Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-ydbd-973n-fkaa
Summary
Tmp files readable by other users
The sync-exec module is used to simulate child_process.execSync in node Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain confidential information from the buffer/tmp file, while it exists.
Aliases
0
alias GMS-2016-9
Fixed_packages
Affected_packages
0
url pkg:npm/sync-exec@0.0.0-alpha
purl pkg:npm/sync-exec@0.0.0-alpha
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ydbd-973n-fkaa
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/sync-exec@0.0.0-alpha
1
url pkg:npm/sync-exec@0.3.0
purl pkg:npm/sync-exec@0.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49xf-215m-9ub5
1
vulnerability VCID-ydbd-973n-fkaa
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/sync-exec@0.3.0
2
url pkg:npm/sync-exec@0.3.1
purl pkg:npm/sync-exec@0.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49xf-215m-9ub5
1
vulnerability VCID-ydbd-973n-fkaa
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/sync-exec@0.3.1
3
url pkg:npm/sync-exec@0.3.2
purl pkg:npm/sync-exec@0.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49xf-215m-9ub5
1
vulnerability VCID-ydbd-973n-fkaa
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/sync-exec@0.3.2
4
url pkg:npm/sync-exec@0.4.0
purl pkg:npm/sync-exec@0.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49xf-215m-9ub5
1
vulnerability VCID-ydbd-973n-fkaa
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/sync-exec@0.4.0
5
url pkg:npm/sync-exec@0.5.0
purl pkg:npm/sync-exec@0.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49xf-215m-9ub5
1
vulnerability VCID-ydbd-973n-fkaa
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/sync-exec@0.5.0
6
url pkg:npm/sync-exec@0.6.0
purl pkg:npm/sync-exec@0.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49xf-215m-9ub5
1
vulnerability VCID-ydbd-973n-fkaa
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/sync-exec@0.6.0
7
url pkg:npm/sync-exec@0.6.1
purl pkg:npm/sync-exec@0.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49xf-215m-9ub5
1
vulnerability VCID-ydbd-973n-fkaa
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/sync-exec@0.6.1
8
url pkg:npm/sync-exec@0.6.2
purl pkg:npm/sync-exec@0.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49xf-215m-9ub5
1
vulnerability VCID-ydbd-973n-fkaa
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/sync-exec@0.6.2
References
0
reference_url https://github.com/gvarsanyi/sync-exec/issues/17
reference_id
reference_type
scores
url https://github.com/gvarsanyi/sync-exec/issues/17
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitability0.5
Weighted_severity0.0
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-ydbd-973n-fkaa