Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-48c5-a36e-dbfd

Summary

amphp/artax Cookie leakage to wrong origins and non-restricted cookie acceptance
In artax version before 1.0.6 and 2 before 2.0.6, cookies of `foo.bar.example.com` were leaked to `foo.bar`. Additionally, any site could set cookies for any other site. 
Artax fixed this issue by following newer browser implementations now. Cookies can only be set on domains higher or equal to the current domain, but not on any public suffixes.

Aliases

alias	GHSA-gm98-g2wf-7c68

Fixed_packages

url	pkg:composer/amphp/artax@1.0.6
purl	pkg:composer/amphp/artax@1.0.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@1.0.6

url	pkg:composer/amphp/artax@2.0.6
purl	pkg:composer/amphp/artax@2.0.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@2.0.6

Affected_packages

url pkg:composer/amphp/artax@0.1.0

purl pkg:composer/amphp/artax@0.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48c5-a36e-dbfd

vulnerability	VCID-j1u4-14p9-9fdn

vulnerability	VCID-t4d6-pvhk-mfaw

vulnerability	VCID-zawz-vky5-tkgt

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@0.1.0

url pkg:composer/amphp/artax@0.3.7

purl pkg:composer/amphp/artax@0.3.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48c5-a36e-dbfd

vulnerability	VCID-j1u4-14p9-9fdn

vulnerability	VCID-t4d6-pvhk-mfaw

vulnerability	VCID-zawz-vky5-tkgt

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@0.3.7

url pkg:composer/amphp/artax@0.4.0

purl pkg:composer/amphp/artax@0.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48c5-a36e-dbfd

vulnerability	VCID-j1u4-14p9-9fdn

vulnerability	VCID-t4d6-pvhk-mfaw

vulnerability	VCID-zawz-vky5-tkgt

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@0.4.0

url pkg:composer/amphp/artax@0.5.0

purl pkg:composer/amphp/artax@0.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48c5-a36e-dbfd

vulnerability	VCID-j1u4-14p9-9fdn

vulnerability	VCID-t4d6-pvhk-mfaw

vulnerability	VCID-zawz-vky5-tkgt

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@0.5.0

url pkg:composer/amphp/artax@0.5.1

purl pkg:composer/amphp/artax@0.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48c5-a36e-dbfd

vulnerability	VCID-j1u4-14p9-9fdn

vulnerability	VCID-t4d6-pvhk-mfaw

vulnerability	VCID-zawz-vky5-tkgt

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@0.5.1

url pkg:composer/amphp/artax@0.6.0

purl pkg:composer/amphp/artax@0.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48c5-a36e-dbfd

vulnerability	VCID-j1u4-14p9-9fdn

vulnerability	VCID-t4d6-pvhk-mfaw

vulnerability	VCID-zawz-vky5-tkgt

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@0.6.0

url pkg:composer/amphp/artax@0.6.1

purl pkg:composer/amphp/artax@0.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48c5-a36e-dbfd

vulnerability	VCID-j1u4-14p9-9fdn

vulnerability	VCID-t4d6-pvhk-mfaw

vulnerability	VCID-zawz-vky5-tkgt

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@0.6.1

url pkg:composer/amphp/artax@0.6.2

purl pkg:composer/amphp/artax@0.6.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48c5-a36e-dbfd

vulnerability	VCID-j1u4-14p9-9fdn

vulnerability	VCID-t4d6-pvhk-mfaw

vulnerability	VCID-zawz-vky5-tkgt

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@0.6.2

url pkg:composer/amphp/artax@0.7.0

purl pkg:composer/amphp/artax@0.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48c5-a36e-dbfd

vulnerability	VCID-j1u4-14p9-9fdn

vulnerability	VCID-t4d6-pvhk-mfaw

vulnerability	VCID-zawz-vky5-tkgt

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@0.7.0

url pkg:composer/amphp/artax@0.7.1

purl pkg:composer/amphp/artax@0.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48c5-a36e-dbfd

vulnerability	VCID-j1u4-14p9-9fdn

vulnerability	VCID-t4d6-pvhk-mfaw

vulnerability	VCID-zawz-vky5-tkgt

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@0.7.1

url pkg:composer/amphp/artax@1.0.0-alpha

purl pkg:composer/amphp/artax@1.0.0-alpha

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48c5-a36e-dbfd

vulnerability	VCID-j1u4-14p9-9fdn

vulnerability	VCID-t4d6-pvhk-mfaw

vulnerability	VCID-zawz-vky5-tkgt

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@1.0.0-alpha

url pkg:composer/amphp/artax@1.0.0-beta

purl pkg:composer/amphp/artax@1.0.0-beta

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48c5-a36e-dbfd

vulnerability	VCID-j1u4-14p9-9fdn

vulnerability	VCID-t4d6-pvhk-mfaw

vulnerability	VCID-zawz-vky5-tkgt

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@1.0.0-beta

url pkg:composer/amphp/artax@1.0.0-beta2

purl pkg:composer/amphp/artax@1.0.0-beta2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48c5-a36e-dbfd

vulnerability	VCID-j1u4-14p9-9fdn

vulnerability	VCID-t4d6-pvhk-mfaw

vulnerability	VCID-zawz-vky5-tkgt

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@1.0.0-beta2

url pkg:composer/amphp/artax@1.0.0-rc1

purl pkg:composer/amphp/artax@1.0.0-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48c5-a36e-dbfd

vulnerability	VCID-j1u4-14p9-9fdn

vulnerability	VCID-t4d6-pvhk-mfaw

vulnerability	VCID-zawz-vky5-tkgt

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@1.0.0-rc1

url pkg:composer/amphp/artax@1.0.0-rc2

purl pkg:composer/amphp/artax@1.0.0-rc2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48c5-a36e-dbfd

vulnerability	VCID-j1u4-14p9-9fdn

vulnerability	VCID-t4d6-pvhk-mfaw

vulnerability	VCID-zawz-vky5-tkgt

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@1.0.0-rc2

url pkg:composer/amphp/artax@1.0.0-rc3

purl pkg:composer/amphp/artax@1.0.0-rc3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48c5-a36e-dbfd

vulnerability	VCID-j1u4-14p9-9fdn

vulnerability	VCID-t4d6-pvhk-mfaw

vulnerability	VCID-zawz-vky5-tkgt

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@1.0.0-rc3

url pkg:composer/amphp/artax@1.0.0-rc4

purl pkg:composer/amphp/artax@1.0.0-rc4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48c5-a36e-dbfd

vulnerability	VCID-j1u4-14p9-9fdn

vulnerability	VCID-t4d6-pvhk-mfaw

vulnerability	VCID-zawz-vky5-tkgt

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@1.0.0-rc4

url pkg:composer/amphp/artax@1.0.0-rc5

purl pkg:composer/amphp/artax@1.0.0-rc5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48c5-a36e-dbfd

vulnerability	VCID-j1u4-14p9-9fdn

vulnerability	VCID-t4d6-pvhk-mfaw

vulnerability	VCID-zawz-vky5-tkgt

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@1.0.0-rc5

url pkg:composer/amphp/artax@1.0.0-rc6

purl pkg:composer/amphp/artax@1.0.0-rc6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48c5-a36e-dbfd

vulnerability	VCID-j1u4-14p9-9fdn

vulnerability	VCID-t4d6-pvhk-mfaw

vulnerability	VCID-zawz-vky5-tkgt

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@1.0.0-rc6

url pkg:composer/amphp/artax@1.0.0

purl pkg:composer/amphp/artax@1.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48c5-a36e-dbfd

vulnerability	VCID-j1u4-14p9-9fdn

vulnerability	VCID-t4d6-pvhk-mfaw

vulnerability	VCID-zawz-vky5-tkgt

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@1.0.0

url pkg:composer/amphp/artax@1.0.1

purl pkg:composer/amphp/artax@1.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48c5-a36e-dbfd

vulnerability	VCID-j1u4-14p9-9fdn

vulnerability	VCID-t4d6-pvhk-mfaw

vulnerability	VCID-zawz-vky5-tkgt

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@1.0.1

url pkg:composer/amphp/artax@1.0.2

purl pkg:composer/amphp/artax@1.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48c5-a36e-dbfd

vulnerability	VCID-j1u4-14p9-9fdn

vulnerability	VCID-t4d6-pvhk-mfaw

vulnerability	VCID-zawz-vky5-tkgt

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@1.0.2

url pkg:composer/amphp/artax@1.0.3

purl pkg:composer/amphp/artax@1.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48c5-a36e-dbfd

vulnerability	VCID-j1u4-14p9-9fdn

vulnerability	VCID-t4d6-pvhk-mfaw

vulnerability	VCID-zawz-vky5-tkgt

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@1.0.3

url pkg:composer/amphp/artax@1.0.4

purl pkg:composer/amphp/artax@1.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48c5-a36e-dbfd

vulnerability	VCID-j1u4-14p9-9fdn

vulnerability	VCID-t4d6-pvhk-mfaw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@1.0.4

url pkg:composer/amphp/artax@1.0.5

purl pkg:composer/amphp/artax@1.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48c5-a36e-dbfd

vulnerability	VCID-j1u4-14p9-9fdn

vulnerability	VCID-t4d6-pvhk-mfaw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@1.0.5

url pkg:composer/amphp/artax@2.0.0

purl pkg:composer/amphp/artax@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48c5-a36e-dbfd

vulnerability	VCID-j1u4-14p9-9fdn

vulnerability	VCID-t4d6-pvhk-mfaw

vulnerability	VCID-zawz-vky5-tkgt

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@2.0.0

url pkg:composer/amphp/artax@2.0.1

purl pkg:composer/amphp/artax@2.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48c5-a36e-dbfd

vulnerability	VCID-j1u4-14p9-9fdn

vulnerability	VCID-t4d6-pvhk-mfaw

vulnerability	VCID-zawz-vky5-tkgt

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@2.0.1

url pkg:composer/amphp/artax@2.0.2

purl pkg:composer/amphp/artax@2.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48c5-a36e-dbfd

vulnerability	VCID-j1u4-14p9-9fdn

vulnerability	VCID-t4d6-pvhk-mfaw

vulnerability	VCID-zawz-vky5-tkgt

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@2.0.2

url pkg:composer/amphp/artax@2.0.3

purl pkg:composer/amphp/artax@2.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48c5-a36e-dbfd

vulnerability	VCID-j1u4-14p9-9fdn

vulnerability	VCID-t4d6-pvhk-mfaw

vulnerability	VCID-zawz-vky5-tkgt

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@2.0.3

url pkg:composer/amphp/artax@2.0.4

purl pkg:composer/amphp/artax@2.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48c5-a36e-dbfd

vulnerability	VCID-j1u4-14p9-9fdn

vulnerability	VCID-t4d6-pvhk-mfaw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@2.0.4

url pkg:composer/amphp/artax@2.0.5

purl pkg:composer/amphp/artax@2.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48c5-a36e-dbfd

vulnerability	VCID-j1u4-14p9-9fdn

vulnerability	VCID-t4d6-pvhk-mfaw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/amphp/artax@2.0.5

References

reference_url

https://github.com/amphp/artax

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/amphp/artax

reference_url

https://github.com/amphp/artax/commit/25668b891d2bced567bd69611c7d18b6a93d5fc4

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/amphp/artax/commit/25668b891d2bced567bd69611c7d18b6a93d5fc4

reference_url

https://github.com/amphp/artax/commit/accdadaf78f7a43305c3a97d6a964bbc550a555d

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/amphp/artax/commit/accdadaf78f7a43305c3a97d6a964bbc550a555d

reference_url

https://github.com/amphp/artax/releases/tag/v2.0.6

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/amphp/artax/releases/tag/v2.0.6

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/amphp/artax/2017-05-09.yaml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/amphp/artax/2017-05-09.yaml

reference_url

https://github.com/advisories/GHSA-gm98-g2wf-7c68

reference_id

GHSA-gm98-g2wf-7c68

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gm98-g2wf-7c68

Weaknesses

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-48c5-a36e-dbfd

Vulnerability Instance