Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-x3ca-drr9-2kdd

Summary A vulnerability was found in 1541492390c yougou-mall up to 0a771fa817c924efe52c8fe0a9a6658eee675f9f. This impacts the function upload/delete of the file src/main/java/per/ccm/ygmall/extra/controller/ResourceController.java. Performing manipulation results in path traversal. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

Aliases

alias	CVE-2025-14965

Fixed_packages

Affected_packages

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-14965

reference_id

reference_type

scores

value	0.0003
scoring_system	epss
scoring_elements	0.0928
published_at	2026-06-14T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.09289
published_at	2026-06-13T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.09288
published_at	2026-06-12T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.09235
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-14965

reference_url

https://vuldb.com/?ctiid.337600

reference_id

?ctiid.337600

reference_type

scores

value	5.2
scoring_system	cvssv2
scoring_elements	AV:A/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:ND/RC:UR

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-19T19:26:59Z/

url

https://vuldb.com/?ctiid.337600

reference_url

https://vuldb.com/?id.337600

reference_id

?id.337600

reference_type

scores

value	5.2
scoring_system	cvssv2
scoring_elements	AV:A/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:ND/RC:UR

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-19T19:26:59Z/

url

https://vuldb.com/?id.337600

reference_url

https://vuldb.com/?submit.717732

reference_id

?submit.717732

reference_type

scores

value	5.2
scoring_system	cvssv2
scoring_elements	AV:A/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:ND/RC:UR

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-19T19:26:59Z/

url

https://vuldb.com/?submit.717732

reference_url

https://vuldb.com/?submit.721081

reference_id

?submit.721081

reference_type

scores

value	5.2
scoring_system	cvssv2
scoring_elements	AV:A/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:ND/RC:UR

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-19T19:26:59Z/

url

https://vuldb.com/?submit.721081

reference_url

https://github.com/zyhzheng500-maker/cve/blob/main/yougou-mall%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md

reference_id

yougou-mall%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md

reference_type

scores

value	5.2
scoring_system	cvssv2
scoring_elements	AV:A/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:ND/RC:UR

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-19T19:26:59Z/

url

https://github.com/zyhzheng500-maker/cve/blob/main/yougou-mall%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md

reference_url

https://github.com/zyhzheng500-maker/cve/blob/main/yougou-mall%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%88%A0%E9%99%A4.md

reference_id

yougou-mall%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%88%A0%E9%99%A4.md

reference_type

scores

value	5.2
scoring_system	cvssv2
scoring_elements	AV:A/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:ND/RC:UR

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-19T19:26:59Z/

url

https://github.com/zyhzheng500-maker/cve/blob/main/yougou-mall%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%88%A0%E9%99%A4.md

Weaknesses

cwe_id	22
name	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
description	The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Exploits

Severity_range_score 5.1 - 5.5

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x3ca-drr9-2kdd

Vulnerability Instance