Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-gf5k-p1zj-kkam
Summary
Marius Schilder of Google Security reported that
when a XMLHttpRequest is made to a same-origin resource
which 302 redirects to a resource in a different domain, the response
from the cross-domain resource is readable by the site issuing the
XHR.  Cookies marked HttpOnly were not readable, but
other potentially sensitive data could be revealed in the XHR response
including URL parameters and content in the response body.Thunderbird shares the browser engine with Firefox and
could be vulnerable if JavaScript were to be enabled in mail. This is
not the default setting and we strongly discourage users from running
JavaScript in mail.
Aliases
0
alias CVE-2008-5506
Fixed_packages
0
url pkg:mozilla/Firefox@3.0.5
purl pkg:mozilla/Firefox@3.0.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.5
1
url pkg:mozilla/SeaMonkey@1.1.14
purl pkg:mozilla/SeaMonkey@1.1.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.1.14
Affected_packages
References
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5506
reference_id CVE-2008-5506
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5506
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2008-64
reference_id mfsa2008-64
reference_type
scores
0
value none
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2008-64
Weaknesses
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-gf5k-p1zj-kkam