Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-9qx2-tr6c-sbby

Summary Silverstripe CSRF vulnerability in GridFieldAddExistingAutocompleter

Aliases

alias	GHSA-2hpc-mf4q-j885

Fixed_packages

url pkg:composer/silverstripe/framework@3.1.17

purl pkg:composer/silverstripe/framework@3.1.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-6e1y-7jj8-a7cw

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-7me4-ggep-sbhj

vulnerability	VCID-7uum-b28k-nqbm

vulnerability	VCID-7wzc-kyxs-wbc2

vulnerability	VCID-91wy-94bg-bfc3

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-a95a-ygek-hfby

vulnerability	VCID-bexp-ws1g-1fdu

vulnerability	VCID-d9he-ahd2-xkde

vulnerability	VCID-eu6p-szkb-m7b1

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-km94-727n-nfa6

vulnerability	VCID-ku6h-zhz1-8ydr

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-u7hh-49t3-13df

vulnerability	VCID-ud6e-smr7-vffw

vulnerability	VCID-upvz-qc95-nua2

vulnerability	VCID-uww2-1x5r-ufc6

vulnerability	VCID-vrv4-sy3z-jfe2

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-xazf-vmz5-r3dj

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17

url pkg:composer/silverstripe/framework@3.2.2

purl pkg:composer/silverstripe/framework@3.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-6e1y-7jj8-a7cw

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-7me4-ggep-sbhj

vulnerability	VCID-7uum-b28k-nqbm

vulnerability	VCID-7wzc-kyxs-wbc2

vulnerability	VCID-91wy-94bg-bfc3

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-a95a-ygek-hfby

vulnerability	VCID-bexp-ws1g-1fdu

vulnerability	VCID-d9he-ahd2-xkde

vulnerability	VCID-eu6p-szkb-m7b1

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-km94-727n-nfa6

vulnerability	VCID-ku6h-zhz1-8ydr

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-u7hh-49t3-13df

vulnerability	VCID-ud6e-smr7-vffw

vulnerability	VCID-upvz-qc95-nua2

vulnerability	VCID-uww2-1x5r-ufc6

vulnerability	VCID-vrv4-sy3z-jfe2

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-xazf-vmz5-r3dj

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.2

url pkg:composer/silverstripe/framework@3.3.0

purl pkg:composer/silverstripe/framework@3.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-6e1y-7jj8-a7cw

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-7me4-ggep-sbhj

vulnerability	VCID-7uum-b28k-nqbm

vulnerability	VCID-7wzc-kyxs-wbc2

vulnerability	VCID-8py4-rxgp-uqdh

vulnerability	VCID-91wy-94bg-bfc3

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-a95a-ygek-hfby

vulnerability	VCID-bexp-ws1g-1fdu

vulnerability	VCID-c3wv-6zpv-zbfg

vulnerability	VCID-d9he-ahd2-xkde

vulnerability	VCID-eu6p-szkb-m7b1

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-km94-727n-nfa6

vulnerability	VCID-ku6h-zhz1-8ydr

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-u7hh-49t3-13df

vulnerability	VCID-ud6e-smr7-vffw

vulnerability	VCID-upvz-qc95-nua2

vulnerability	VCID-uww2-1x5r-ufc6

vulnerability	VCID-vrv4-sy3z-jfe2

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-xazf-vmz5-r3dj

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0

Affected_packages

url pkg:composer/silverstripe/framework@3.1.16

purl pkg:composer/silverstripe/framework@3.1.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1yc7-8qd2-zfhm

vulnerability	VCID-333j-w32t-ufhn

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-6e1y-7jj8-a7cw

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-7me4-ggep-sbhj

vulnerability	VCID-7uum-b28k-nqbm

vulnerability	VCID-7wzc-kyxs-wbc2

vulnerability	VCID-91wy-94bg-bfc3

vulnerability	VCID-9qx2-tr6c-sbby

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-a95a-ygek-hfby

vulnerability	VCID-bexp-ws1g-1fdu

vulnerability	VCID-d9he-ahd2-xkde

vulnerability	VCID-eu6p-szkb-m7b1

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-km94-727n-nfa6

vulnerability	VCID-ku6h-zhz1-8ydr

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-rat4-3wbz-33fu

vulnerability	VCID-u7hh-49t3-13df

vulnerability	VCID-ud6e-smr7-vffw

vulnerability	VCID-upvz-qc95-nua2

vulnerability	VCID-uww2-1x5r-ufc6

vulnerability	VCID-vrv4-sy3z-jfe2

vulnerability	VCID-wnrg-ruds-wqb4

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-xazf-vmz5-r3dj

vulnerability	VCID-yxg1-dz91-ckgs

vulnerability	VCID-zfrs-mqe3-4be8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.16

url pkg:composer/silverstripe/framework@3.2.0

purl pkg:composer/silverstripe/framework@3.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1yc7-8qd2-zfhm

vulnerability	VCID-333j-w32t-ufhn

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-6e1y-7jj8-a7cw

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-7me4-ggep-sbhj

vulnerability	VCID-7uum-b28k-nqbm

vulnerability	VCID-7wzc-kyxs-wbc2

vulnerability	VCID-91wy-94bg-bfc3

vulnerability	VCID-9qx2-tr6c-sbby

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-a95a-ygek-hfby

vulnerability	VCID-bexp-ws1g-1fdu

vulnerability	VCID-c3wv-6zpv-zbfg

vulnerability	VCID-d9he-ahd2-xkde

vulnerability	VCID-empu-95n7-5qcq

vulnerability	VCID-eu6p-szkb-m7b1

vulnerability	VCID-farn-35ej-t7eg

vulnerability	VCID-gw4m-zbjs-3fgx

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-km94-727n-nfa6

vulnerability	VCID-ku6h-zhz1-8ydr

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-rat4-3wbz-33fu

vulnerability	VCID-tzgn-vazz-7kct

vulnerability	VCID-u7hh-49t3-13df

vulnerability	VCID-ud6e-smr7-vffw

vulnerability	VCID-upvz-qc95-nua2

vulnerability	VCID-uww2-1x5r-ufc6

vulnerability	VCID-vrv4-sy3z-jfe2

vulnerability	VCID-wnrg-ruds-wqb4

vulnerability	VCID-wxc6-ndg5-dqd9

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-xazf-vmz5-r3dj

vulnerability	VCID-yxg1-dz91-ckgs

vulnerability	VCID-zfrs-mqe3-4be8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.0

url pkg:composer/silverstripe/framework@3.2.1

purl pkg:composer/silverstripe/framework@3.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1yc7-8qd2-zfhm

vulnerability	VCID-333j-w32t-ufhn

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-6e1y-7jj8-a7cw

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-7me4-ggep-sbhj

vulnerability	VCID-7uum-b28k-nqbm

vulnerability	VCID-7wzc-kyxs-wbc2

vulnerability	VCID-91wy-94bg-bfc3

vulnerability	VCID-9qx2-tr6c-sbby

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-a95a-ygek-hfby

vulnerability	VCID-bexp-ws1g-1fdu

vulnerability	VCID-d9he-ahd2-xkde

vulnerability	VCID-eu6p-szkb-m7b1

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-km94-727n-nfa6

vulnerability	VCID-ku6h-zhz1-8ydr

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-rat4-3wbz-33fu

vulnerability	VCID-u7hh-49t3-13df

vulnerability	VCID-ud6e-smr7-vffw

vulnerability	VCID-upvz-qc95-nua2

vulnerability	VCID-uww2-1x5r-ufc6

vulnerability	VCID-vrv4-sy3z-jfe2

vulnerability	VCID-wnrg-ruds-wqb4

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-xazf-vmz5-r3dj

vulnerability	VCID-yxg1-dz91-ckgs

vulnerability	VCID-zfrs-mqe3-4be8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1

url pkg:composer/silverstripe/framework@3.3.0-beta1

purl pkg:composer/silverstripe/framework@3.3.0-beta1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1yc7-8qd2-zfhm

vulnerability	VCID-333j-w32t-ufhn

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-6e1y-7jj8-a7cw

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-7me4-ggep-sbhj

vulnerability	VCID-7uum-b28k-nqbm

vulnerability	VCID-7wzc-kyxs-wbc2

vulnerability	VCID-8py4-rxgp-uqdh

vulnerability	VCID-91wy-94bg-bfc3

vulnerability	VCID-9qx2-tr6c-sbby

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-a95a-ygek-hfby

vulnerability	VCID-bexp-ws1g-1fdu

vulnerability	VCID-d9he-ahd2-xkde

vulnerability	VCID-eu6p-szkb-m7b1

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-km94-727n-nfa6

vulnerability	VCID-ku6h-zhz1-8ydr

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-rat4-3wbz-33fu

vulnerability	VCID-u7hh-49t3-13df

vulnerability	VCID-ud6e-smr7-vffw

vulnerability	VCID-upvz-qc95-nua2

vulnerability	VCID-uww2-1x5r-ufc6

vulnerability	VCID-vrv4-sy3z-jfe2

vulnerability	VCID-wnrg-ruds-wqb4

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-xazf-vmz5-r3dj

vulnerability	VCID-yxg1-dz91-ckgs

vulnerability	VCID-zfrs-mqe3-4be8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0-beta1

url pkg:composer/silverstripe/framework@3.3.0-rc2

purl pkg:composer/silverstripe/framework@3.3.0-rc2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-333j-w32t-ufhn

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-6e1y-7jj8-a7cw

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-7me4-ggep-sbhj

vulnerability	VCID-7uum-b28k-nqbm

vulnerability	VCID-7wzc-kyxs-wbc2

vulnerability	VCID-8py4-rxgp-uqdh

vulnerability	VCID-91wy-94bg-bfc3

vulnerability	VCID-9qx2-tr6c-sbby

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-a95a-ygek-hfby

vulnerability	VCID-bexp-ws1g-1fdu

vulnerability	VCID-d9he-ahd2-xkde

vulnerability	VCID-eu6p-szkb-m7b1

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-km94-727n-nfa6

vulnerability	VCID-ku6h-zhz1-8ydr

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-u7hh-49t3-13df

vulnerability	VCID-ud6e-smr7-vffw

vulnerability	VCID-upvz-qc95-nua2

vulnerability	VCID-uww2-1x5r-ufc6

vulnerability	VCID-vrv4-sy3z-jfe2

vulnerability	VCID-wnrg-ruds-wqb4

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-xazf-vmz5-r3dj

vulnerability	VCID-yxg1-dz91-ckgs

vulnerability	VCID-zfrs-mqe3-4be8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0-rc2

References

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-002-1.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-002-1.yaml

reference_url

https://github.com/silverstripe/silverstripe-framework

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework

reference_url

https://github.com/silverstripe/silverstripe-framework/commit/013524af5069bb0cf909853f04418d9bef56d18c

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework/commit/013524af5069bb0cf909853f04418d9bef56d18c

reference_url

https://github.com/silverstripe/silverstripe-framework/commit/56e92f5a32e45849cc9361c8603c31d7010c9d36

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework/commit/56e92f5a32e45849cc9361c8603c31d7010c9d36

reference_url

https://github.com/silverstripe/silverstripe-framework/commit/e2c77c5a8f13e901c51a3684210811559b592f0c

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework/commit/e2c77c5a8f13e901c51a3684210811559b592f0c

reference_url

https://www.silverstripe.org/download/security-releases/ss-2016-002

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/ss-2016-002

reference_url

https://github.com/advisories/GHSA-2hpc-mf4q-j885

reference_id

GHSA-2hpc-mf4q-j885

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2hpc-mf4q-j885

Weaknesses

cwe_id	352
name	Cross-Site Request Forgery (CSRF)
description	The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9qx2-tr6c-sbby

Vulnerability Instance