Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-eq42-z92a-ffet
Summary
Access of Resource Using Incompatible Type (Type Confusion)
This affects the package set-value A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays.
Aliases
0
alias CVE-2021-23440
1
alias GHSA-4jqc-8m5r-9rpr
Fixed_packages
0
url pkg:deb/debian/node-set-value@3.0.1-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/node-set-value@3.0.1-2%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-set-value@3.0.1-2%252Bdeb11u1%3Fdistro=trixie
1
url pkg:deb/debian/node-set-value@3.0.1-2%2Bdeb11u1
purl pkg:deb/debian/node-set-value@3.0.1-2%2Bdeb11u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-set-value@3.0.1-2%252Bdeb11u1
2
url pkg:deb/debian/node-set-value@3.0.1-3?distro=trixie
purl pkg:deb/debian/node-set-value@3.0.1-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-set-value@3.0.1-3%3Fdistro=trixie
3
url pkg:deb/debian/node-set-value@4.1.0%2B~4.0.1-2?distro=trixie
purl pkg:deb/debian/node-set-value@4.1.0%2B~4.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-set-value@4.1.0%252B~4.0.1-2%3Fdistro=trixie
4
url pkg:deb/debian/node-set-value@4.1.0%2B~4.0.3-1?distro=trixie
purl pkg:deb/debian/node-set-value@4.1.0%2B~4.0.3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-set-value@4.1.0%252B~4.0.3-1%3Fdistro=trixie
5
url pkg:npm/set-value@2.0.1
purl pkg:npm/set-value@2.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/set-value@2.0.1
6
url pkg:npm/set-value@3.0.3
purl pkg:npm/set-value@3.0.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/set-value@3.0.3
7
url pkg:npm/set-value@4.0.1
purl pkg:npm/set-value@4.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/set-value@4.0.1
8
url pkg:nuget/set-value-nuget@2.0.0
purl pkg:nuget/set-value-nuget@2.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/set-value-nuget@2.0.0
Affected_packages
0
url pkg:deb/debian/node-set-value@0.4.0-1
purl pkg:deb/debian/node-set-value@0.4.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cu35-t78a-wfcj
1
vulnerability VCID-eq42-z92a-ffet
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-set-value@0.4.0-1
1
url pkg:deb/debian/node-set-value@0.4.0-1%2Bdeb10u1
purl pkg:deb/debian/node-set-value@0.4.0-1%2Bdeb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cu35-t78a-wfcj
1
vulnerability VCID-eq42-z92a-ffet
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-set-value@0.4.0-1%252Bdeb10u1
2
url pkg:npm/set-value@0.1.0
purl pkg:npm/set-value@0.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cu35-t78a-wfcj
1
vulnerability VCID-eq42-z92a-ffet
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/set-value@0.1.0
3
url pkg:npm/set-value@0.1.1
purl pkg:npm/set-value@0.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cu35-t78a-wfcj
1
vulnerability VCID-eq42-z92a-ffet
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/set-value@0.1.1
4
url pkg:npm/set-value@0.1.2
purl pkg:npm/set-value@0.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cu35-t78a-wfcj
1
vulnerability VCID-eq42-z92a-ffet
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/set-value@0.1.2
5
url pkg:npm/set-value@0.1.3
purl pkg:npm/set-value@0.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cu35-t78a-wfcj
1
vulnerability VCID-eq42-z92a-ffet
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/set-value@0.1.3
6
url pkg:npm/set-value@0.1.4
purl pkg:npm/set-value@0.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cu35-t78a-wfcj
1
vulnerability VCID-eq42-z92a-ffet
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/set-value@0.1.4
7
url pkg:npm/set-value@0.1.6
purl pkg:npm/set-value@0.1.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cu35-t78a-wfcj
1
vulnerability VCID-eq42-z92a-ffet
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/set-value@0.1.6
8
url pkg:npm/set-value@0.2.0
purl pkg:npm/set-value@0.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cu35-t78a-wfcj
1
vulnerability VCID-eq42-z92a-ffet
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/set-value@0.2.0
9
url pkg:npm/set-value@0.3.0
purl pkg:npm/set-value@0.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cu35-t78a-wfcj
1
vulnerability VCID-eq42-z92a-ffet
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/set-value@0.3.0
10
url pkg:npm/set-value@0.3.1
purl pkg:npm/set-value@0.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cu35-t78a-wfcj
1
vulnerability VCID-eq42-z92a-ffet
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/set-value@0.3.1
11
url pkg:npm/set-value@0.3.2
purl pkg:npm/set-value@0.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cu35-t78a-wfcj
1
vulnerability VCID-eq42-z92a-ffet
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/set-value@0.3.2
12
url pkg:npm/set-value@0.3.3
purl pkg:npm/set-value@0.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cu35-t78a-wfcj
1
vulnerability VCID-eq42-z92a-ffet
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/set-value@0.3.3
13
url pkg:npm/set-value@0.4.0
purl pkg:npm/set-value@0.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cu35-t78a-wfcj
1
vulnerability VCID-eq42-z92a-ffet
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/set-value@0.4.0
14
url pkg:npm/set-value@0.4.1
purl pkg:npm/set-value@0.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cu35-t78a-wfcj
1
vulnerability VCID-eq42-z92a-ffet
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/set-value@0.4.1
15
url pkg:npm/set-value@0.4.2
purl pkg:npm/set-value@0.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cu35-t78a-wfcj
1
vulnerability VCID-eq42-z92a-ffet
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/set-value@0.4.2
16
url pkg:npm/set-value@0.4.3
purl pkg:npm/set-value@0.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cu35-t78a-wfcj
1
vulnerability VCID-eq42-z92a-ffet
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/set-value@0.4.3
17
url pkg:npm/set-value@1.0.0
purl pkg:npm/set-value@1.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cu35-t78a-wfcj
1
vulnerability VCID-eq42-z92a-ffet
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/set-value@1.0.0
18
url pkg:npm/set-value@2.0.0
purl pkg:npm/set-value@2.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cu35-t78a-wfcj
1
vulnerability VCID-eq42-z92a-ffet
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/set-value@2.0.0
19
url pkg:npm/set-value@3.0.0
purl pkg:npm/set-value@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cu35-t78a-wfcj
1
vulnerability VCID-eq42-z92a-ffet
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/set-value@3.0.0
20
url pkg:npm/set-value@3.0.1
purl pkg:npm/set-value@3.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eq42-z92a-ffet
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/set-value@3.0.1
21
url pkg:npm/set-value@3.0.2
purl pkg:npm/set-value@3.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eq42-z92a-ffet
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/set-value@3.0.2
22
url pkg:npm/set-value@4.0.0
purl pkg:npm/set-value@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eq42-z92a-ffet
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/set-value@4.0.0
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23440.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23440.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-23440
reference_id
reference_type
scores
0
value 0.00064
scoring_system epss
scoring_elements 0.19886
published_at 2026-05-14T12:55:00Z
1
value 0.00064
scoring_system epss
scoring_elements 0.19916
published_at 2026-04-01T12:55:00Z
2
value 0.00064
scoring_system epss
scoring_elements 0.20063
published_at 2026-04-02T12:55:00Z
3
value 0.00064
scoring_system epss
scoring_elements 0.2012
published_at 2026-04-04T12:55:00Z
4
value 0.00064
scoring_system epss
scoring_elements 0.19848
published_at 2026-04-07T12:55:00Z
5
value 0.00064
scoring_system epss
scoring_elements 0.19928
published_at 2026-04-08T12:55:00Z
6
value 0.00064
scoring_system epss
scoring_elements 0.19983
published_at 2026-04-09T12:55:00Z
7
value 0.00064
scoring_system epss
scoring_elements 0.20002
published_at 2026-04-11T12:55:00Z
8
value 0.00064
scoring_system epss
scoring_elements 0.19958
published_at 2026-04-12T12:55:00Z
9
value 0.00064
scoring_system epss
scoring_elements 0.19899
published_at 2026-04-13T12:55:00Z
10
value 0.00064
scoring_system epss
scoring_elements 0.19877
published_at 2026-04-16T12:55:00Z
11
value 0.00064
scoring_system epss
scoring_elements 0.19882
published_at 2026-04-18T12:55:00Z
12
value 0.00064
scoring_system epss
scoring_elements 0.1988
published_at 2026-04-21T12:55:00Z
13
value 0.00064
scoring_system epss
scoring_elements 0.19774
published_at 2026-04-24T12:55:00Z
14
value 0.00064
scoring_system epss
scoring_elements 0.19767
published_at 2026-04-26T12:55:00Z
15
value 0.00064
scoring_system epss
scoring_elements 0.19737
published_at 2026-04-29T12:55:00Z
16
value 0.00064
scoring_system epss
scoring_elements 0.19645
published_at 2026-05-05T12:55:00Z
17
value 0.00064
scoring_system epss
scoring_elements 0.19722
published_at 2026-05-07T12:55:00Z
18
value 0.00064
scoring_system epss
scoring_elements 0.19807
published_at 2026-05-09T12:55:00Z
19
value 0.00064
scoring_system epss
scoring_elements 0.19771
published_at 2026-05-11T12:55:00Z
20
value 0.00064
scoring_system epss
scoring_elements 0.19798
published_at 2026-05-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-23440
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23440
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23440
3
reference_url https://github.com/jonschlinkert/set-value
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jonschlinkert/set-value
4
reference_url https://github.com/jonschlinkert/set-value/commit/09c4b108fea3c0260008590053ff13da64913245
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jonschlinkert/set-value/commit/09c4b108fea3c0260008590053ff13da64913245
5
reference_url https://github.com/jonschlinkert/set-value/commit/7cf8073bb06bf0c15e08475f9f952823b4576452
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jonschlinkert/set-value/commit/7cf8073bb06bf0c15e08475f9f952823b4576452
6
reference_url https://github.com/jonschlinkert/set-value/commit/cb12f14955dde6e61829d70d1851bfea6a3c31ad
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jonschlinkert/set-value/commit/cb12f14955dde6e61829d70d1851bfea6a3c31ad
7
reference_url https://github.com/jonschlinkert/set-value/pull/33
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jonschlinkert/set-value/pull/33
8
reference_url https://github.com/jonschlinkert/set-value/pull/33/commits/383b72d47c74a55ae8b6e231da548f9280a4296a
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jonschlinkert/set-value/pull/33/commits/383b72d47c74a55ae8b6e231da548f9280a4296a
9
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1584212
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1584212
10
reference_url https://snyk.io/vuln/SNYK-JS-SETVALUE-1540541
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-SETVALUE-1540541
11
reference_url https://www.huntr.dev/bounties/2eae1159-01de-4f82-a177-7478a408c4a2
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.huntr.dev/bounties/2eae1159-01de-4f82-a177-7478a408c4a2
12
reference_url https://www.huntr.dev/bounties/2eae1159-01de-4f82-a177-7478a408c4a2/
reference_id
reference_type
scores
url https://www.huntr.dev/bounties/2eae1159-01de-4f82-a177-7478a408c4a2/
13
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2004944
reference_id 2004944
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2004944
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994448
reference_id 994448
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994448
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-23440
reference_id CVE-2021-23440
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-23440
17
reference_url https://github.com/advisories/GHSA-4jqc-8m5r-9rpr
reference_id GHSA-4jqc-8m5r-9rpr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4jqc-8m5r-9rpr
18
reference_url https://access.redhat.com/errata/RHSA-2022:6156
reference_id RHSA-2022:6156
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6156
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 843
name Access of Resource Using Incompatible Type ('Type Confusion')
description The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
3
cwe_id 1321
name Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
description The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.
Exploits
Severity_range_score7.0 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-eq42-z92a-ffet