Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-r54j-ydjm-4uca
SummaryInsecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the action_createconfig function. NOTE: this is disputed by the Supplier because the impact is limited to creating empty files outside of the Asterisk product directory (aka directory traversal) and the attack can only be performed by a privileged user who has the ability to manage the configuration.
Aliases
0
alias CVE-2024-57520
Fixed_packages
0
url pkg:deb/debian/asterisk@1:22.3.0~dfsg%2B~cs6.15.60671435-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.3.0~dfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.3.0~dfsg%252B~cs6.15.60671435-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
Affected_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qxc-4xk5-2feu
1
vulnerability VCID-2qjc-yspn-xydj
2
vulnerability VCID-43ff-97jw-hkce
3
vulnerability VCID-63fe-saga-13ct
4
vulnerability VCID-8kjy-xtm2-bqan
5
vulnerability VCID-9u4p-wdky-a3h1
6
vulnerability VCID-gy3u-c6dc-sbbn
7
vulnerability VCID-phb4-xaj7-byg2
8
vulnerability VCID-qcqe-63ev-f7gv
9
vulnerability VCID-r54j-ydjm-4uca
10
vulnerability VCID-u91b-9huy-43hn
11
vulnerability VCID-ytty-tbs1-ffc7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r54j-ydjm-4uca
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-57520
reference_id
reference_type
scores
0
value 0.03515
scoring_system epss
scoring_elements 0.87634
published_at 2026-04-13T12:55:00Z
1
value 0.03515
scoring_system epss
scoring_elements 0.87624
published_at 2026-04-08T12:55:00Z
2
value 0.03515
scoring_system epss
scoring_elements 0.8763
published_at 2026-04-09T12:55:00Z
3
value 0.03515
scoring_system epss
scoring_elements 0.87641
published_at 2026-04-11T12:55:00Z
4
value 0.03515
scoring_system epss
scoring_elements 0.87636
published_at 2026-04-12T12:55:00Z
5
value 0.03515
scoring_system epss
scoring_elements 0.87588
published_at 2026-04-02T12:55:00Z
6
value 0.03515
scoring_system epss
scoring_elements 0.87601
published_at 2026-04-04T12:55:00Z
7
value 0.03515
scoring_system epss
scoring_elements 0.87604
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-57520
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57520
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57520
2
reference_url https://github.com/asterisk/asterisk/issues/1122
reference_id 1122
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-06T15:16:16Z/
url https://github.com/asterisk/asterisk/issues/1122
3
reference_url https://gist.github.com/hyp164D1/ae76ab25acfbe263b2ed7b24b6e5c621
reference_id ae76ab25acfbe263b2ed7b24b6e5c621
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-06T15:16:16Z/
url https://gist.github.com/hyp164D1/ae76ab25acfbe263b2ed7b24b6e5c621
Weaknesses
Exploits
Severity_range_score9.8 - 9.8
Exploitability0.5
Weighted_severity8.8
Risk_score4.4
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-r54j-ydjm-4uca