Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-acg5-4qjn-sudc

Summary A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions.

Aliases

alias	PYSEC-2020-182

Fixed_packages

url pkg:pypi/ecdsa@0.13.3

purl pkg:pypi/ecdsa@0.13.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ebg3-6ssf-dkcy

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ecdsa@0.13.3

Affected_packages

url pkg:pypi/ecdsa@0.6

purl pkg:pypi/ecdsa@0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pe3-67b4-yqae

vulnerability	VCID-acg5-4qjn-sudc

vulnerability	VCID-ebg3-6ssf-dkcy

vulnerability	VCID-qrf7-gnjg-bfat

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ecdsa@0.6

url pkg:pypi/ecdsa@0.7

purl pkg:pypi/ecdsa@0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pe3-67b4-yqae

vulnerability	VCID-acg5-4qjn-sudc

vulnerability	VCID-ebg3-6ssf-dkcy

vulnerability	VCID-qrf7-gnjg-bfat

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ecdsa@0.7

url pkg:pypi/ecdsa@0.8

purl pkg:pypi/ecdsa@0.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pe3-67b4-yqae

vulnerability	VCID-acg5-4qjn-sudc

vulnerability	VCID-ebg3-6ssf-dkcy

vulnerability	VCID-qrf7-gnjg-bfat

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ecdsa@0.8

url pkg:pypi/ecdsa@0.9

purl pkg:pypi/ecdsa@0.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pe3-67b4-yqae

vulnerability	VCID-acg5-4qjn-sudc

vulnerability	VCID-ebg3-6ssf-dkcy

vulnerability	VCID-qrf7-gnjg-bfat

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ecdsa@0.9

url pkg:pypi/ecdsa@0.10

purl pkg:pypi/ecdsa@0.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pe3-67b4-yqae

vulnerability	VCID-acg5-4qjn-sudc

vulnerability	VCID-ebg3-6ssf-dkcy

vulnerability	VCID-qrf7-gnjg-bfat

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ecdsa@0.10

url pkg:pypi/ecdsa@0.11

purl pkg:pypi/ecdsa@0.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pe3-67b4-yqae

vulnerability	VCID-acg5-4qjn-sudc

vulnerability	VCID-ebg3-6ssf-dkcy

vulnerability	VCID-qrf7-gnjg-bfat

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ecdsa@0.11

url pkg:pypi/ecdsa@0.12

purl pkg:pypi/ecdsa@0.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pe3-67b4-yqae

vulnerability	VCID-acg5-4qjn-sudc

vulnerability	VCID-ebg3-6ssf-dkcy

vulnerability	VCID-qrf7-gnjg-bfat

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ecdsa@0.12

url pkg:pypi/ecdsa@0.13

purl pkg:pypi/ecdsa@0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pe3-67b4-yqae

vulnerability	VCID-acg5-4qjn-sudc

vulnerability	VCID-ebg3-6ssf-dkcy

vulnerability	VCID-qrf7-gnjg-bfat

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ecdsa@0.13

url pkg:pypi/ecdsa@0.13.1

purl pkg:pypi/ecdsa@0.13.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pe3-67b4-yqae

vulnerability	VCID-acg5-4qjn-sudc

vulnerability	VCID-ebg3-6ssf-dkcy

vulnerability	VCID-qrf7-gnjg-bfat

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ecdsa@0.13.1

url pkg:pypi/ecdsa@0.13.2

purl pkg:pypi/ecdsa@0.13.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pe3-67b4-yqae

vulnerability	VCID-acg5-4qjn-sudc

vulnerability	VCID-ebg3-6ssf-dkcy

vulnerability	VCID-qrf7-gnjg-bfat

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ecdsa@0.13.2

References

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14859
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14859

reference_url	https://github.com/warner/python-ecdsa/issues/114
reference_id
reference_type
scores
url	https://github.com/warner/python-ecdsa/issues/114

reference_url	https://github.com/warner/python-ecdsa/releases/tag/python-ecdsa-0.13.3
reference_id
reference_type
scores
url	https://github.com/warner/python-ecdsa/releases/tag/python-ecdsa-0.13.3

reference_url	https://pypi.org/project/ecdsa/0.13.3/
reference_id
reference_type
scores
url	https://pypi.org/project/ecdsa/0.13.3/

Weaknesses

Exploits

Severity_range_score null

Exploitability 0.5

Weighted_severity 0.0

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-acg5-4qjn-sudc

Vulnerability Instance