Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/drupal/core@6.0.0
Typecomposer
Namespacedrupal
Namecore
Version6.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version7.58.0
Latest_non_vulnerable_version11.2.8
Affected_by_vulnerabilities
0
url VCID-mscp-wvvx-zfh3
vulnerability_id VCID-mscp-wvvx-zfh3
summary 
Saving user accounts can sometimes grant the user all roles
The User module in Drupal allows remote attackers to gain privileges by leveraging contributed or custom code that calls the `user_save` function with an explicit category and loads all roles into the array.
references
0
reference_url https://www.drupal.org/SA-CORE-2016-001
reference_id
reference_type
scores
url https://www.drupal.org/SA-CORE-2016-001
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-3169
reference_id CVE-2016-3169
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-3169
fixed_packages
0
url pkg:composer/drupal/core@8.0.0
purl pkg:composer/drupal/core@8.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2989-fmjz-nkby
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-31qy-vagp-83b6
4
vulnerability VCID-3xk4-qwaq-5yaj
5
vulnerability VCID-4dpp-gg2v-q3et
6
vulnerability VCID-56ze-2yw2-bfh8
7
vulnerability VCID-5c5c-m7ba-kqct
8
vulnerability VCID-7v89-2sss-hfaz
9
vulnerability VCID-9nk8-dban-g7h9
10
vulnerability VCID-a3s2-c4k2-4ufn
11
vulnerability VCID-a4u4-ga84-wyf9
12
vulnerability VCID-a7ss-tkb6-gkge
13
vulnerability VCID-ah3h-t9qa-gudr
14
vulnerability VCID-ard5-3cjv-1beu
15
vulnerability VCID-asm8-guag-b3ep
16
vulnerability VCID-avmn-kqky-83dd
17
vulnerability VCID-ay6b-1a7z-qkas
18
vulnerability VCID-bq2j-t19h-zyad
19
vulnerability VCID-dav9-pgdh-8yey
20
vulnerability VCID-dyhz-g3nv-yuc3
21
vulnerability VCID-e12q-qavs-qybu
22
vulnerability VCID-e8un-nbkk-cbf9
23
vulnerability VCID-egtv-y9w1-skgr
24
vulnerability VCID-jrhg-3271-tqdy
25
vulnerability VCID-kzrs-mrga-nyej
26
vulnerability VCID-mm13-6dhq-nqfb
27
vulnerability VCID-myja-t33q-q3cv
28
vulnerability VCID-nacy-y1qt-5yhb
29
vulnerability VCID-ng6g-hvc2-bkg4
30
vulnerability VCID-p54u-b18k-jyft
31
vulnerability VCID-pgnc-fq4m-3kaz
32
vulnerability VCID-pmmq-8s2m-h7dp
33
vulnerability VCID-pnme-dc73-efcb
34
vulnerability VCID-qsuc-53pg-zkda
35
vulnerability VCID-rd4g-h1j9-23cb
36
vulnerability VCID-rsc6-y1uv-6bfq
37
vulnerability VCID-t89y-c9hq-9bhk
38
vulnerability VCID-ta99-gcmk-2qc8
39
vulnerability VCID-tpzm-u3qp-akc8
40
vulnerability VCID-w4ks-ufnz-vfav
41
vulnerability VCID-wapd-e3mu-sffn
42
vulnerability VCID-wsv7-je8g-sqet
43
vulnerability VCID-wszp-2es5-z7fy
44
vulnerability VCID-x34m-u169-1bce
45
vulnerability VCID-y1nb-prqc-suaj
46
vulnerability VCID-yq4q-hydz-vuga
47
vulnerability VCID-yygb-pp11-5udj
48
vulnerability VCID-zqer-y4s4-hqhy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.0
aliases CVE-2016-3169
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mscp-wvvx-zfh3
1
url VCID-n5n3-p5yy-13d9
vulnerability_id VCID-n5n3-p5yy-13d9
summary 
Open redirect via path manipulation
Drupal might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on an error page, related to path manipulation.
references
0
reference_url https://www.drupal.org/SA-CORE-2016-001
reference_id
reference_type
scores
url https://www.drupal.org/SA-CORE-2016-001
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-3164
reference_id CVE-2016-3164
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-3164
fixed_packages
0
url pkg:composer/drupal/core@8.0.4
purl pkg:composer/drupal/core@8.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.4
aliases CVE-2016-3164
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n5n3-p5yy-13d9
2
url VCID-s5qd-cpvc-c3cd
vulnerability_id VCID-s5qd-cpvc-c3cd
summary 
Improper Access Control
The Form API in Drupal ignores access restrictions on submit buttons, which might allow remote attackers to bypass intended access restrictions by leveraging permission to submit a form with a button that has `#access` set to `FALSE` in the server-side form definition.
references
0
reference_url https://www.drupal.org/SA-CORE-2016-001
reference_id
reference_type
scores
url https://www.drupal.org/SA-CORE-2016-001
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-3165
reference_id CVE-2016-3165
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-3165
fixed_packages
0
url pkg:composer/drupal/core@8.0.0
purl pkg:composer/drupal/core@8.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2989-fmjz-nkby
1
vulnerability VCID-2fas-m6vh-myhc
2
vulnerability VCID-2t34-82p3-73c3
3
vulnerability VCID-31qy-vagp-83b6
4
vulnerability VCID-3xk4-qwaq-5yaj
5
vulnerability VCID-4dpp-gg2v-q3et
6
vulnerability VCID-56ze-2yw2-bfh8
7
vulnerability VCID-5c5c-m7ba-kqct
8
vulnerability VCID-7v89-2sss-hfaz
9
vulnerability VCID-9nk8-dban-g7h9
10
vulnerability VCID-a3s2-c4k2-4ufn
11
vulnerability VCID-a4u4-ga84-wyf9
12
vulnerability VCID-a7ss-tkb6-gkge
13
vulnerability VCID-ah3h-t9qa-gudr
14
vulnerability VCID-ard5-3cjv-1beu
15
vulnerability VCID-asm8-guag-b3ep
16
vulnerability VCID-avmn-kqky-83dd
17
vulnerability VCID-ay6b-1a7z-qkas
18
vulnerability VCID-bq2j-t19h-zyad
19
vulnerability VCID-dav9-pgdh-8yey
20
vulnerability VCID-dyhz-g3nv-yuc3
21
vulnerability VCID-e12q-qavs-qybu
22
vulnerability VCID-e8un-nbkk-cbf9
23
vulnerability VCID-egtv-y9w1-skgr
24
vulnerability VCID-jrhg-3271-tqdy
25
vulnerability VCID-kzrs-mrga-nyej
26
vulnerability VCID-mm13-6dhq-nqfb
27
vulnerability VCID-myja-t33q-q3cv
28
vulnerability VCID-nacy-y1qt-5yhb
29
vulnerability VCID-ng6g-hvc2-bkg4
30
vulnerability VCID-p54u-b18k-jyft
31
vulnerability VCID-pgnc-fq4m-3kaz
32
vulnerability VCID-pmmq-8s2m-h7dp
33
vulnerability VCID-pnme-dc73-efcb
34
vulnerability VCID-qsuc-53pg-zkda
35
vulnerability VCID-rd4g-h1j9-23cb
36
vulnerability VCID-rsc6-y1uv-6bfq
37
vulnerability VCID-t89y-c9hq-9bhk
38
vulnerability VCID-ta99-gcmk-2qc8
39
vulnerability VCID-tpzm-u3qp-akc8
40
vulnerability VCID-w4ks-ufnz-vfav
41
vulnerability VCID-wapd-e3mu-sffn
42
vulnerability VCID-wsv7-je8g-sqet
43
vulnerability VCID-wszp-2es5-z7fy
44
vulnerability VCID-x34m-u169-1bce
45
vulnerability VCID-y1nb-prqc-suaj
46
vulnerability VCID-yq4q-hydz-vuga
47
vulnerability VCID-yygb-pp11-5udj
48
vulnerability VCID-zqer-y4s4-hqhy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.0
aliases CVE-2016-3165
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s5qd-cpvc-c3cd
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@6.0.0