Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-wg63-y8w2-6qc6

Summary

Cross-Site Request Forgery (CSRF)
Incorrect CSRF validation in cakephp.

Aliases

alias	GMS-2015-61

Fixed_packages

url pkg:composer/cakephp/cakephp@3.0.4

purl pkg:composer/cakephp/cakephp@3.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6x9m-nyfs-a7hq

vulnerability	VCID-84hg-51gr-2qhx

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-cz9h-hf83-eycy

vulnerability	VCID-dha1-eyc9-7qff

vulnerability	VCID-f8wn-raej-7qg4

vulnerability	VCID-s536-vx42-xbhk

vulnerability	VCID-yps8-ffx6-3fay

vulnerability	VCID-zbjb-pafr-uudq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.0.4

Affected_packages

url pkg:composer/cakephp/cakephp@3.0.0

purl pkg:composer/cakephp/cakephp@3.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6x9m-nyfs-a7hq

vulnerability	VCID-84hg-51gr-2qhx

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-cyxs-ap7s-a7az

vulnerability	VCID-cz9h-hf83-eycy

vulnerability	VCID-dha1-eyc9-7qff

vulnerability	VCID-f8wn-raej-7qg4

vulnerability	VCID-s536-vx42-xbhk

vulnerability	VCID-wg63-y8w2-6qc6

vulnerability	VCID-yps8-ffx6-3fay

vulnerability	VCID-zbjb-pafr-uudq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.0.0

url pkg:composer/cakephp/cakephp@3.0.1

purl pkg:composer/cakephp/cakephp@3.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6x9m-nyfs-a7hq

vulnerability	VCID-84hg-51gr-2qhx

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-cyxs-ap7s-a7az

vulnerability	VCID-cz9h-hf83-eycy

vulnerability	VCID-dha1-eyc9-7qff

vulnerability	VCID-f8wn-raej-7qg4

vulnerability	VCID-s536-vx42-xbhk

vulnerability	VCID-wg63-y8w2-6qc6

vulnerability	VCID-yps8-ffx6-3fay

vulnerability	VCID-zbjb-pafr-uudq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.0.1

url pkg:composer/cakephp/cakephp@3.0.2

purl pkg:composer/cakephp/cakephp@3.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6x9m-nyfs-a7hq

vulnerability	VCID-84hg-51gr-2qhx

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-cyxs-ap7s-a7az

vulnerability	VCID-cz9h-hf83-eycy

vulnerability	VCID-dha1-eyc9-7qff

vulnerability	VCID-f8wn-raej-7qg4

vulnerability	VCID-s536-vx42-xbhk

vulnerability	VCID-wg63-y8w2-6qc6

vulnerability	VCID-yps8-ffx6-3fay

vulnerability	VCID-zbjb-pafr-uudq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.0.2

url pkg:composer/cakephp/cakephp@3.0.3

purl pkg:composer/cakephp/cakephp@3.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6x9m-nyfs-a7hq

vulnerability	VCID-84hg-51gr-2qhx

vulnerability	VCID-cp8q-ar71-mqdf

vulnerability	VCID-cyxs-ap7s-a7az

vulnerability	VCID-cz9h-hf83-eycy

vulnerability	VCID-dha1-eyc9-7qff

vulnerability	VCID-f8wn-raej-7qg4

vulnerability	VCID-s536-vx42-xbhk

vulnerability	VCID-wg63-y8w2-6qc6

vulnerability	VCID-yps8-ffx6-3fay

vulnerability	VCID-zbjb-pafr-uudq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@3.0.3

References

reference_url	https://bakery.cakephp.org/2015/05/07/cakephp_3_0_4_released.html
reference_id
reference_type
scores
url	https://bakery.cakephp.org/2015/05/07/cakephp_3_0_4_released.html

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score null

Exploitability 0.5

Weighted_severity 0.0

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wg63-y8w2-6qc6

Vulnerability Instance