Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-p8b8-ep2u-nbam
Summary
Injection Vulnerability
Bypass of security constraints via URL parameter injection.
Aliases
0
alias CVE-2014-4172
1
alias GHSA-9fc5-q25c-r2wr
Fixed_packages
0
url pkg:composer/jasig/phpcas@1.3.3
purl pkg:composer/jasig/phpcas@1.3.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/jasig/phpcas@1.3.3
1
url pkg:maven/org.jasig.cas/cas-client-core@3.3.2
purl pkg:maven/org.jasig.cas/cas-client-core@3.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jasig.cas/cas-client-core@3.3.2
Affected_packages
0
url pkg:maven/org.jasig.cas/cas-client-core@3
purl pkg:maven/org.jasig.cas/cas-client-core@3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p8b8-ep2u-nbam
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jasig.cas/cas-client-core@3
1
url pkg:maven/org.jasig.cas/cas-client-core@3.3.1
purl pkg:maven/org.jasig.cas/cas-client-core@3.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p8b8-ep2u-nbam
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jasig.cas/cas-client-core@3.3.1
References
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html
1
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718
reference_id
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1131350
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1131350
3
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/95673
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/95673
4
reference_url https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d
reference_id
reference_type
scores
url https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d
5
reference_url https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814
reference_id
reference_type
scores
url https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814
6
reference_url https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog
reference_id
reference_type
scores
url https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog
7
reference_url https://github.com/Jasig/phpCAS/pull/125
reference_id
reference_type
scores
url https://github.com/Jasig/phpCAS/pull/125
8
reference_url https://issues.jasig.org/browse/CASC-228
reference_id
reference_type
scores
url https://issues.jasig.org/browse/CASC-228
9
reference_url https://www.debian.org/security/2014/dsa-3017.en.html
reference_id
reference_type
scores
url https://www.debian.org/security/2014/dsa-3017.en.html
10
reference_url https://www.mail-archive.com/cas-user@lists.jasig.org/msg17338.html
reference_id
reference_type
scores
url https://www.mail-archive.com/cas-user@lists.jasig.org/msg17338.html
11
reference_url https://bugzilla.redhat.com/CVE-2014-4172
reference_id CVE-2014-4172
reference_type
scores
url https://bugzilla.redhat.com/CVE-2014-4172
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-4172
reference_id CVE-2014-4172
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2014-4172
13
reference_url https://github.com/advisories/GHSA-9fc5-q25c-r2wr
reference_id GHSA-9fc5-q25c-r2wr
reference_type
scores
url https://github.com/advisories/GHSA-9fc5-q25c-r2wr
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 74
name Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
description The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-p8b8-ep2u-nbam