Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-6t3x-xag4-7fdq
Summaryxzgrep: incorrect parsing of filenames containing a semicolon
Aliases
0
alias CVE-2015-4035
Fixed_packages
0
url pkg:deb/debian/xz-utils@0?distro=trixie
purl pkg:deb/debian/xz-utils@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xz-utils@0%3Fdistro=trixie
1
url pkg:deb/debian/xz-utils@5.2.5-2.1~deb11u1?distro=trixie
purl pkg:deb/debian/xz-utils@5.2.5-2.1~deb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d4bu-exey-kqf8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xz-utils@5.2.5-2.1~deb11u1%3Fdistro=trixie
2
url pkg:deb/debian/xz-utils@5.4.1-1?distro=trixie
purl pkg:deb/debian/xz-utils@5.4.1-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d4bu-exey-kqf8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xz-utils@5.4.1-1%3Fdistro=trixie
3
url pkg:deb/debian/xz-utils@5.8.1-1?distro=trixie
purl pkg:deb/debian/xz-utils@5.8.1-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d4bu-exey-kqf8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xz-utils@5.8.1-1%3Fdistro=trixie
4
url pkg:deb/debian/xz-utils@5.8.2-2?distro=trixie
purl pkg:deb/debian/xz-utils@5.8.2-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d4bu-exey-kqf8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xz-utils@5.8.2-2%3Fdistro=trixie
5
url pkg:deb/debian/xz-utils@5.8.3-1?distro=trixie
purl pkg:deb/debian/xz-utils@5.8.3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xz-utils@5.8.3-1%3Fdistro=trixie
Affected_packages
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4035.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4035.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-4035
reference_id
reference_type
scores
0
value 0.00612
scoring_system epss
scoring_elements 0.69744
published_at 2026-04-01T12:55:00Z
1
value 0.00612
scoring_system epss
scoring_elements 0.69756
published_at 2026-04-02T12:55:00Z
2
value 0.00612
scoring_system epss
scoring_elements 0.69772
published_at 2026-04-04T12:55:00Z
3
value 0.00612
scoring_system epss
scoring_elements 0.69748
published_at 2026-04-07T12:55:00Z
4
value 0.00612
scoring_system epss
scoring_elements 0.69796
published_at 2026-04-08T12:55:00Z
5
value 0.00612
scoring_system epss
scoring_elements 0.69812
published_at 2026-04-09T12:55:00Z
6
value 0.00612
scoring_system epss
scoring_elements 0.69835
published_at 2026-04-11T12:55:00Z
7
value 0.00612
scoring_system epss
scoring_elements 0.6982
published_at 2026-04-12T12:55:00Z
8
value 0.00612
scoring_system epss
scoring_elements 0.69805
published_at 2026-04-13T12:55:00Z
9
value 0.00612
scoring_system epss
scoring_elements 0.69847
published_at 2026-04-16T12:55:00Z
10
value 0.00612
scoring_system epss
scoring_elements 0.69856
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-4035
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1223341
reference_id 1223341
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1223341
Weaknesses
0
cwe_id 20
name Improper Input Validation
description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
1
cwe_id 77
name Improper Neutralization of Special Elements used in a Command ('Command Injection')
description The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-6t3x-xag4-7fdq