Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-kj8y-frmg-abc9

Summary postgresql: Start scripts permit database administrator to modify root-owned files

Aliases

alias	CVE-2017-15097

Fixed_packages

Affected_packages

url pkg:rpm/redhat/postgresql@9.2.23-3?arch=el7_4

purl pkg:rpm/redhat/postgresql@9.2.23-3?arch=el7_4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kj8y-frmg-abc9

vulnerability	VCID-qnt9-qr7p-wkhy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/postgresql@9.2.23-3%3Farch=el7_4

url pkg:rpm/redhat/rh-postgresql94-postgresql@9.4.14-2?arch=el6

purl pkg:rpm/redhat/rh-postgresql94-postgresql@9.4.14-2?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kj8y-frmg-abc9

vulnerability	VCID-qnt9-qr7p-wkhy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-postgresql94-postgresql@9.4.14-2%3Farch=el6

url pkg:rpm/redhat/rh-postgresql94-postgresql@9.4.14-2?arch=el7

purl pkg:rpm/redhat/rh-postgresql94-postgresql@9.4.14-2?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kj8y-frmg-abc9

vulnerability	VCID-qnt9-qr7p-wkhy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-postgresql94-postgresql@9.4.14-2%3Farch=el7

url pkg:rpm/redhat/rh-postgresql95-postgresql@9.5.9-4?arch=el7

purl pkg:rpm/redhat/rh-postgresql95-postgresql@9.5.9-4?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kj8y-frmg-abc9

vulnerability	VCID-qnt9-qr7p-wkhy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-postgresql95-postgresql@9.5.9-4%3Farch=el7

url pkg:rpm/redhat/rh-postgresql95-postgresql@9.5.9-4?arch=el6

purl pkg:rpm/redhat/rh-postgresql95-postgresql@9.5.9-4?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kj8y-frmg-abc9

vulnerability	VCID-qnt9-qr7p-wkhy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-postgresql95-postgresql@9.5.9-4%3Farch=el6

url pkg:rpm/redhat/rh-postgresql96-postgresql@9.6.5-2?arch=el6

purl pkg:rpm/redhat/rh-postgresql96-postgresql@9.6.5-2?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kj8y-frmg-abc9

vulnerability	VCID-qnt9-qr7p-wkhy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-postgresql96-postgresql@9.6.5-2%3Farch=el6

url pkg:rpm/redhat/rh-postgresql96-postgresql@9.6.5-2?arch=el7

purl pkg:rpm/redhat/rh-postgresql96-postgresql@9.6.5-2?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kj8y-frmg-abc9

vulnerability	VCID-qnt9-qr7p-wkhy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-postgresql96-postgresql@9.6.5-2%3Farch=el7

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15097.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15097.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-15097

reference_id

reference_type

scores

value	0.00039
scoring_system	epss
scoring_elements	0.11762
published_at	2026-04-01T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.1188
published_at	2026-04-02T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11925
published_at	2026-04-04T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11712
published_at	2026-04-07T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11796
published_at	2026-04-08T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11848
published_at	2026-04-09T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11859
published_at	2026-04-11T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.1182
published_at	2026-04-12T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11793
published_at	2026-04-13T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11659
published_at	2026-04-18T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11779
published_at	2026-04-21T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11749
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15097

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1508985
reference_id	1508985
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1508985

reference_url	https://access.redhat.com/errata/RHSA-2017:3402
reference_id	RHSA-2017:3402
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3402

reference_url	https://access.redhat.com/errata/RHSA-2017:3403
reference_id	RHSA-2017:3403
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3403

reference_url	https://access.redhat.com/errata/RHSA-2017:3404
reference_id	RHSA-2017:3404
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3404

reference_url	https://access.redhat.com/errata/RHSA-2017:3405
reference_id	RHSA-2017:3405
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3405

Weaknesses

cwe_id	59
name	Improper Link Resolution Before File Access ('Link Following')
description	The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Exploits

Severity_range_score 6.5 - 6.5

Exploitability 0.5

Weighted_severity 5.9

Risk_score 3.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kj8y-frmg-abc9

Vulnerability Instance