg:pypi/omero-web@5.6.dev2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-31u4-a1rs-e7gs

vulnerability	VCID-7rje-5fyr-8udj

vulnerability	VCID-9au9-67c5-p7c6

vulnerability	VCID-qqhk-myh6-3ffw

vulnerability	VCID-skae-vc4n-5qem

vulnerability	VCID-wtbe-17ty-jke2

vulnerability	VCID-zpk9-2fb7-sqfj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.6.dev2

url pkg:pypi/omero-web@5.6.dev3

purl pkg:pypi/omero-web@5.6.dev3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-31u4-a1rs-e7gs

vulnerability	VCID-7rje-5fyr-8udj

vulnerability	VCID-9au9-67c5-p7c6

vulnerability	VCID-qqhk-myh6-3ffw

vulnerability	VCID-skae-vc4n-5qem

vulnerability	VCID-wtbe-17ty-jke2

vulnerability	VCID-zpk9-2fb7-sqfj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.6.dev3

url pkg:pypi/omero-web@5.6.dev4

purl pkg:pypi/omero-web@5.6.dev4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-31u4-a1rs-e7gs

vulnerability	VCID-7rje-5fyr-8udj

vulnerability	VCID-9au9-67c5-p7c6

vulnerability	VCID-qqhk-myh6-3ffw

vulnerability	VCID-skae-vc4n-5qem

vulnerability	VCID-wtbe-17ty-jke2

vulnerability	VCID-zpk9-2fb7-sqfj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.6.dev4

url pkg:pypi/omero-web@5.6.dev5

purl pkg:pypi/omero-web@5.6.dev5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-31u4-a1rs-e7gs

vulnerability	VCID-7rje-5fyr-8udj

vulnerability	VCID-9au9-67c5-p7c6

vulnerability	VCID-qqhk-myh6-3ffw

vulnerability	VCID-skae-vc4n-5qem

vulnerability	VCID-wtbe-17ty-jke2

vulnerability	VCID-zpk9-2fb7-sqfj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.6.dev5

url pkg:pypi/omero-web@5.6.dev6

purl pkg:pypi/omero-web@5.6.dev6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-31u4-a1rs-e7gs

vulnerability	VCID-7rje-5fyr-8udj

vulnerability	VCID-9au9-67c5-p7c6

vulnerability	VCID-qqhk-myh6-3ffw

vulnerability	VCID-skae-vc4n-5qem

vulnerability	VCID-wtbe-17ty-jke2

vulnerability	VCID-zpk9-2fb7-sqfj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.6.dev6

url pkg:pypi/omero-web@5.6.dev7

purl pkg:pypi/omero-web@5.6.dev7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-31u4-a1rs-e7gs

vulnerability	VCID-7rje-5fyr-8udj

vulnerability	VCID-9au9-67c5-p7c6

vulnerability	VCID-qqhk-myh6-3ffw

vulnerability	VCID-skae-vc4n-5qem

vulnerability	VCID-wtbe-17ty-jke2

vulnerability	VCID-zpk9-2fb7-sqfj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.6.dev7

url pkg:pypi/omero-web@5.6.0

purl pkg:pypi/omero-web@5.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-31u4-a1rs-e7gs

vulnerability	VCID-7rje-5fyr-8udj

vulnerability	VCID-9au9-67c5-p7c6

vulnerability	VCID-qqhk-myh6-3ffw

vulnerability	VCID-skae-vc4n-5qem

vulnerability	VCID-wtbe-17ty-jke2

vulnerability	VCID-zpk9-2fb7-sqfj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.6.0

url pkg:pypi/omero-web@5.6.1

purl pkg:pypi/omero-web@5.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-31u4-a1rs-e7gs

vulnerability	VCID-7rje-5fyr-8udj

vulnerability	VCID-9au9-67c5-p7c6

vulnerability	VCID-qqhk-myh6-3ffw

vulnerability	VCID-skae-vc4n-5qem

vulnerability	VCID-wtbe-17ty-jke2

vulnerability	VCID-zpk9-2fb7-sqfj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.6.1

url pkg:pypi/omero-web@5.6.2

purl pkg:pypi/omero-web@5.6.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-31u4-a1rs-e7gs

vulnerability	VCID-7rje-5fyr-8udj

vulnerability	VCID-9au9-67c5-p7c6

vulnerability	VCID-qqhk-myh6-3ffw

vulnerability	VCID-skae-vc4n-5qem

vulnerability	VCID-wtbe-17ty-jke2

vulnerability	VCID-zpk9-2fb7-sqfj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.6.2

url pkg:pypi/omero-web@5.6.3

purl pkg:pypi/omero-web@5.6.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-31u4-a1rs-e7gs

vulnerability	VCID-7rje-5fyr-8udj

vulnerability	VCID-9au9-67c5-p7c6

vulnerability	VCID-skae-vc4n-5qem

vulnerability	VCID-wtbe-17ty-jke2

vulnerability	VCID-zpk9-2fb7-sqfj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.6.3

url pkg:pypi/omero-web@5.7.0

purl pkg:pypi/omero-web@5.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-31u4-a1rs-e7gs

vulnerability	VCID-7rje-5fyr-8udj

vulnerability	VCID-9au9-67c5-p7c6

vulnerability	VCID-skae-vc4n-5qem

vulnerability	VCID-wtbe-17ty-jke2

vulnerability	VCID-zpk9-2fb7-sqfj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.7.0

url pkg:pypi/omero-web@5.7.1

purl pkg:pypi/omero-web@5.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-31u4-a1rs-e7gs

vulnerability	VCID-7rje-5fyr-8udj

vulnerability	VCID-9au9-67c5-p7c6

vulnerability	VCID-skae-vc4n-5qem

vulnerability	VCID-wtbe-17ty-jke2

vulnerability	VCID-zpk9-2fb7-sqfj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.7.1

url pkg:pypi/omero-web@5.8.0

purl pkg:pypi/omero-web@5.8.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-31u4-a1rs-e7gs

vulnerability	VCID-7rje-5fyr-8udj

vulnerability	VCID-9au9-67c5-p7c6

vulnerability	VCID-skae-vc4n-5qem

vulnerability	VCID-wtbe-17ty-jke2

vulnerability	VCID-zpk9-2fb7-sqfj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.8.0

url pkg:pypi/omero-web@5.8.1

purl pkg:pypi/omero-web@5.8.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-31u4-a1rs-e7gs

vulnerability	VCID-7rje-5fyr-8udj

vulnerability	VCID-9au9-67c5-p7c6

vulnerability	VCID-skae-vc4n-5qem

vulnerability	VCID-wtbe-17ty-jke2

vulnerability	VCID-zpk9-2fb7-sqfj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/omero-web@5.8.1

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21377

reference_id

reference_type

scores

value	0.00314
scoring_system	epss
scoring_elements	0.54759
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21377

reference_url

https://github.com/ome/omero-web

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ome/omero-web

reference_url

https://github.com/ome/omero-web/blob/master/CHANGELOG.md#590-march-2021

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ome/omero-web/blob/master/CHANGELOG.md#590-march-2021

reference_url

https://github.com/ome/omero-web/commit/952f8e5d28532fbb14fb665982211329d137908c

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ome/omero-web/commit/952f8e5d28532fbb14fb665982211329d137908c

reference_url

https://github.com/ome/omero-web/security/advisories/GHSA-g4rf-pc26-6hmr

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ome/omero-web/security/advisories/GHSA-g4rf-pc26-6hmr

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/omero-web/PYSEC-2021-32.yaml

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/omero-web/PYSEC-2021-32.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21377

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21377

reference_url

https://pypi.org/project/omero-web

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://pypi.org/project/omero-web

reference_url	https://pypi.org/project/omero-web/
reference_id
reference_type
scores
url	https://pypi.org/project/omero-web/

reference_url

https://www.openmicroscopy.org/security/advisories/2021-SV2

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.openmicroscopy.org/security/advisories/2021-SV2

reference_url	https://www.openmicroscopy.org/security/advisories/2021-SV2/
reference_id
reference_type
scores
url	https://www.openmicroscopy.org/security/advisories/2021-SV2/

reference_url

https://github.com/advisories/GHSA-g4rf-pc26-6hmr

reference_id

GHSA-g4rf-pc26-6hmr

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-g4rf-pc26-6hmr

Weaknesses

cwe_id	601
name	URL Redirection to Untrusted Site ('Open Redirect')
description	A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 0.0

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zpk9-2fb7-sqfj

Vulnerability Instance