Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-7ryv-jjw4-b7gh

Summary

Arbitrary Code Execution in Cookie Serialization
The default serialization used by Plug session may result in code execution
  in certain situations. Keep in mind, however, the session cookie is signed
  and this attack can only be exploited if the attacker has access to your
  secret key as well as your signing/encryption salts. We recommend users to
  change their secret key base and salts if they suspect they have been leaked,
  regardless of this vulnerability.

Aliases

alias	CVE-2017-1000053

alias	GHSA-5v4m-c73v-c7gq

Fixed_packages

url pkg:hex/plug@1.0.4

purl pkg:hex/plug@1.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.0.4

url pkg:hex/plug@1.1.7

purl pkg:hex/plug@1.1.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.1.7

url pkg:hex/plug@1.2.3

purl pkg:hex/plug@1.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.2.3

url pkg:hex/plug@1.3.2

purl pkg:hex/plug@1.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.3.2

Affected_packages

url pkg:hex/plug@0.4.1

purl pkg:hex/plug@0.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.4.1

url pkg:hex/plug@0.4.2

purl pkg:hex/plug@0.4.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.4.2

url pkg:hex/plug@0.4.3

purl pkg:hex/plug@0.4.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.4.3

url pkg:hex/plug@0.4.4

purl pkg:hex/plug@0.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.4.4

url pkg:hex/plug@0.5.0

purl pkg:hex/plug@0.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.5.0

url pkg:hex/plug@0.5.1

purl pkg:hex/plug@0.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.5.1

url pkg:hex/plug@0.5.2

purl pkg:hex/plug@0.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.5.2

url pkg:hex/plug@0.5.3

purl pkg:hex/plug@0.5.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.5.3

url pkg:hex/plug@0.6.0

purl pkg:hex/plug@0.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.6.0

url pkg:hex/plug@0.7.0

purl pkg:hex/plug@0.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.7.0

url pkg:hex/plug@0.8.0

purl pkg:hex/plug@0.8.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.8.0

url pkg:hex/plug@0.8.1

purl pkg:hex/plug@0.8.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.8.1

url pkg:hex/plug@0.8.2

purl pkg:hex/plug@0.8.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.8.2

url pkg:hex/plug@0.8.3

purl pkg:hex/plug@0.8.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.8.3

url pkg:hex/plug@0.8.4

purl pkg:hex/plug@0.8.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.8.4

url pkg:hex/plug@0.9.0

purl pkg:hex/plug@0.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.9.0

url pkg:hex/plug@0.10.0

purl pkg:hex/plug@0.10.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.10.0

url pkg:hex/plug@0.11.0

purl pkg:hex/plug@0.11.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.11.0

url pkg:hex/plug@0.11.1

purl pkg:hex/plug@0.11.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.11.1

url pkg:hex/plug@0.11.2

purl pkg:hex/plug@0.11.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.11.2

url pkg:hex/plug@0.11.3

purl pkg:hex/plug@0.11.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.11.3

url pkg:hex/plug@0.12.0

purl pkg:hex/plug@0.12.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.12.0

url pkg:hex/plug@0.12.1

purl pkg:hex/plug@0.12.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.12.1

url pkg:hex/plug@0.12.2

purl pkg:hex/plug@0.12.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.12.2

url pkg:hex/plug@0.13.0

purl pkg:hex/plug@0.13.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.13.0

url pkg:hex/plug@0.13.1

purl pkg:hex/plug@0.13.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.13.1

url pkg:hex/plug@0.14.0

purl pkg:hex/plug@0.14.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.14.0

url pkg:hex/plug@1.0.0

purl pkg:hex/plug@1.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.0.0

url pkg:hex/plug@1.0.1

purl pkg:hex/plug@1.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.0.1

url pkg:hex/plug@1.0.2

purl pkg:hex/plug@1.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.0.2

url pkg:hex/plug@1.0.3

purl pkg:hex/plug@1.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.0.3

url pkg:hex/plug@1.1.0

purl pkg:hex/plug@1.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.1.0

url pkg:hex/plug@1.1.1

purl pkg:hex/plug@1.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.1.1

url pkg:hex/plug@1.1.2

purl pkg:hex/plug@1.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.1.2

url pkg:hex/plug@1.1.3

purl pkg:hex/plug@1.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.1.3

url pkg:hex/plug@1.1.4

purl pkg:hex/plug@1.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.1.4

url pkg:hex/plug@1.1.5

purl pkg:hex/plug@1.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.1.5

url pkg:hex/plug@1.1.6

purl pkg:hex/plug@1.1.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.1.6

url pkg:hex/plug@1.2.0-rc.0

purl pkg:hex/plug@1.2.0-rc.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.2.0-rc.0

url pkg:hex/plug@1.2.0

purl pkg:hex/plug@1.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.2.0

url pkg:hex/plug@1.2.1

purl pkg:hex/plug@1.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.2.1

url pkg:hex/plug@1.2.2

purl pkg:hex/plug@1.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.2.2

url pkg:hex/plug@1.3.0

purl pkg:hex/plug@1.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.3.0

url pkg:hex/plug@1.3.1

purl pkg:hex/plug@1.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.3.1

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000053

reference_id

reference_type

scores

value	0.01075
scoring_system	epss
scoring_elements	0.78131
published_at	2026-06-04T12:55:00Z

value	0.01075
scoring_system	epss
scoring_elements	0.78164
published_at	2026-06-06T12:55:00Z

value	0.01075
scoring_system	epss
scoring_elements	0.78157
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000053

reference_url

https://elixirforum.com/t/security-releases-for-plug/3913

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://elixirforum.com/t/security-releases-for-plug/3913

reference_url	https://elixirforum.com/t/static-and-session-security-fixes-for-plug/3913
reference_id
reference_type
scores
url	https://elixirforum.com/t/static-and-session-security-fixes-for-plug/3913

reference_url

https://github.com/elixir-plug/plug

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/elixir-plug/plug

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-1000053

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-1000053

Weaknesses

cwe_id	502
name	Deserialization of Untrusted Data
description	The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ryv-jjw4-b7gh

Vulnerability Instance