Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-jqym-yvag-qfcz

Summary bash: BASH_CMD is writable in restricted bash shells

Aliases

alias	CVE-2019-9924

Fixed_packages

url	pkg:deb/debian/bash@4.4-1?distro=trixie
purl	pkg:deb/debian/bash@4.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/bash@4.4-1%3Fdistro=trixie

url pkg:deb/debian/bash@4.4-5

purl pkg:deb/debian/bash@4.4-5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-556k-17z3-auc2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/bash@4.4-5

url pkg:deb/debian/bash@5.1-2%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/bash@5.1-2%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rc3z-84wf-pygu

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/bash@5.1-2%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/bash@5.2.15-2?distro=trixie
purl	pkg:deb/debian/bash@5.2.15-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/bash@5.2.15-2%3Fdistro=trixie

url	pkg:deb/debian/bash@5.2.37-2?distro=trixie
purl	pkg:deb/debian/bash@5.2.37-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/bash@5.2.37-2%3Fdistro=trixie

url	pkg:deb/debian/bash@5.3-2?distro=trixie
purl	pkg:deb/debian/bash@5.3-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/bash@5.3-2%3Fdistro=trixie

Affected_packages

url pkg:deb/debian/bash@2.01.1-4

purl pkg:deb/debian/bash@2.01.1-4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4c4h-9zpn-kkd2

vulnerability	VCID-556k-17z3-auc2

vulnerability	VCID-az8z-jtp2-tyhj

vulnerability	VCID-ba3s-az62-fkdc

vulnerability	VCID-hvf8-a8kf-qqbq

vulnerability	VCID-hxgp-7aap-xqh6

vulnerability	VCID-jqym-yvag-qfcz

vulnerability	VCID-k9hm-bh92-qfan

vulnerability	VCID-m98m-wbj2-zbdk

vulnerability	VCID-nm4t-6dw6-vbby

vulnerability	VCID-sqj7-9htv-nbfn

vulnerability	VCID-twyf-cbfd-hka1

vulnerability	VCID-up13-8aex-7qfy

vulnerability	VCID-yje9-sb3a-kubp

vulnerability	VCID-yz3v-qgsz-53ew

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/bash@2.01.1-4

url pkg:deb/debian/bash@2.01.1-4.1

purl pkg:deb/debian/bash@2.01.1-4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4c4h-9zpn-kkd2

vulnerability	VCID-556k-17z3-auc2

vulnerability	VCID-az8z-jtp2-tyhj

vulnerability	VCID-ba3s-az62-fkdc

vulnerability	VCID-hvf8-a8kf-qqbq

vulnerability	VCID-hxgp-7aap-xqh6

vulnerability	VCID-jqym-yvag-qfcz

vulnerability	VCID-k9hm-bh92-qfan

vulnerability	VCID-m98m-wbj2-zbdk

vulnerability	VCID-nm4t-6dw6-vbby

vulnerability	VCID-sqj7-9htv-nbfn

vulnerability	VCID-twyf-cbfd-hka1

vulnerability	VCID-up13-8aex-7qfy

vulnerability	VCID-yje9-sb3a-kubp

vulnerability	VCID-yz3v-qgsz-53ew

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/bash@2.01.1-4.1

url pkg:deb/debian/bash@2.03-6

purl pkg:deb/debian/bash@2.03-6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4c4h-9zpn-kkd2

vulnerability	VCID-556k-17z3-auc2

vulnerability	VCID-az8z-jtp2-tyhj

vulnerability	VCID-ba3s-az62-fkdc

vulnerability	VCID-hvf8-a8kf-qqbq

vulnerability	VCID-hxgp-7aap-xqh6

vulnerability	VCID-jqym-yvag-qfcz

vulnerability	VCID-k9hm-bh92-qfan

vulnerability	VCID-m98m-wbj2-zbdk

vulnerability	VCID-nm4t-6dw6-vbby

vulnerability	VCID-sqj7-9htv-nbfn

vulnerability	VCID-twyf-cbfd-hka1

vulnerability	VCID-up13-8aex-7qfy

vulnerability	VCID-yje9-sb3a-kubp

vulnerability	VCID-yz3v-qgsz-53ew

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/bash@2.03-6

url pkg:deb/debian/bash@2.05a-11

purl pkg:deb/debian/bash@2.05a-11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4c4h-9zpn-kkd2

vulnerability	VCID-556k-17z3-auc2

vulnerability	VCID-az8z-jtp2-tyhj

vulnerability	VCID-ba3s-az62-fkdc

vulnerability	VCID-hvf8-a8kf-qqbq

vulnerability	VCID-hxgp-7aap-xqh6

vulnerability	VCID-jqym-yvag-qfcz

vulnerability	VCID-k9hm-bh92-qfan

vulnerability	VCID-m98m-wbj2-zbdk

vulnerability	VCID-nm4t-6dw6-vbby

vulnerability	VCID-sqj7-9htv-nbfn

vulnerability	VCID-twyf-cbfd-hka1

vulnerability	VCID-up13-8aex-7qfy

vulnerability	VCID-yje9-sb3a-kubp

vulnerability	VCID-yz3v-qgsz-53ew

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/bash@2.05a-11

url pkg:deb/debian/bash@2.05b-2-26

purl pkg:deb/debian/bash@2.05b-2-26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4c4h-9zpn-kkd2

vulnerability	VCID-556k-17z3-auc2

vulnerability	VCID-az8z-jtp2-tyhj

vulnerability	VCID-ba3s-az62-fkdc

vulnerability	VCID-hvf8-a8kf-qqbq

vulnerability	VCID-hxgp-7aap-xqh6

vulnerability	VCID-jqym-yvag-qfcz

vulnerability	VCID-k9hm-bh92-qfan

vulnerability	VCID-m98m-wbj2-zbdk

vulnerability	VCID-nm4t-6dw6-vbby

vulnerability	VCID-sqj7-9htv-nbfn

vulnerability	VCID-twyf-cbfd-hka1

vulnerability	VCID-up13-8aex-7qfy

vulnerability	VCID-yje9-sb3a-kubp

vulnerability	VCID-yz3v-qgsz-53ew

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/bash@2.05b-2-26

url pkg:deb/debian/bash@3.1dfsg-8

purl pkg:deb/debian/bash@3.1dfsg-8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4c4h-9zpn-kkd2

vulnerability	VCID-556k-17z3-auc2

vulnerability	VCID-az8z-jtp2-tyhj

vulnerability	VCID-ba3s-az62-fkdc

vulnerability	VCID-hvf8-a8kf-qqbq

vulnerability	VCID-hxgp-7aap-xqh6

vulnerability	VCID-jqym-yvag-qfcz

vulnerability	VCID-k9hm-bh92-qfan

vulnerability	VCID-m98m-wbj2-zbdk

vulnerability	VCID-nm4t-6dw6-vbby

vulnerability	VCID-sqj7-9htv-nbfn

vulnerability	VCID-twyf-cbfd-hka1

vulnerability	VCID-up13-8aex-7qfy

vulnerability	VCID-yje9-sb3a-kubp

vulnerability	VCID-yz3v-qgsz-53ew

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/bash@3.1dfsg-8

url pkg:deb/debian/bash@3.2-4

purl pkg:deb/debian/bash@3.2-4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4c4h-9zpn-kkd2

vulnerability	VCID-556k-17z3-auc2

vulnerability	VCID-az8z-jtp2-tyhj

vulnerability	VCID-ba3s-az62-fkdc

vulnerability	VCID-hvf8-a8kf-qqbq

vulnerability	VCID-hxgp-7aap-xqh6

vulnerability	VCID-jqym-yvag-qfcz

vulnerability	VCID-k9hm-bh92-qfan

vulnerability	VCID-m98m-wbj2-zbdk

vulnerability	VCID-nm4t-6dw6-vbby

vulnerability	VCID-sqj7-9htv-nbfn

vulnerability	VCID-twyf-cbfd-hka1

vulnerability	VCID-up13-8aex-7qfy

vulnerability	VCID-yje9-sb3a-kubp

vulnerability	VCID-yz3v-qgsz-53ew

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/bash@3.2-4

url pkg:deb/debian/bash@4.1-3

purl pkg:deb/debian/bash@4.1-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4c4h-9zpn-kkd2

vulnerability	VCID-556k-17z3-auc2

vulnerability	VCID-az8z-jtp2-tyhj

vulnerability	VCID-ba3s-az62-fkdc

vulnerability	VCID-hvf8-a8kf-qqbq

vulnerability	VCID-hxgp-7aap-xqh6

vulnerability	VCID-jqym-yvag-qfcz

vulnerability	VCID-k9hm-bh92-qfan

vulnerability	VCID-m98m-wbj2-zbdk

vulnerability	VCID-nm4t-6dw6-vbby

vulnerability	VCID-sqj7-9htv-nbfn

vulnerability	VCID-up13-8aex-7qfy

vulnerability	VCID-yje9-sb3a-kubp

vulnerability	VCID-yz3v-qgsz-53ew

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/bash@4.1-3

url pkg:deb/debian/bash@4.1-3%2Bdeb6u2

purl pkg:deb/debian/bash@4.1-3%2Bdeb6u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4c4h-9zpn-kkd2

vulnerability	VCID-556k-17z3-auc2

vulnerability	VCID-az8z-jtp2-tyhj

vulnerability	VCID-ba3s-az62-fkdc

vulnerability	VCID-hvf8-a8kf-qqbq

vulnerability	VCID-hxgp-7aap-xqh6

vulnerability	VCID-jqym-yvag-qfcz

vulnerability	VCID-k9hm-bh92-qfan

vulnerability	VCID-m98m-wbj2-zbdk

vulnerability	VCID-nm4t-6dw6-vbby

vulnerability	VCID-sqj7-9htv-nbfn

vulnerability	VCID-up13-8aex-7qfy

vulnerability	VCID-yje9-sb3a-kubp

vulnerability	VCID-yz3v-qgsz-53ew

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/bash@4.1-3%252Bdeb6u2

url pkg:deb/debian/bash@4.2%2Bdfsg-0.1%2Bdeb7u3

purl pkg:deb/debian/bash@4.2%2Bdfsg-0.1%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4c4h-9zpn-kkd2

vulnerability	VCID-556k-17z3-auc2

vulnerability	VCID-az8z-jtp2-tyhj

vulnerability	VCID-ba3s-az62-fkdc

vulnerability	VCID-hvf8-a8kf-qqbq

vulnerability	VCID-hxgp-7aap-xqh6

vulnerability	VCID-jqym-yvag-qfcz

vulnerability	VCID-k9hm-bh92-qfan

vulnerability	VCID-nm4t-6dw6-vbby

vulnerability	VCID-sqj7-9htv-nbfn

vulnerability	VCID-up13-8aex-7qfy

vulnerability	VCID-yje9-sb3a-kubp

vulnerability	VCID-yz3v-qgsz-53ew

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/bash@4.2%252Bdfsg-0.1%252Bdeb7u3

url pkg:deb/debian/bash@4.3-11

purl pkg:deb/debian/bash@4.3-11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4c4h-9zpn-kkd2

vulnerability	VCID-556k-17z3-auc2

vulnerability	VCID-hvf8-a8kf-qqbq

vulnerability	VCID-jqym-yvag-qfcz

vulnerability	VCID-nm4t-6dw6-vbby

vulnerability	VCID-up13-8aex-7qfy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/bash@4.3-11

url pkg:deb/debian/bash@4.3-11%2Bdeb8u1

purl pkg:deb/debian/bash@4.3-11%2Bdeb8u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4c4h-9zpn-kkd2

vulnerability	VCID-556k-17z3-auc2

vulnerability	VCID-hvf8-a8kf-qqbq

vulnerability	VCID-jqym-yvag-qfcz

vulnerability	VCID-nm4t-6dw6-vbby

vulnerability	VCID-up13-8aex-7qfy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/bash@4.3-11%252Bdeb8u1

url pkg:rpm/redhat/bash@4.2.46-30?arch=el7_4

purl pkg:rpm/redhat/bash@4.2.46-30?arch=el7_4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jqym-yvag-qfcz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/bash@4.2.46-30%3Farch=el7_4

url pkg:rpm/redhat/bash@4.2.46-32?arch=el7_6

purl pkg:rpm/redhat/bash@4.2.46-32?arch=el7_6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jqym-yvag-qfcz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/bash@4.2.46-32%3Farch=el7_6

url pkg:rpm/redhat/bash@4.2.46-34?arch=el7

purl pkg:rpm/redhat/bash@4.2.46-34?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jqym-yvag-qfcz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/bash@4.2.46-34%3Farch=el7

url pkg:rpm/redhat/bash@4.2.46-34?arch=el7_7

purl pkg:rpm/redhat/bash@4.2.46-34?arch=el7_7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jqym-yvag-qfcz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/bash@4.2.46-34%3Farch=el7_7

References

reference_url	http://git.savannah.gnu.org/cgit/bash.git/tree/CHANGES?h=bash-4.4-testing#n65
reference_id
reference_type
scores
url	http://git.savannah.gnu.org/cgit/bash.git/tree/CHANGES?h=bash-4.4-testing#n65

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00049.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00049.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9924.json

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9924.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-9924

reference_id

reference_type

scores

value	0.00313
scoring_system	epss
scoring_elements	0.54394
published_at	2026-04-01T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54524
published_at	2026-04-18T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54521
published_at	2026-04-16T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54504
published_at	2026-04-12T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54483
published_at	2026-04-13T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54472
published_at	2026-04-02T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54495
published_at	2026-04-04T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54463
published_at	2026-04-07T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54515
published_at	2026-04-08T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54509
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-9924

reference_url	https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1803441
reference_id
reference_type
scores
url	https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1803441

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9924
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9924

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2019/03/msg00028.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/03/msg00028.html

reference_url	https://security.netapp.com/advisory/ntap-20190411-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20190411-0001/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1691774
reference_id	1691774
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1691774

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash::::::::
reference_id	cpe:2.3:a:gnu:bash::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.4:beta1::::::
reference_id	cpe:2.3:a:gnu:bash:4.4:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.4:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:hci_management_node:-:::::::*
reference_id	cpe:2.3:a:netapp:hci_management_node:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:hci_management_node:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:solidfire:-:::::::*
reference_id	cpe:2.3:a:netapp:solidfire:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:solidfire:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::-:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.04::::-:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::-:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:::::::*
reference_id	cpe:2.3:o:opensuse:leap:42.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-9924

reference_id

CVE-2019-9924

reference_type

scores

value	7.2
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:N/C:C/I:C/A:C

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-9924

reference_url	https://access.redhat.com/errata/RHSA-2020:1113
reference_id	RHSA-2020:1113
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1113

reference_url	https://access.redhat.com/errata/RHSA-2020:3474
reference_id	RHSA-2020:3474
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3474

reference_url	https://access.redhat.com/errata/RHSA-2020:3592
reference_id	RHSA-2020:3592
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3592

reference_url	https://access.redhat.com/errata/RHSA-2020:3803
reference_id	RHSA-2020:3803
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3803

reference_url	https://usn.ubuntu.com/4058-1/
reference_id	USN-4058-1
reference_type
scores
url	https://usn.ubuntu.com/4058-1/

reference_url	https://usn.ubuntu.com/4058-2/
reference_id	USN-4058-2
reference_type
scores
url	https://usn.ubuntu.com/4058-2/

Weaknesses

cwe_id	138
name	Improper Neutralization of Special Elements
description	The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as control elements or syntactic markers when they are sent to a downstream component.

cwe_id	862
name	Missing Authorization
description	The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Exploits

Severity_range_score 7.0 - 7.8

Exploitability 0.5

Weighted_severity 7.0

Risk_score 3.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jqym-yvag-qfcz

Vulnerability Instance