Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-q5cp-pxq4-kfgz
SummaryThe Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrectly navigate to an HTTP URL rather than perform the security upgrade requested by the CSP in some circumstances, allowing for potential man-in-the-middle attacks on the linked resources.
Aliases
0
alias CVE-2019-9803
Fixed_packages
0
url pkg:alpm/archlinux/firefox@66.0-1
purl pkg:alpm/archlinux/firefox@66.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d5vr-k225-qkc2
1
vulnerability VCID-pkzf-au8z-kfbf
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@66.0-1
Affected_packages
0
url pkg:alpm/archlinux/firefox@65.0.2-1
purl pkg:alpm/archlinux/firefox@65.0.2-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11xu-avv4-9ufx
1
vulnerability VCID-1sd4-yvfs-sqd9
2
vulnerability VCID-32ee-dr7n-tufz
3
vulnerability VCID-4ycc-nrc4-5kah
4
vulnerability VCID-817n-mqrd-k3a5
5
vulnerability VCID-a3c8-ayvt-eya5
6
vulnerability VCID-bsqr-4yk1-bbau
7
vulnerability VCID-dyyp-8pfj-affk
8
vulnerability VCID-e542-rp8s-3ber
9
vulnerability VCID-he6e-re8n-kyax
10
vulnerability VCID-jmve-zgge-ykch
11
vulnerability VCID-q5cp-pxq4-kfgz
12
vulnerability VCID-q8b7-av4e-v7a5
13
vulnerability VCID-ukws-zeq7-myez
14
vulnerability VCID-wqg4-ptah-6qg1
15
vulnerability VCID-xntf-72n7-9qee
16
vulnerability VCID-yszh-ksz2-ekbr
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@65.0.2-1
References
0
reference_url https://security.archlinux.org/ASA-201903-11
reference_id ASA-201903-11
reference_type
scores
url https://security.archlinux.org/ASA-201903-11
1
reference_url https://security.archlinux.org/AVG-925
reference_id AVG-925
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-925
2
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2019-07
reference_id mfsa2019-07
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2019-07
Weaknesses
Exploits
Severity_range_score9.0 - 10.0
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-q5cp-pxq4-kfgz