Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-hkhf-b95f-9ycj

Summary

Queued jobs serialised data exposure
SavedJobData and SavedJobMessages contain php serialized data. There's no point showing these to a CMS Admin as they're not human readable. Worse, it might be insecure, as a malicious CMS Admin might be able to craft a payload thats dangerous to unserialize. This issue has been resolved by hiding this content, even from administrators.

Aliases

alias	SS-2015-024

Fixed_packages

url	pkg:composer/silverstripe/cms@3.0.10
purl	pkg:composer/silverstripe/cms@3.0.10
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@3.0.10

Affected_packages

References

reference_url	http://www.silverstripe.org/download/security-releases/SS-2015-024
reference_id
reference_type
scores
url	http://www.silverstripe.org/download/security-releases/SS-2015-024

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hkhf-b95f-9ycj

Vulnerability Instance