Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-w999-rut7-z3cc

Summary

Path Traversal
Unrestricted file upload (RCE)

Aliases

alias	CVE-2018-3758

alias	GHSA-4w62-cq5r-5mmq

Fixed_packages

url pkg:npm/express-cart@1.1.7

purl pkg:npm/express-cart@1.1.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-145a-97vu-jyeg

vulnerability	VCID-atgx-r2qy-8ufe

vulnerability	VCID-eb7w-y953-67dy

vulnerability	VCID-wx6w-8yww-v3em

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/express-cart@1.1.7

Affected_packages

url pkg:npm/express-cart@0.0.1-security

purl pkg:npm/express-cart@0.0.1-security

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-145a-97vu-jyeg

vulnerability	VCID-2cjq-uzsm-1uer

vulnerability	VCID-atgx-r2qy-8ufe

vulnerability	VCID-cftz-enwf-6uht

vulnerability	VCID-eb7w-y953-67dy

vulnerability	VCID-ewh1-bpnm-8fh4

vulnerability	VCID-w999-rut7-z3cc

vulnerability	VCID-wk1m-n6h7-ufbv

vulnerability	VCID-wx6w-8yww-v3em

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/express-cart@0.0.1-security

url pkg:npm/express-cart@1.0.1

purl pkg:npm/express-cart@1.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-145a-97vu-jyeg

vulnerability	VCID-2cjq-uzsm-1uer

vulnerability	VCID-atgx-r2qy-8ufe

vulnerability	VCID-cftz-enwf-6uht

vulnerability	VCID-eb7w-y953-67dy

vulnerability	VCID-ewh1-bpnm-8fh4

vulnerability	VCID-w999-rut7-z3cc

vulnerability	VCID-wk1m-n6h7-ufbv

vulnerability	VCID-wx6w-8yww-v3em

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/express-cart@1.0.1

url pkg:npm/express-cart@1.1.1

purl pkg:npm/express-cart@1.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-145a-97vu-jyeg

vulnerability	VCID-2cjq-uzsm-1uer

vulnerability	VCID-atgx-r2qy-8ufe

vulnerability	VCID-cftz-enwf-6uht

vulnerability	VCID-eb7w-y953-67dy

vulnerability	VCID-ewh1-bpnm-8fh4

vulnerability	VCID-w999-rut7-z3cc

vulnerability	VCID-wk1m-n6h7-ufbv

vulnerability	VCID-wx6w-8yww-v3em

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/express-cart@1.1.1

url pkg:npm/express-cart@1.1.2

purl pkg:npm/express-cart@1.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-145a-97vu-jyeg

vulnerability	VCID-2cjq-uzsm-1uer

vulnerability	VCID-atgx-r2qy-8ufe

vulnerability	VCID-cftz-enwf-6uht

vulnerability	VCID-eb7w-y953-67dy

vulnerability	VCID-ewh1-bpnm-8fh4

vulnerability	VCID-w999-rut7-z3cc

vulnerability	VCID-wk1m-n6h7-ufbv

vulnerability	VCID-wx6w-8yww-v3em

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/express-cart@1.1.2

url pkg:npm/express-cart@1.1.3

purl pkg:npm/express-cart@1.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-145a-97vu-jyeg

vulnerability	VCID-2cjq-uzsm-1uer

vulnerability	VCID-atgx-r2qy-8ufe

vulnerability	VCID-cftz-enwf-6uht

vulnerability	VCID-eb7w-y953-67dy

vulnerability	VCID-ewh1-bpnm-8fh4

vulnerability	VCID-w999-rut7-z3cc

vulnerability	VCID-wk1m-n6h7-ufbv

vulnerability	VCID-wx6w-8yww-v3em

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/express-cart@1.1.3

url pkg:npm/express-cart@1.1.4

purl pkg:npm/express-cart@1.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-145a-97vu-jyeg

vulnerability	VCID-2cjq-uzsm-1uer

vulnerability	VCID-atgx-r2qy-8ufe

vulnerability	VCID-cftz-enwf-6uht

vulnerability	VCID-eb7w-y953-67dy

vulnerability	VCID-ewh1-bpnm-8fh4

vulnerability	VCID-w999-rut7-z3cc

vulnerability	VCID-wk1m-n6h7-ufbv

vulnerability	VCID-wx6w-8yww-v3em

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/express-cart@1.1.4

url pkg:npm/express-cart@1.1.5

purl pkg:npm/express-cart@1.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-145a-97vu-jyeg

vulnerability	VCID-2cjq-uzsm-1uer

vulnerability	VCID-atgx-r2qy-8ufe

vulnerability	VCID-cftz-enwf-6uht

vulnerability	VCID-eb7w-y953-67dy

vulnerability	VCID-ewh1-bpnm-8fh4

vulnerability	VCID-w999-rut7-z3cc

vulnerability	VCID-wk1m-n6h7-ufbv

vulnerability	VCID-wx6w-8yww-v3em

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/express-cart@1.1.5

url pkg:npm/express-cart@1.1.6

purl pkg:npm/express-cart@1.1.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-145a-97vu-jyeg

vulnerability	VCID-atgx-r2qy-8ufe

vulnerability	VCID-eb7w-y953-67dy

vulnerability	VCID-w999-rut7-z3cc

vulnerability	VCID-wx6w-8yww-v3em

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/express-cart@1.1.6

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-3758

reference_id

reference_type

scores

value	0.00852
scoring_system	epss
scoring_elements	0.7527
published_at	2026-06-04T12:55:00Z

value	0.00852
scoring_system	epss
scoring_elements	0.75295
published_at	2026-06-07T12:55:00Z

value	0.00852
scoring_system	epss
scoring_elements	0.75303
published_at	2026-06-06T12:55:00Z

value	0.00852
scoring_system	epss
scoring_elements	0.753
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-3758

reference_url

https://github.com/mrvautin/expressCart/commit/65b18cfe426fa217aa6ada1d4162891883137893

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/mrvautin/expressCart/commit/65b18cfe426fa217aa6ada1d4162891883137893

reference_url

https://hackerone.com/reports/343726

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3
scoring_elements

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/343726

reference_url

https://github.com/nodejs/security-wg/blob/main/vuln/npm/441.json

reference_id

441

reference_type

scores

value	9.1
scoring_system	cvssv3
scoring_elements

url

https://github.com/nodejs/security-wg/blob/main/vuln/npm/441.json

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-3758

reference_id

CVE-2018-3758

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-3758

reference_url

https://github.com/advisories/GHSA-4w62-cq5r-5mmq

reference_id

GHSA-4w62-cq5r-5mmq

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4w62-cq5r-5mmq

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	434
name	Unrestricted Upload of File with Dangerous Type
description	The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 7.0 - 9.1

Exploitability 0.5

Weighted_severity 8.2

Risk_score 4.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w999-rut7-z3cc

Vulnerability Instance