Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-65ge-6jvh-3ffy

Summary

Arbitrary file upload via deserialization
A remote attacker able to supply a serialized instance of the DiskFileItem class, which will be deserialized on a server, could use this flaw to write arbitrary content to any location on the server that is permitted by the user running the application server process.

Aliases

alias	CVE-2013-2185

alias	GHSA-v6c7-8qx5-8gmp

Fixed_packages

url pkg:maven/org.apache.tomcat/tomcat@7.0.39

purl pkg:maven/org.apache.tomcat/tomcat@7.0.39

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-333t-ujej-7yhu

vulnerability	VCID-3tme-zh53-7ubx

vulnerability	VCID-3txt-1psa-5kf5

vulnerability	VCID-59dd-qzpt-aucm

vulnerability	VCID-5udv-rheh-kqfy

vulnerability	VCID-ct4z-hxx3-53bw

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-g3vd-74yh-s7bn

vulnerability	VCID-gc4t-aqwd-rkba

vulnerability	VCID-nxb3-55eu-auhp

vulnerability	VCID-rbvh-4npk-nub9

vulnerability	VCID-rtmv-qetu-yqfa

vulnerability	VCID-vu84-dfwa-z3dg

vulnerability	VCID-webw-gryb-7ucv

vulnerability	VCID-wmb3-3j7y-due7

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.39

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.34

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.34

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3tme-zh53-7ubx

vulnerability	VCID-3txt-1psa-5kf5

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-jbh7-zmq6-bfgs

vulnerability	VCID-webw-gryb-7ucv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.34

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.40

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.40

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3tme-zh53-7ubx

vulnerability	VCID-3txt-1psa-5kf5

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-jbh7-zmq6-bfgs

vulnerability	VCID-webw-gryb-7ucv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.40

url	pkg:maven/org.jboss.web/jbossweb@7.2.2
purl	pkg:maven/org.jboss.web/jbossweb@7.2.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.web/jbossweb@7.2.2

Affected_packages

url pkg:maven/org.apache.tomcat/tomcat-coyote@7-alpha0

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7-alpha0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3txt-1psa-5kf5

vulnerability	VCID-65ge-6jvh-3ffy

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7-alpha0

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.0

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1a1b-3pdg-jbfq

vulnerability	VCID-3tme-zh53-7ubx

vulnerability	VCID-3txt-1psa-5kf5

vulnerability	VCID-65ge-6jvh-3ffy

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-webw-gryb-7ucv

vulnerability	VCID-y9hs-ymcm-3ucx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.0

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.2

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3tme-zh53-7ubx

vulnerability	VCID-3txt-1psa-5kf5

vulnerability	VCID-65ge-6jvh-3ffy

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-webw-gryb-7ucv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.2

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.4

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3tme-zh53-7ubx

vulnerability	VCID-3txt-1psa-5kf5

vulnerability	VCID-65ge-6jvh-3ffy

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-webw-gryb-7ucv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.4

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.5

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3tme-zh53-7ubx

vulnerability	VCID-3txt-1psa-5kf5

vulnerability	VCID-65ge-6jvh-3ffy

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-webw-gryb-7ucv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.5

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.6

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3tme-zh53-7ubx

vulnerability	VCID-3txt-1psa-5kf5

vulnerability	VCID-65ge-6jvh-3ffy

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-webw-gryb-7ucv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.6

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.8

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3tme-zh53-7ubx

vulnerability	VCID-3txt-1psa-5kf5

vulnerability	VCID-65ge-6jvh-3ffy

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-webw-gryb-7ucv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.8

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.11

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3tme-zh53-7ubx

vulnerability	VCID-3txt-1psa-5kf5

vulnerability	VCID-65ge-6jvh-3ffy

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-webw-gryb-7ucv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.11

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.12

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3tme-zh53-7ubx

vulnerability	VCID-3txt-1psa-5kf5

vulnerability	VCID-65ge-6jvh-3ffy

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-webw-gryb-7ucv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.12

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.14

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3tme-zh53-7ubx

vulnerability	VCID-3txt-1psa-5kf5

vulnerability	VCID-65ge-6jvh-3ffy

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-webw-gryb-7ucv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.14

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.16

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3tme-zh53-7ubx

vulnerability	VCID-3txt-1psa-5kf5

vulnerability	VCID-65ge-6jvh-3ffy

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-webw-gryb-7ucv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.16

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.19

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3tme-zh53-7ubx

vulnerability	VCID-3txt-1psa-5kf5

vulnerability	VCID-65ge-6jvh-3ffy

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-webw-gryb-7ucv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.19

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.20

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3tme-zh53-7ubx

vulnerability	VCID-3txt-1psa-5kf5

vulnerability	VCID-65ge-6jvh-3ffy

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-webw-gryb-7ucv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.20

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.21

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3tme-zh53-7ubx

vulnerability	VCID-3txt-1psa-5kf5

vulnerability	VCID-65ge-6jvh-3ffy

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-webw-gryb-7ucv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.21

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.22

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.22

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3tme-zh53-7ubx

vulnerability	VCID-3txt-1psa-5kf5

vulnerability	VCID-65ge-6jvh-3ffy

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-webw-gryb-7ucv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.22

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.23

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.23

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3tme-zh53-7ubx

vulnerability	VCID-3txt-1psa-5kf5

vulnerability	VCID-65ge-6jvh-3ffy

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-webw-gryb-7ucv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.23

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.25

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3tme-zh53-7ubx

vulnerability	VCID-3txt-1psa-5kf5

vulnerability	VCID-65ge-6jvh-3ffy

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-webw-gryb-7ucv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.25

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.26

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3tme-zh53-7ubx

vulnerability	VCID-3txt-1psa-5kf5

vulnerability	VCID-65ge-6jvh-3ffy

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-webw-gryb-7ucv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.26

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.27

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3tme-zh53-7ubx

vulnerability	VCID-3txt-1psa-5kf5

vulnerability	VCID-65ge-6jvh-3ffy

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-jbh7-zmq6-bfgs

vulnerability	VCID-webw-gryb-7ucv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.27

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.28

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.28

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3tme-zh53-7ubx

vulnerability	VCID-3txt-1psa-5kf5

vulnerability	VCID-65ge-6jvh-3ffy

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-jbh7-zmq6-bfgs

vulnerability	VCID-webw-gryb-7ucv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.28

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.29

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.29

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3tme-zh53-7ubx

vulnerability	VCID-3txt-1psa-5kf5

vulnerability	VCID-65ge-6jvh-3ffy

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-jbh7-zmq6-bfgs

vulnerability	VCID-webw-gryb-7ucv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.29

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.30

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.30

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3tme-zh53-7ubx

vulnerability	VCID-3txt-1psa-5kf5

vulnerability	VCID-65ge-6jvh-3ffy

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-jbh7-zmq6-bfgs

vulnerability	VCID-webw-gryb-7ucv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.30

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.32

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.32

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3tme-zh53-7ubx

vulnerability	VCID-3txt-1psa-5kf5

vulnerability	VCID-65ge-6jvh-3ffy

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-jbh7-zmq6-bfgs

vulnerability	VCID-webw-gryb-7ucv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.32

url pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.33

purl pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.33

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3tme-zh53-7ubx

vulnerability	VCID-3txt-1psa-5kf5

vulnerability	VCID-65ge-6jvh-3ffy

vulnerability	VCID-essq-6syu-6ygm

vulnerability	VCID-jbh7-zmq6-bfgs

vulnerability	VCID-webw-gryb-7ucv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@7.0.33

url pkg:rpm/redhat/jbossweb@7.2.0-3.redhat_2.ep6?arch=el6

purl pkg:rpm/redhat/jbossweb@7.2.0-3.redhat_2.ep6?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-65ge-6jvh-3ffy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbossweb@7.2.0-3.redhat_2.ep6%3Farch=el6

url pkg:rpm/redhat/jbossweb@7.2.0-3.redhat_2.ep6?arch=el5

purl pkg:rpm/redhat/jbossweb@7.2.0-3.redhat_2.ep6?arch=el5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-65ge-6jvh-3ffy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbossweb@7.2.0-3.redhat_2.ep6%3Farch=el5

References

reference_url

http://openwall.com/lists/oss-security/2014/10/24/12

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2014/10/24/12

reference_url

http://rhn.redhat.com/errata/RHSA-2013-1193.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-1193.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-1194.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-1194.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-1265.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-1265.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2185.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2185.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-2185

reference_id

reference_type

scores

value	0.05286
scoring_system	epss
scoring_elements	0.90181
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-2185

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2185
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2185

reference_url

https://github.com/apache/tomcat

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat

reference_url	https://github.com/apache/tomcat/commit/e246e5fc13307da0a5d3bbf860d64d97be1c40f8
reference_id
reference_type
scores
url	https://github.com/apache/tomcat/commit/e246e5fc13307da0a5d3bbf860d64d97be1c40f8

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-2185

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-2185

reference_url

http://www.openwall.com/lists/oss-security/2013/09/05/4

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2013/09/05/4

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=974813
reference_id	974813
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=974813

reference_url	https://github.com/advisories/GHSA-v6c7-8qx5-8gmp
reference_id	GHSA-v6c7-8qx5-8gmp
reference_type
scores
url	https://github.com/advisories/GHSA-v6c7-8qx5-8gmp

reference_url	https://access.redhat.com/errata/RHSA-2013:1193
reference_id	RHSA-2013:1193
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1193

reference_url	https://access.redhat.com/errata/RHSA-2013:1194
reference_id	RHSA-2013:1194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1194

reference_url	https://access.redhat.com/errata/RHSA-2013:1265
reference_id	RHSA-2013:1265
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1265

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	20
name	Improper Input Validation
description	The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	502
name	Deserialization of Untrusted Data
description	The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

cwe_id	626
name	Null Byte Interaction Error (Poison Null Byte)
description	The product does not properly handle null bytes or NUL characters when passing data between different representations or components.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-65ge-6jvh-3ffy

Vulnerability Instance