Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-ghpk-c1e6-pkae

Summary Specific handling of an attacker-controlled VP8 media stream could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild.

Aliases

alias	CVE-2023-5217

alias	GHSA-qqvq-6xgj-jw8g

Fixed_packages

url	pkg:mozilla/Firefox@118.0.1
purl	pkg:mozilla/Firefox@118.0.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@118.0.1

url	pkg:mozilla/Firefox%20ESR@115.3.1
purl	pkg:mozilla/Firefox%20ESR@115.3.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@115.3.1

url	pkg:mozilla/Firefox%20Focus%20for%20Android@118.1.0
purl	pkg:mozilla/Firefox%20Focus%20for%20Android@118.1.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520Focus%2520for%2520Android@118.1.0

url	pkg:mozilla/Firefox%20for%20Android@118.1.0
purl	pkg:mozilla/Firefox%20for%20Android@118.1.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520for%2520Android@118.1.0

url	pkg:mozilla/Thunderbird@115.3.1
purl	pkg:mozilla/Thunderbird@115.3.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@115.3.1

url	pkg:npm/electron@22.3.25
purl	pkg:npm/electron@22.3.25
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.3.25

url	pkg:npm/electron@24.8.5
purl	pkg:npm/electron@24.8.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.8.5

url	pkg:npm/electron@25.8.4
purl	pkg:npm/electron@25.8.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.8.4

url	pkg:npm/electron@26.2.4
purl	pkg:npm/electron@26.2.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.2.4

url	pkg:npm/electron@27.0.0-beta.8
purl	pkg:npm/electron@27.0.0-beta.8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/electron@27.0.0-beta.8

Affected_packages

url pkg:npm/electron@24.0.0

purl pkg:npm/electron@24.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ghpk-c1e6-pkae

vulnerability	VCID-k669-cacz-9fcd

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.0.0

url pkg:npm/electron@25.0.0

purl pkg:npm/electron@25.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ghpk-c1e6-pkae

vulnerability	VCID-k669-cacz-9fcd

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.0.0

url pkg:npm/electron@26.0.0

purl pkg:npm/electron@26.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ghpk-c1e6-pkae

vulnerability	VCID-k669-cacz-9fcd

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.0.0

url pkg:npm/electron@27.0.0-alpha.1

purl pkg:npm/electron@27.0.0-alpha.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-de1j-4qwd-duab

vulnerability	VCID-ghpk-c1e6-pkae

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@27.0.0-alpha.1

References

reference_url	https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/
reference_id
reference_type
scores
url	https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2241191
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2241191

reference_url	https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html
reference_id
reference_type
scores
url	https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html

reference_url	https://crbug.com/1486441
reference_id
reference_type
scores
url	https://crbug.com/1486441

reference_url	https://github.com/electron/electron/pull/40022
reference_id
reference_type
scores
url	https://github.com/electron/electron/pull/40022

reference_url	https://github.com/electron/electron/pull/40023
reference_id
reference_type
scores
url	https://github.com/electron/electron/pull/40023

reference_url	https://github.com/electron/electron/pull/40024
reference_id
reference_type
scores
url	https://github.com/electron/electron/pull/40024

reference_url	https://github.com/electron/electron/pull/40025
reference_id
reference_type
scores
url	https://github.com/electron/electron/pull/40025

reference_url	https://github.com/electron/electron/pull/40026
reference_id
reference_type
scores
url	https://github.com/electron/electron/pull/40026

reference_url	https://github.com/electron/electron/releases/tag/v22.3.25
reference_id
reference_type
scores
url	https://github.com/electron/electron/releases/tag/v22.3.25

reference_url	https://github.com/electron/electron/releases/tag/v24.8.5
reference_id
reference_type
scores
url	https://github.com/electron/electron/releases/tag/v24.8.5

reference_url	https://github.com/electron/electron/releases/tag/v25.8.4
reference_id
reference_type
scores
url	https://github.com/electron/electron/releases/tag/v25.8.4

reference_url	https://github.com/electron/electron/releases/tag/v26.2.4
reference_id
reference_type
scores
url	https://github.com/electron/electron/releases/tag/v26.2.4

reference_url	https://github.com/electron/electron/releases/tag/v27.0.0-beta.8
reference_id
reference_type
scores
url	https://github.com/electron/electron/releases/tag/v27.0.0-beta.8

reference_url	https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590
reference_id
reference_type
scores
url	https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590

reference_url	https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282
reference_id
reference_type
scores
url	https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282

reference_url	https://github.com/webmproject/libvpx/releases/tag/v1.13.1
reference_id
reference_type
scores
url	https://github.com/webmproject/libvpx/releases/tag/v1.13.1

reference_url	https://github.com/webmproject/libvpx/tags
reference_id
reference_type
scores
url	https://github.com/webmproject/libvpx/tags

reference_url	https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html

reference_url	https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/

reference_url	https://pastebin.com/TdkC4pDv
reference_id
reference_type
scores
url	https://pastebin.com/TdkC4pDv

reference_url	https://security.gentoo.org/glsa/202310-04
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/202310-04

reference_url	https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/
reference_id
reference_type
scores
url	https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/

reference_url	https://twitter.com/maddiestone/status/1707163313711497266
reference_id
reference_type
scores
url	https://twitter.com/maddiestone/status/1707163313711497266

reference_url	https://www.debian.org/security/2023/dsa-5508
reference_id
reference_type
scores
url	https://www.debian.org/security/2023/dsa-5508

reference_url	https://www.debian.org/security/2023/dsa-5509
reference_id
reference_type
scores
url	https://www.debian.org/security/2023/dsa-5509

reference_url	https://www.debian.org/security/2023/dsa-5510
reference_id
reference_type
scores
url	https://www.debian.org/security/2023/dsa-5510

reference_url	https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/
reference_id
reference_type
scores
url	https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/

reference_url	https://www.openwall.com/lists/oss-security/2023/09/28/5
reference_id
reference_type
scores
url	https://www.openwall.com/lists/oss-security/2023/09/28/5

reference_url	http://www.openwall.com/lists/oss-security/2023/09/28/5
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2023/09/28/5

reference_url	http://www.openwall.com/lists/oss-security/2023/09/28/6
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2023/09/28/6

reference_url	http://www.openwall.com/lists/oss-security/2023/09/29/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2023/09/29/1

reference_url	http://www.openwall.com/lists/oss-security/2023/09/29/11
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2023/09/29/11

reference_url	http://www.openwall.com/lists/oss-security/2023/09/29/12
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2023/09/29/12

reference_url	http://www.openwall.com/lists/oss-security/2023/09/29/14
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2023/09/29/14

reference_url	http://www.openwall.com/lists/oss-security/2023/09/29/2
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2023/09/29/2

reference_url	http://www.openwall.com/lists/oss-security/2023/09/29/7
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2023/09/29/7

reference_url	http://www.openwall.com/lists/oss-security/2023/09/29/9
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2023/09/29/9

reference_url	http://www.openwall.com/lists/oss-security/2023/09/30/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2023/09/30/1

reference_url	http://www.openwall.com/lists/oss-security/2023/09/30/2
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2023/09/30/2

reference_url	http://www.openwall.com/lists/oss-security/2023/09/30/3
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2023/09/30/3

reference_url	http://www.openwall.com/lists/oss-security/2023/09/30/4
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2023/09/30/4

reference_url	http://www.openwall.com/lists/oss-security/2023/09/30/5
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2023/09/30/5

reference_url	http://www.openwall.com/lists/oss-security/2023/10/01/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2023/10/01/1

reference_url	http://www.openwall.com/lists/oss-security/2023/10/01/2
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2023/10/01/2

reference_url	http://www.openwall.com/lists/oss-security/2023/10/01/5
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2023/10/01/5

reference_url	http://www.openwall.com/lists/oss-security/2023/10/02/6
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2023/10/02/6

reference_url	http://www.openwall.com/lists/oss-security/2023/10/03/11
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2023/10/03/11

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-5217
reference_id	CVE-2023-5217
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-5217

reference_url	https://security-tracker.debian.org/tracker/CVE-2023-5217
reference_id	CVE-2023-5217
reference_type
scores
url	https://security-tracker.debian.org/tracker/CVE-2023-5217

reference_url	https://github.com/advisories/GHSA-qqvq-6xgj-jw8g
reference_id	GHSA-qqvq-6xgj-jw8g
reference_type
scores
url	https://github.com/advisories/GHSA-qqvq-6xgj-jw8g

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-44

reference_id

mfsa2023-44

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-44

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	707
name	Improper Neutralization
description	The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.

cwe_id	787
name	Out-of-bounds Write
description	The product writes data past the end, or before the beginning, of the intended buffer.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 9.0 - 10.0

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ghpk-c1e6-pkae

Vulnerability Instance