Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-butm-m2gx-5fhg

Summary The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker.

Aliases

alias	CVE-2018-5158

Fixed_packages

url	pkg:alpm/archlinux/firefox@60.0-1
purl	pkg:alpm/archlinux/firefox@60.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@60.0-1

url	pkg:npm/pdfjs-dist@1.10.100
purl	pkg:npm/pdfjs-dist@1.10.100
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/pdfjs-dist@1.10.100

Affected_packages

url pkg:alpm/archlinux/firefox@59.0.2-3

purl pkg:alpm/archlinux/firefox@59.0.2-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1557-g5c6-6qfd

vulnerability	VCID-2zj9-v7vs-3uaa

vulnerability	VCID-3bxm-7dgr-pucg

vulnerability	VCID-4eq6-4c8r-qkg2

vulnerability	VCID-6yxx-4qbq-47cr

vulnerability	VCID-73ma-r4r5-4qa3

vulnerability	VCID-7kbu-ee1d-2kg4

vulnerability	VCID-7ngg-49bu-qkgb

vulnerability	VCID-9jh8-4rtu-7bcw

vulnerability	VCID-ax9b-784y-5ker

vulnerability	VCID-butm-m2gx-5fhg

vulnerability	VCID-ea3n-d33u-gyba

vulnerability	VCID-ehc9-yy69-87bf

vulnerability	VCID-hs3m-748h-eudc

vulnerability	VCID-k5a8-v536-bkft

vulnerability	VCID-knvr-bzxc-afa3

vulnerability	VCID-p2ha-eytr-n7es

vulnerability	VCID-qhwr-p7yp-1bc1

vulnerability	VCID-rppr-dqct-p7ft

vulnerability	VCID-s4fm-7715-yqa1

vulnerability	VCID-shqb-afj8-vuev

vulnerability	VCID-v41y-gerf-hkgd

vulnerability	VCID-wrsb-a236-d7ae

vulnerability	VCID-wz54-3pue-5kde

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@59.0.2-3

References

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1452075
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1452075

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5158
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5158

reference_url	https://security.archlinux.org/ASA-201805-10
reference_id	ASA-201805-10
reference_type
scores
url	https://security.archlinux.org/ASA-201805-10

reference_url

https://security.archlinux.org/AVG-693

reference_id

AVG-693

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-693

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_id

mfsa2018-11

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-12

reference_id

mfsa2018-12

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2018-12

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	94
name	Improper Control of Generation of Code ('Code Injection')
description	The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Exploits

Severity_range_score 9.0 - 10.0

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-butm-m2gx-5fhg

Vulnerability Instance