Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-7p7x-5wfu-vyd3
Summary
Incorrect Default Permissions
Unauthorised users can hijack rooms when there is no `m.room.power_levels` event in force.
Aliases
0
alias CVE-2018-12423
1
alias GHSA-ch5v-fhg8-7gv9
Fixed_packages
0
url pkg:deb/debian/matrix-synapse@0.31.2%2Bdfsg-1?distro=sid
purl pkg:deb/debian/matrix-synapse@0.31.2%2Bdfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/matrix-synapse@0.31.2%252Bdfsg-1%3Fdistro=sid
1
url pkg:deb/debian/matrix-synapse@1.152.1-1?distro=sid
purl pkg:deb/debian/matrix-synapse@1.152.1-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/matrix-synapse@1.152.1-1%3Fdistro=sid
2
url pkg:pypi/matrix-synapse@0.33.5
purl pkg:pypi/matrix-synapse@0.33.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cxk-wn3b-jycq
1
vulnerability VCID-3stp-shy4-dudr
2
vulnerability VCID-3tbz-jcb2-4fdn
3
vulnerability VCID-43wz-3reu-s3ep
4
vulnerability VCID-5b91-nm22-5uh4
5
vulnerability VCID-5d98-hf1n-17aq
6
vulnerability VCID-5fgp-pcfw-33gk
7
vulnerability VCID-66cm-6sgb-bqft
8
vulnerability VCID-arh5-tp1n-nubq
9
vulnerability VCID-ary1-cnnt-duhg
10
vulnerability VCID-cff6-n5gz-jfhe
11
vulnerability VCID-fmqv-a8qr-gqfz
12
vulnerability VCID-g7rm-55dm-tybk
13
vulnerability VCID-jg9y-53m4-5bb6
14
vulnerability VCID-k689-rvyd-e3hp
15
vulnerability VCID-mmge-uj6j-k3c2
16
vulnerability VCID-ng8b-cs3a-cqa7
17
vulnerability VCID-nmup-uep4-b7hw
18
vulnerability VCID-pg5k-2upe-dudk
19
vulnerability VCID-ry9q-34p9-auh6
20
vulnerability VCID-sh81-25ty-4bgn
21
vulnerability VCID-tug1-g6m1-j3f3
22
vulnerability VCID-v54a-sjgy-b7ca
23
vulnerability VCID-vb2z-kkev-aues
24
vulnerability VCID-z5ga-q6zr-3kb5
25
vulnerability VCID-zdxd-83uy-hbad
26
vulnerability VCID-zvev-sm5c-suh6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@0.33.5
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-12423
reference_id
reference_type
scores
0
value 0.00272
scoring_system epss
scoring_elements 0.50819
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-12423
1
reference_url https://bugs.debian.org/901549
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.debian.org/901549
2
reference_url https://github.com/matrix-org/matrix-doc/issues/1304
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/matrix-doc/issues/1304
3
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
4
reference_url https://matrix.org/blog/2018/06/14/security-update-synapse-0-31-2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://matrix.org/blog/2018/06/14/security-update-synapse-0-31-2
5
reference_url https://matrix.org/blog/2018/06/14/security-update-synapse-0-31-2/
reference_id
reference_type
scores
url https://matrix.org/blog/2018/06/14/security-update-synapse-0-31-2/
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901549
reference_id 901549
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901549
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-12423
reference_id CVE-2018-12423
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-12423
8
reference_url https://usn.ubuntu.com/6076-1/
reference_id USN-6076-1
reference_type
scores
url https://usn.ubuntu.com/6076-1/
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score7.0 - 8.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-7p7x-5wfu-vyd3