Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-bxwq-t8nc-m7gu
Summary
Insecure Default Initialization of Resource
GitHub Electron is affected by a `WebPreferences` vulnerability that can be leveraged to perform remote code execution.
Aliases
0
alias CVE-2018-15685
1
alias GHSA-hv9c-qwqg-qj3v
Fixed_packages
0
url pkg:npm/electron@1.7.16
purl pkg:npm/electron@1.7.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1x44-uf31-1ydv
1
vulnerability VCID-7eu1-94qk-nuar
2
vulnerability VCID-a795-r67e-p3ck
3
vulnerability VCID-a84t-cjcb-tqcw
4
vulnerability VCID-f81v-9fv8-93cd
5
vulnerability VCID-fahk-eg3e-x7cu
6
vulnerability VCID-j7d6-zp3s-67fq
7
vulnerability VCID-nx5d-r4jc-77df
8
vulnerability VCID-p167-yf3n-6qd5
9
vulnerability VCID-qd52-rbd7-qkbn
10
vulnerability VCID-w7f7-5frp-n3br
11
vulnerability VCID-xys1-xe1s-jqha
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@1.7.16
1
url pkg:npm/electron@1.8.8
purl pkg:npm/electron@1.8.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1x44-uf31-1ydv
1
vulnerability VCID-7eu1-94qk-nuar
2
vulnerability VCID-a795-r67e-p3ck
3
vulnerability VCID-a84t-cjcb-tqcw
4
vulnerability VCID-f81v-9fv8-93cd
5
vulnerability VCID-fahk-eg3e-x7cu
6
vulnerability VCID-j7d6-zp3s-67fq
7
vulnerability VCID-nx5d-r4jc-77df
8
vulnerability VCID-p167-yf3n-6qd5
9
vulnerability VCID-qd52-rbd7-qkbn
10
vulnerability VCID-w7f7-5frp-n3br
11
vulnerability VCID-xys1-xe1s-jqha
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@1.8.8
2
url pkg:npm/electron@2.0.8-nightly.20180819
purl pkg:npm/electron@2.0.8-nightly.20180819
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1x44-uf31-1ydv
1
vulnerability VCID-7eu1-94qk-nuar
2
vulnerability VCID-a795-r67e-p3ck
3
vulnerability VCID-a84t-cjcb-tqcw
4
vulnerability VCID-f81v-9fv8-93cd
5
vulnerability VCID-fahk-eg3e-x7cu
6
vulnerability VCID-j7d6-zp3s-67fq
7
vulnerability VCID-nx5d-r4jc-77df
8
vulnerability VCID-p167-yf3n-6qd5
9
vulnerability VCID-qd52-rbd7-qkbn
10
vulnerability VCID-w7f7-5frp-n3br
11
vulnerability VCID-xys1-xe1s-jqha
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@2.0.8-nightly.20180819
3
url pkg:npm/electron@2.0.8
purl pkg:npm/electron@2.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1x44-uf31-1ydv
1
vulnerability VCID-7eu1-94qk-nuar
2
vulnerability VCID-a795-r67e-p3ck
3
vulnerability VCID-a84t-cjcb-tqcw
4
vulnerability VCID-f81v-9fv8-93cd
5
vulnerability VCID-fahk-eg3e-x7cu
6
vulnerability VCID-j7d6-zp3s-67fq
7
vulnerability VCID-nx5d-r4jc-77df
8
vulnerability VCID-p167-yf3n-6qd5
9
vulnerability VCID-qd52-rbd7-qkbn
10
vulnerability VCID-w7f7-5frp-n3br
11
vulnerability VCID-xys1-xe1s-jqha
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@2.0.8
4
url pkg:npm/electron@3.0.0-beta.3
purl pkg:npm/electron@3.0.0-beta.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1x44-uf31-1ydv
1
vulnerability VCID-7eu1-94qk-nuar
2
vulnerability VCID-a795-r67e-p3ck
3
vulnerability VCID-a84t-cjcb-tqcw
4
vulnerability VCID-f81v-9fv8-93cd
5
vulnerability VCID-fahk-eg3e-x7cu
6
vulnerability VCID-j7d6-zp3s-67fq
7
vulnerability VCID-nx5d-r4jc-77df
8
vulnerability VCID-p167-yf3n-6qd5
9
vulnerability VCID-qd52-rbd7-qkbn
10
vulnerability VCID-w7f7-5frp-n3br
11
vulnerability VCID-xys1-xe1s-jqha
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@3.0.0-beta.3
5
url pkg:npm/electron@3.0.0-beta.7
purl pkg:npm/electron@3.0.0-beta.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1x44-uf31-1ydv
1
vulnerability VCID-7eu1-94qk-nuar
2
vulnerability VCID-a795-r67e-p3ck
3
vulnerability VCID-a84t-cjcb-tqcw
4
vulnerability VCID-f81v-9fv8-93cd
5
vulnerability VCID-fahk-eg3e-x7cu
6
vulnerability VCID-j7d6-zp3s-67fq
7
vulnerability VCID-nx5d-r4jc-77df
8
vulnerability VCID-p167-yf3n-6qd5
9
vulnerability VCID-qd52-rbd7-qkbn
10
vulnerability VCID-w7f7-5frp-n3br
11
vulnerability VCID-xys1-xe1s-jqha
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@3.0.0-beta.7
6
url pkg:npm/electron@3.0.0
purl pkg:npm/electron@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1x44-uf31-1ydv
1
vulnerability VCID-7eu1-94qk-nuar
2
vulnerability VCID-a795-r67e-p3ck
3
vulnerability VCID-a84t-cjcb-tqcw
4
vulnerability VCID-f81v-9fv8-93cd
5
vulnerability VCID-fahk-eg3e-x7cu
6
vulnerability VCID-j7d6-zp3s-67fq
7
vulnerability VCID-nx5d-r4jc-77df
8
vulnerability VCID-p167-yf3n-6qd5
9
vulnerability VCID-qd52-rbd7-qkbn
10
vulnerability VCID-w7f7-5frp-n3br
11
vulnerability VCID-xys1-xe1s-jqha
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@3.0.0
Affected_packages
0
url pkg:npm/electron@1.7.0
purl pkg:npm/electron@1.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1x44-uf31-1ydv
1
vulnerability VCID-4s78-xt9y-1kew
2
vulnerability VCID-7eu1-94qk-nuar
3
vulnerability VCID-a795-r67e-p3ck
4
vulnerability VCID-a84t-cjcb-tqcw
5
vulnerability VCID-bxwq-t8nc-m7gu
6
vulnerability VCID-f81v-9fv8-93cd
7
vulnerability VCID-fahk-eg3e-x7cu
8
vulnerability VCID-hvuh-numa-73am
9
vulnerability VCID-j7d6-zp3s-67fq
10
vulnerability VCID-mhk8-b26h-wqhy
11
vulnerability VCID-nx5d-r4jc-77df
12
vulnerability VCID-p167-yf3n-6qd5
13
vulnerability VCID-q288-pvgc-vkaa
14
vulnerability VCID-qd52-rbd7-qkbn
15
vulnerability VCID-uzwh-4kbj-9kc8
16
vulnerability VCID-w7f7-5frp-n3br
17
vulnerability VCID-xys1-xe1s-jqha
18
vulnerability VCID-ycrz-abm9-hbat
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@1.7.0
1
url pkg:npm/electron@1.7.15
purl pkg:npm/electron@1.7.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1x44-uf31-1ydv
1
vulnerability VCID-7eu1-94qk-nuar
2
vulnerability VCID-a795-r67e-p3ck
3
vulnerability VCID-a84t-cjcb-tqcw
4
vulnerability VCID-bxwq-t8nc-m7gu
5
vulnerability VCID-f81v-9fv8-93cd
6
vulnerability VCID-fahk-eg3e-x7cu
7
vulnerability VCID-j7d6-zp3s-67fq
8
vulnerability VCID-nx5d-r4jc-77df
9
vulnerability VCID-p167-yf3n-6qd5
10
vulnerability VCID-qd52-rbd7-qkbn
11
vulnerability VCID-w7f7-5frp-n3br
12
vulnerability VCID-xys1-xe1s-jqha
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@1.7.15
2
url pkg:npm/electron@1.8.0
purl pkg:npm/electron@1.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4s78-xt9y-1kew
1
vulnerability VCID-bxwq-t8nc-m7gu
2
vulnerability VCID-q288-pvgc-vkaa
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@1.8.0
3
url pkg:npm/electron@1.8.7
purl pkg:npm/electron@1.8.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1x44-uf31-1ydv
1
vulnerability VCID-7eu1-94qk-nuar
2
vulnerability VCID-a795-r67e-p3ck
3
vulnerability VCID-a84t-cjcb-tqcw
4
vulnerability VCID-bxwq-t8nc-m7gu
5
vulnerability VCID-f81v-9fv8-93cd
6
vulnerability VCID-fahk-eg3e-x7cu
7
vulnerability VCID-j7d6-zp3s-67fq
8
vulnerability VCID-nx5d-r4jc-77df
9
vulnerability VCID-p167-yf3n-6qd5
10
vulnerability VCID-qd52-rbd7-qkbn
11
vulnerability VCID-w7f7-5frp-n3br
12
vulnerability VCID-xys1-xe1s-jqha
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@1.8.7
4
url pkg:npm/electron@2.0.0
purl pkg:npm/electron@2.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1x44-uf31-1ydv
1
vulnerability VCID-7eu1-94qk-nuar
2
vulnerability VCID-a795-r67e-p3ck
3
vulnerability VCID-a84t-cjcb-tqcw
4
vulnerability VCID-bxwq-t8nc-m7gu
5
vulnerability VCID-f81v-9fv8-93cd
6
vulnerability VCID-fahk-eg3e-x7cu
7
vulnerability VCID-j7d6-zp3s-67fq
8
vulnerability VCID-nx5d-r4jc-77df
9
vulnerability VCID-p167-yf3n-6qd5
10
vulnerability VCID-qd52-rbd7-qkbn
11
vulnerability VCID-w7f7-5frp-n3br
12
vulnerability VCID-xys1-xe1s-jqha
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@2.0.0
5
url pkg:npm/electron@2.0.7
purl pkg:npm/electron@2.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1x44-uf31-1ydv
1
vulnerability VCID-7eu1-94qk-nuar
2
vulnerability VCID-a795-r67e-p3ck
3
vulnerability VCID-a84t-cjcb-tqcw
4
vulnerability VCID-bxwq-t8nc-m7gu
5
vulnerability VCID-f81v-9fv8-93cd
6
vulnerability VCID-fahk-eg3e-x7cu
7
vulnerability VCID-j7d6-zp3s-67fq
8
vulnerability VCID-nx5d-r4jc-77df
9
vulnerability VCID-p167-yf3n-6qd5
10
vulnerability VCID-qd52-rbd7-qkbn
11
vulnerability VCID-w7f7-5frp-n3br
12
vulnerability VCID-xys1-xe1s-jqha
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@2.0.7
6
url pkg:npm/electron@3.0.0-beta.1
purl pkg:npm/electron@3.0.0-beta.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1x44-uf31-1ydv
1
vulnerability VCID-7eu1-94qk-nuar
2
vulnerability VCID-a795-r67e-p3ck
3
vulnerability VCID-a84t-cjcb-tqcw
4
vulnerability VCID-bxwq-t8nc-m7gu
5
vulnerability VCID-f81v-9fv8-93cd
6
vulnerability VCID-fahk-eg3e-x7cu
7
vulnerability VCID-j7d6-zp3s-67fq
8
vulnerability VCID-nx5d-r4jc-77df
9
vulnerability VCID-p167-yf3n-6qd5
10
vulnerability VCID-qd52-rbd7-qkbn
11
vulnerability VCID-w7f7-5frp-n3br
12
vulnerability VCID-xys1-xe1s-jqha
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@3.0.0-beta.1
7
url pkg:npm/electron@3.0.0-beta.2
purl pkg:npm/electron@3.0.0-beta.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1x44-uf31-1ydv
1
vulnerability VCID-7eu1-94qk-nuar
2
vulnerability VCID-a795-r67e-p3ck
3
vulnerability VCID-a84t-cjcb-tqcw
4
vulnerability VCID-bxwq-t8nc-m7gu
5
vulnerability VCID-f81v-9fv8-93cd
6
vulnerability VCID-fahk-eg3e-x7cu
7
vulnerability VCID-j7d6-zp3s-67fq
8
vulnerability VCID-nx5d-r4jc-77df
9
vulnerability VCID-p167-yf3n-6qd5
10
vulnerability VCID-qd52-rbd7-qkbn
11
vulnerability VCID-w7f7-5frp-n3br
12
vulnerability VCID-xys1-xe1s-jqha
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@3.0.0-beta.2
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-15685
reference_id
reference_type
scores
0
value 0.12681
scoring_system epss
scoring_elements 0.93948
published_at 2026-04-01T12:55:00Z
1
value 0.12681
scoring_system epss
scoring_elements 0.94006
published_at 2026-04-21T12:55:00Z
2
value 0.12681
scoring_system epss
scoring_elements 0.94005
published_at 2026-04-18T12:55:00Z
3
value 0.12681
scoring_system epss
scoring_elements 0.94
published_at 2026-04-16T12:55:00Z
4
value 0.12681
scoring_system epss
scoring_elements 0.93985
published_at 2026-04-13T12:55:00Z
5
value 0.12681
scoring_system epss
scoring_elements 0.93981
published_at 2026-04-09T12:55:00Z
6
value 0.12681
scoring_system epss
scoring_elements 0.93977
published_at 2026-04-08T12:55:00Z
7
value 0.12681
scoring_system epss
scoring_elements 0.93969
published_at 2026-04-07T12:55:00Z
8
value 0.12681
scoring_system epss
scoring_elements 0.93966
published_at 2026-04-04T12:55:00Z
9
value 0.12681
scoring_system epss
scoring_elements 0.93957
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-15685
1
reference_url https://electronjs.org/blog/web-preferences-fix
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://electronjs.org/blog/web-preferences-fix
2
reference_url https://github.com/electron/electron
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron
3
reference_url https://github.com/electron/electron/commit/519a02d8d4d28e8a467acb40fb26172a80c9454f
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/commit/519a02d8d4d28e8a467acb40fb26172a80c9454f
4
reference_url https://github.com/electron/electron/commit/80221e52d93a96ea704cb6748ead669c55cff504
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/commit/80221e52d93a96ea704cb6748ead669c55cff504
5
reference_url https://github.com/electron/electron/commit/bab968ca776be28791e4dddfd50c86bd5fae62fa
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/commit/bab968ca776be28791e4dddfd50c86bd5fae62fa
6
reference_url https://github.com/electron/electron/commit/ef0a6d9a1c96efc4657c6dd3a6624eba969f095b
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/commit/ef0a6d9a1c96efc4657c6dd3a6624eba969f095b
7
reference_url https://www.contrastsecurity.com/security-influencers/cve-2018-15685
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.contrastsecurity.com/security-influencers/cve-2018-15685
8
reference_url https://www.exploit-db.com/exploits/45272
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/45272
9
reference_url https://www.exploit-db.com/exploits/45272/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/45272/
10
reference_url https://www.npmjs.com/advisories/732
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/732
11
reference_url https://github.com/nodejs/security-wg/blob/main/vuln/npm/466.json
reference_id 466
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
url https://github.com/nodejs/security-wg/blob/main/vuln/npm/466.json
12
reference_url https://github.com/matt-/CVE-2018-15685
reference_id CVE-2018-15685
reference_type exploit
scores
url https://github.com/matt-/CVE-2018-15685
13
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45272.txt
reference_id CVE-2018-15685
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45272.txt
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-15685
reference_id CVE-2018-15685
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-15685
15
reference_url https://github.com/advisories/GHSA-hv9c-qwqg-qj3v
reference_id GHSA-hv9c-qwqg-qj3v
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hv9c-qwqg-qj3v
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 1188
name Initialization of a Resource with an Insecure Default
description The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
0
date_added 2018-08-27
description Electron WebPreferences - Remote Code Execution
required_action null
due_date null
notes null
known_ransomware_campaign_use true
source_date_published 2018-08-27
exploit_type remote
platform multiple
source_date_updated 2018-08-27
data_source Exploit-DB
source_url https://github.com/matt-/CVE-2018-15685
Severity_range_score7.0 - 9.8
Exploitability2.0
Weighted_severity8.8
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-bxwq-t8nc-m7gu