Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-dp5c-pz39-ckhp

Summary

Null Byte Injection in Plug.Static
Plug.Static is used for serving static assets, and is vulnerable to null
  byte injection. If file upload functionality is provided, this can allow
  users to bypass filetype restrictions.
  We recommend all applications that provide file upload functionality and
  serve those uploaded files locally with Plug.Static to upgrade immediately
  or include the fix below. If uploaded files are rather stored and served
  from S3 or any other cloud storage, you are not affected.

Aliases

alias	CVE-2017-1000052

alias	GHSA-2q6v-32mr-8p8x

Fixed_packages

url pkg:hex/plug@1.0.4

purl pkg:hex/plug@1.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.0.4

url pkg:hex/plug@1.1.7

purl pkg:hex/plug@1.1.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.1.7

url pkg:hex/plug@1.2.3

purl pkg:hex/plug@1.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.2.3

url pkg:hex/plug@1.3.2

purl pkg:hex/plug@1.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.3.2

Affected_packages

url pkg:hex/plug@0.4.1

purl pkg:hex/plug@0.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.4.1

url pkg:hex/plug@0.4.2

purl pkg:hex/plug@0.4.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.4.2

url pkg:hex/plug@0.4.3

purl pkg:hex/plug@0.4.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.4.3

url pkg:hex/plug@0.4.4

purl pkg:hex/plug@0.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.4.4

url pkg:hex/plug@0.5.0

purl pkg:hex/plug@0.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.5.0

url pkg:hex/plug@0.5.1

purl pkg:hex/plug@0.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.5.1

url pkg:hex/plug@0.5.2

purl pkg:hex/plug@0.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.5.2

url pkg:hex/plug@0.5.3

purl pkg:hex/plug@0.5.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.5.3

url pkg:hex/plug@0.6.0

purl pkg:hex/plug@0.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.6.0

url pkg:hex/plug@0.7.0

purl pkg:hex/plug@0.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.7.0

url pkg:hex/plug@0.8.0

purl pkg:hex/plug@0.8.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.8.0

url pkg:hex/plug@0.8.1

purl pkg:hex/plug@0.8.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.8.1

url pkg:hex/plug@0.8.2

purl pkg:hex/plug@0.8.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.8.2

url pkg:hex/plug@0.8.3

purl pkg:hex/plug@0.8.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.8.3

url pkg:hex/plug@0.8.4

purl pkg:hex/plug@0.8.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.8.4

url pkg:hex/plug@0.9.0

purl pkg:hex/plug@0.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.9.0

url pkg:hex/plug@0.10.0

purl pkg:hex/plug@0.10.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.10.0

url pkg:hex/plug@0.11.0

purl pkg:hex/plug@0.11.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.11.0

url pkg:hex/plug@0.11.1

purl pkg:hex/plug@0.11.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.11.1

url pkg:hex/plug@0.11.2

purl pkg:hex/plug@0.11.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.11.2

url pkg:hex/plug@0.11.3

purl pkg:hex/plug@0.11.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.11.3

url pkg:hex/plug@0.12.0

purl pkg:hex/plug@0.12.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.12.0

url pkg:hex/plug@0.12.1

purl pkg:hex/plug@0.12.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.12.1

url pkg:hex/plug@0.12.2

purl pkg:hex/plug@0.12.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.12.2

url pkg:hex/plug@0.13.0

purl pkg:hex/plug@0.13.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.13.0

url pkg:hex/plug@0.13.1

purl pkg:hex/plug@0.13.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.13.1

url pkg:hex/plug@0.14.0

purl pkg:hex/plug@0.14.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@0.14.0

url pkg:hex/plug@1.0.0

purl pkg:hex/plug@1.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.0.0

url pkg:hex/plug@1.0.1

purl pkg:hex/plug@1.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.0.1

url pkg:hex/plug@1.0.2

purl pkg:hex/plug@1.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.0.2

url pkg:hex/plug@1.0.3

purl pkg:hex/plug@1.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.0.3

url pkg:hex/plug@1.1.0

purl pkg:hex/plug@1.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.1.0

url pkg:hex/plug@1.1.1

purl pkg:hex/plug@1.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.1.1

url pkg:hex/plug@1.1.2

purl pkg:hex/plug@1.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.1.2

url pkg:hex/plug@1.1.3

purl pkg:hex/plug@1.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.1.3

url pkg:hex/plug@1.1.4

purl pkg:hex/plug@1.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.1.4

url pkg:hex/plug@1.1.5

purl pkg:hex/plug@1.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.1.5

url pkg:hex/plug@1.1.6

purl pkg:hex/plug@1.1.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.1.6

url pkg:hex/plug@1.2.0-rc.0

purl pkg:hex/plug@1.2.0-rc.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.2.0-rc.0

url pkg:hex/plug@1.2.0

purl pkg:hex/plug@1.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.2.0

url pkg:hex/plug@1.2.1

purl pkg:hex/plug@1.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.2.1

url pkg:hex/plug@1.2.2

purl pkg:hex/plug@1.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.2.2

url pkg:hex/plug@1.3.0

purl pkg:hex/plug@1.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.3.0

url pkg:hex/plug@1.3.1

purl pkg:hex/plug@1.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ryv-jjw4-b7gh

vulnerability	VCID-dp5c-pz39-ckhp

vulnerability	VCID-x7su-wxws-a3gz

resource_url http://public2.vulnerablecode.io/packages/pkg:hex/plug@1.3.1

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000052

reference_id

reference_type

scores

value	0.00246
scoring_system	epss
scoring_elements	0.48038
published_at	2026-06-04T12:55:00Z

value	0.00246
scoring_system	epss
scoring_elements	0.48104
published_at	2026-06-06T12:55:00Z

value	0.00246
scoring_system	epss
scoring_elements	0.48101
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000052

reference_url

https://elixirforum.com/t/security-releases-for-plug/3913

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://elixirforum.com/t/security-releases-for-plug/3913

reference_url	https://elixirforum.com/t/static-and-session-security-fixes-for-plug/3913
reference_id
reference_type
scores
url	https://elixirforum.com/t/static-and-session-security-fixes-for-plug/3913

reference_url

https://github.com/elixir-plug/plug

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/elixir-plug/plug

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-1000052

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-1000052

Weaknesses

cwe_id	74
name	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
description	The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dp5c-pz39-ckhp

Vulnerability Instance