Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-13kq-f8uw-dyhn
Summary
Incorrect Default Permissions
The `on_get_missing_events` function in `handlers/federation.py` in Matrix Synapse has a security bug in the `get_missing_events` federation API where event visibility rules were not applied correctly.
Aliases
0
alias CVE-2018-12291
1
alias GHSA-v8wm-g9f2-xjv4
Fixed_packages
0
url pkg:deb/debian/matrix-synapse@0.31.1%2Bdfsg-1?distro=sid
purl pkg:deb/debian/matrix-synapse@0.31.1%2Bdfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/matrix-synapse@0.31.1%252Bdfsg-1%3Fdistro=sid
1
url pkg:deb/debian/matrix-synapse@1.152.1-1?distro=sid
purl pkg:deb/debian/matrix-synapse@1.152.1-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/matrix-synapse@1.152.1-1%3Fdistro=sid
2
url pkg:pypi/matrix-synapse@0.33.5
purl pkg:pypi/matrix-synapse@0.33.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cxk-wn3b-jycq
1
vulnerability VCID-3stp-shy4-dudr
2
vulnerability VCID-3tbz-jcb2-4fdn
3
vulnerability VCID-43wz-3reu-s3ep
4
vulnerability VCID-5b91-nm22-5uh4
5
vulnerability VCID-5d98-hf1n-17aq
6
vulnerability VCID-5fgp-pcfw-33gk
7
vulnerability VCID-66cm-6sgb-bqft
8
vulnerability VCID-arh5-tp1n-nubq
9
vulnerability VCID-ary1-cnnt-duhg
10
vulnerability VCID-cff6-n5gz-jfhe
11
vulnerability VCID-fmqv-a8qr-gqfz
12
vulnerability VCID-g7rm-55dm-tybk
13
vulnerability VCID-jg9y-53m4-5bb6
14
vulnerability VCID-k689-rvyd-e3hp
15
vulnerability VCID-mmge-uj6j-k3c2
16
vulnerability VCID-ng8b-cs3a-cqa7
17
vulnerability VCID-nmup-uep4-b7hw
18
vulnerability VCID-pg5k-2upe-dudk
19
vulnerability VCID-ry9q-34p9-auh6
20
vulnerability VCID-sh81-25ty-4bgn
21
vulnerability VCID-tug1-g6m1-j3f3
22
vulnerability VCID-v54a-sjgy-b7ca
23
vulnerability VCID-vb2z-kkev-aues
24
vulnerability VCID-z5ga-q6zr-3kb5
25
vulnerability VCID-zdxd-83uy-hbad
26
vulnerability VCID-zvev-sm5c-suh6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@0.33.5
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-12291
reference_id
reference_type
scores
0
value 0.003
scoring_system epss
scoring_elements 0.53549
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-12291
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/commit/0834b49c6a9b6c597a154d4b2dfcf8fff90699ec
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/0834b49c6a9b6c597a154d4b2dfcf8fff90699ec
3
reference_url https://github.com/matrix-org/synapse/pull/3371
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/pull/3371
4
reference_url https://github.com/matrix-org/synapse/releases/tag/v0.31.1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/releases/tag/v0.31.1
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901293
reference_id 901293
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901293
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-12291
reference_id CVE-2018-12291
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-12291
7
reference_url https://usn.ubuntu.com/6076-1/
reference_id USN-6076-1
reference_type
scores
url https://usn.ubuntu.com/6076-1/
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score7.0 - 8.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-13kq-f8uw-dyhn