Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-9e1p-qt31-xffb
Summarypstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333.
Aliases
0
alias CVE-2008-5377
Fixed_packages
0
url pkg:deb/debian/cups@2.4.17-1?distro=trixie
purl pkg:deb/debian/cups@2.4.17-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1%3Fdistro=trixie
1
url pkg:deb/debian/cups@1.3.8-1lenny1?distro=trixie
purl pkg:deb/debian/cups@1.3.8-1lenny1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@1.3.8-1lenny1%3Fdistro=trixie
2
url pkg:deb/debian/cups@2.3.3op2-3%2Bdeb11u8?distro=trixie
purl pkg:deb/debian/cups@2.3.3op2-3%2Bdeb11u8?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-63fa-a4pr-wqh3
1
vulnerability VCID-b1yf-xuc1-ykak
2
vulnerability VCID-dx89-e1nn-w7gz
3
vulnerability VCID-hc4t-becn-rkcc
4
vulnerability VCID-jy1y-e1nk-p3b4
5
vulnerability VCID-r1q4-2dq2-33ca
6
vulnerability VCID-ry9y-z4e4-yfdh
7
vulnerability VCID-vgtp-sjtt-73e9
8
vulnerability VCID-wr17-e776-bqh1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.3.3op2-3%252Bdeb11u8%3Fdistro=trixie
3
url pkg:deb/debian/cups@2.4.2-3%2Bdeb12u9?distro=trixie
purl pkg:deb/debian/cups@2.4.2-3%2Bdeb12u9?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-63fa-a4pr-wqh3
1
vulnerability VCID-b1yf-xuc1-ykak
2
vulnerability VCID-dx89-e1nn-w7gz
3
vulnerability VCID-hc4t-becn-rkcc
4
vulnerability VCID-jy1y-e1nk-p3b4
5
vulnerability VCID-r1q4-2dq2-33ca
6
vulnerability VCID-ry9y-z4e4-yfdh
7
vulnerability VCID-vgtp-sjtt-73e9
8
vulnerability VCID-wr17-e776-bqh1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.2-3%252Bdeb12u9%3Fdistro=trixie
4
url pkg:deb/debian/cups@2.4.10-3%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/cups@2.4.10-3%2Bdeb13u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-63fa-a4pr-wqh3
1
vulnerability VCID-b1yf-xuc1-ykak
2
vulnerability VCID-dx89-e1nn-w7gz
3
vulnerability VCID-hc4t-becn-rkcc
4
vulnerability VCID-jy1y-e1nk-p3b4
5
vulnerability VCID-r1q4-2dq2-33ca
6
vulnerability VCID-ry9y-z4e4-yfdh
7
vulnerability VCID-vgtp-sjtt-73e9
8
vulnerability VCID-wr17-e776-bqh1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.10-3%252Bdeb13u2%3Fdistro=trixie
5
url pkg:deb/debian/cups@2.4.16-1?distro=trixie
purl pkg:deb/debian/cups@2.4.16-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-63fa-a4pr-wqh3
1
vulnerability VCID-b1yf-xuc1-ykak
2
vulnerability VCID-dx89-e1nn-w7gz
3
vulnerability VCID-hc4t-becn-rkcc
4
vulnerability VCID-r1q4-2dq2-33ca
5
vulnerability VCID-ry9y-z4e4-yfdh
6
vulnerability VCID-vgtp-sjtt-73e9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.16-1%3Fdistro=trixie
Affected_packages
References
0
reference_url http://lists.debian.org/debian-devel/2008/08/msg00347.html
reference_id
reference_type
scores
url http://lists.debian.org/debian-devel/2008/08/msg00347.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5377.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5377.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2008-5377
reference_id
reference_type
scores
0
value 0.00224
scoring_system epss
scoring_elements 0.45184
published_at 2026-04-18T12:55:00Z
1
value 0.00224
scoring_system epss
scoring_elements 0.45051
published_at 2026-04-01T12:55:00Z
2
value 0.00224
scoring_system epss
scoring_elements 0.45132
published_at 2026-04-02T12:55:00Z
3
value 0.00224
scoring_system epss
scoring_elements 0.45154
published_at 2026-04-04T12:55:00Z
4
value 0.00224
scoring_system epss
scoring_elements 0.45096
published_at 2026-04-07T12:55:00Z
5
value 0.00224
scoring_system epss
scoring_elements 0.45149
published_at 2026-04-09T12:55:00Z
6
value 0.00224
scoring_system epss
scoring_elements 0.45171
published_at 2026-04-11T12:55:00Z
7
value 0.00224
scoring_system epss
scoring_elements 0.45138
published_at 2026-04-12T12:55:00Z
8
value 0.00224
scoring_system epss
scoring_elements 0.4514
published_at 2026-04-13T12:55:00Z
9
value 0.00224
scoring_system epss
scoring_elements 0.4519
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2008-5377
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5377
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5377
4
reference_url https://www.exploit-db.com/exploits/7550
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/7550
5
reference_url http://uvw.ru/report.sid.txt
reference_id
reference_type
scores
url http://uvw.ru/report.sid.txt
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:cups:1.3.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apple:cups:1.3.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:cups:1.3.8:*:*:*:*:*:*:*
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2008-5377
reference_id CVE-2008-5377
reference_type
scores
0
value 6.9
scoring_system cvssv2
scoring_elements AV:L/AC:M/Au:N/C:C/I:C/A:C
url https://nvd.nist.gov/vuln/detail/CVE-2008-5377
8
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/7550.c
reference_id CVE-2008-5377;OSVDB-50637
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/7550.c
9
reference_url https://usn.ubuntu.com/707-1/
reference_id USN-707-1
reference_type
scores
url https://usn.ubuntu.com/707-1/
Weaknesses
0
cwe_id 59
name Improper Link Resolution Before File Access ('Link Following')
description The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Exploits
0
date_added 2008-12-21
description CUPS < 1.3.8-4 - Local Privilege Escalation
required_action null
due_date null
notes null
known_ransomware_campaign_use true
source_date_published 2008-12-22
exploit_type local
platform multiple
source_date_updated 2017-01-05
data_source Exploit-DB
source_url
Severity_range_score6.9 - 6.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-9e1p-qt31-xffb