Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-c32f-9k32-8fd8
Summary
ReDoS via long string of semicolons
Tough-cookie contain a vulnerable regular expression that, under certain conditions involving long strings of semicolons in the "Set-Cookie" header, causes the event loop to block for excessive amounts of time.
Aliases
0
alias GMS-2016-49
Fixed_packages
0
url pkg:npm/tough-cookie@2.3.0
purl pkg:npm/tough-cookie@2.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1184-u997-5bg8
1
vulnerability VCID-89zn-s5xk-1fae
2
vulnerability VCID-fw6d-67pk-tkhz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@2.3.0
Affected_packages
0
url pkg:npm/tough-cookie@0.9.7
purl pkg:npm/tough-cookie@0.9.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1184-u997-5bg8
1
vulnerability VCID-89zn-s5xk-1fae
2
vulnerability VCID-c32f-9k32-8fd8
3
vulnerability VCID-fe47-wbt4-7ycx
4
vulnerability VCID-fw6d-67pk-tkhz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.9.7
1
url pkg:npm/tough-cookie@0.9.8
purl pkg:npm/tough-cookie@0.9.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1184-u997-5bg8
1
vulnerability VCID-89zn-s5xk-1fae
2
vulnerability VCID-c32f-9k32-8fd8
3
vulnerability VCID-fe47-wbt4-7ycx
4
vulnerability VCID-fw6d-67pk-tkhz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.9.8
2
url pkg:npm/tough-cookie@0.9.9
purl pkg:npm/tough-cookie@0.9.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1184-u997-5bg8
1
vulnerability VCID-89zn-s5xk-1fae
2
vulnerability VCID-c32f-9k32-8fd8
3
vulnerability VCID-fe47-wbt4-7ycx
4
vulnerability VCID-fw6d-67pk-tkhz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.9.9
3
url pkg:npm/tough-cookie@0.9.11
purl pkg:npm/tough-cookie@0.9.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1184-u997-5bg8
1
vulnerability VCID-89zn-s5xk-1fae
2
vulnerability VCID-c32f-9k32-8fd8
3
vulnerability VCID-fe47-wbt4-7ycx
4
vulnerability VCID-fw6d-67pk-tkhz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.9.11
4
url pkg:npm/tough-cookie@0.9.12
purl pkg:npm/tough-cookie@0.9.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1184-u997-5bg8
1
vulnerability VCID-89zn-s5xk-1fae
2
vulnerability VCID-c32f-9k32-8fd8
3
vulnerability VCID-fe47-wbt4-7ycx
4
vulnerability VCID-fw6d-67pk-tkhz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.9.12
5
url pkg:npm/tough-cookie@0.9.13
purl pkg:npm/tough-cookie@0.9.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1184-u997-5bg8
1
vulnerability VCID-89zn-s5xk-1fae
2
vulnerability VCID-c32f-9k32-8fd8
3
vulnerability VCID-fe47-wbt4-7ycx
4
vulnerability VCID-fw6d-67pk-tkhz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.9.13
6
url pkg:npm/tough-cookie@0.9.14
purl pkg:npm/tough-cookie@0.9.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1184-u997-5bg8
1
vulnerability VCID-89zn-s5xk-1fae
2
vulnerability VCID-c32f-9k32-8fd8
3
vulnerability VCID-fe47-wbt4-7ycx
4
vulnerability VCID-fw6d-67pk-tkhz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.9.14
7
url pkg:npm/tough-cookie@0.9.15
purl pkg:npm/tough-cookie@0.9.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1184-u997-5bg8
1
vulnerability VCID-89zn-s5xk-1fae
2
vulnerability VCID-c32f-9k32-8fd8
3
vulnerability VCID-fe47-wbt4-7ycx
4
vulnerability VCID-fw6d-67pk-tkhz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.9.15
8
url pkg:npm/tough-cookie@0.10.0
purl pkg:npm/tough-cookie@0.10.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1184-u997-5bg8
1
vulnerability VCID-89zn-s5xk-1fae
2
vulnerability VCID-c32f-9k32-8fd8
3
vulnerability VCID-fe47-wbt4-7ycx
4
vulnerability VCID-fw6d-67pk-tkhz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.10.0
9
url pkg:npm/tough-cookie@0.11.0
purl pkg:npm/tough-cookie@0.11.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1184-u997-5bg8
1
vulnerability VCID-89zn-s5xk-1fae
2
vulnerability VCID-c32f-9k32-8fd8
3
vulnerability VCID-fe47-wbt4-7ycx
4
vulnerability VCID-fw6d-67pk-tkhz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.11.0
10
url pkg:npm/tough-cookie@0.12.0
purl pkg:npm/tough-cookie@0.12.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1184-u997-5bg8
1
vulnerability VCID-89zn-s5xk-1fae
2
vulnerability VCID-c32f-9k32-8fd8
3
vulnerability VCID-fe47-wbt4-7ycx
4
vulnerability VCID-fw6d-67pk-tkhz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.12.0
11
url pkg:npm/tough-cookie@0.12.1
purl pkg:npm/tough-cookie@0.12.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1184-u997-5bg8
1
vulnerability VCID-89zn-s5xk-1fae
2
vulnerability VCID-c32f-9k32-8fd8
3
vulnerability VCID-fe47-wbt4-7ycx
4
vulnerability VCID-fw6d-67pk-tkhz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.12.1
12
url pkg:npm/tough-cookie@0.13.0
purl pkg:npm/tough-cookie@0.13.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1184-u997-5bg8
1
vulnerability VCID-89zn-s5xk-1fae
2
vulnerability VCID-c32f-9k32-8fd8
3
vulnerability VCID-fe47-wbt4-7ycx
4
vulnerability VCID-fw6d-67pk-tkhz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@0.13.0
13
url pkg:npm/tough-cookie@1.0.0
purl pkg:npm/tough-cookie@1.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1184-u997-5bg8
1
vulnerability VCID-89zn-s5xk-1fae
2
vulnerability VCID-c32f-9k32-8fd8
3
vulnerability VCID-fe47-wbt4-7ycx
4
vulnerability VCID-fw6d-67pk-tkhz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@1.0.0
14
url pkg:npm/tough-cookie@1.1.0
purl pkg:npm/tough-cookie@1.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1184-u997-5bg8
1
vulnerability VCID-89zn-s5xk-1fae
2
vulnerability VCID-c32f-9k32-8fd8
3
vulnerability VCID-fe47-wbt4-7ycx
4
vulnerability VCID-fw6d-67pk-tkhz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@1.1.0
15
url pkg:npm/tough-cookie@1.2.0
purl pkg:npm/tough-cookie@1.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1184-u997-5bg8
1
vulnerability VCID-89zn-s5xk-1fae
2
vulnerability VCID-c32f-9k32-8fd8
3
vulnerability VCID-fe47-wbt4-7ycx
4
vulnerability VCID-fw6d-67pk-tkhz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@1.2.0
16
url pkg:npm/tough-cookie@2.0.0
purl pkg:npm/tough-cookie@2.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1184-u997-5bg8
1
vulnerability VCID-89zn-s5xk-1fae
2
vulnerability VCID-c32f-9k32-8fd8
3
vulnerability VCID-fe47-wbt4-7ycx
4
vulnerability VCID-fw6d-67pk-tkhz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@2.0.0
17
url pkg:npm/tough-cookie@2.1.0
purl pkg:npm/tough-cookie@2.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1184-u997-5bg8
1
vulnerability VCID-89zn-s5xk-1fae
2
vulnerability VCID-c32f-9k32-8fd8
3
vulnerability VCID-fe47-wbt4-7ycx
4
vulnerability VCID-fw6d-67pk-tkhz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@2.1.0
18
url pkg:npm/tough-cookie@2.2.0
purl pkg:npm/tough-cookie@2.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1184-u997-5bg8
1
vulnerability VCID-89zn-s5xk-1fae
2
vulnerability VCID-c32f-9k32-8fd8
3
vulnerability VCID-fe47-wbt4-7ycx
4
vulnerability VCID-fw6d-67pk-tkhz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@2.2.0
19
url pkg:npm/tough-cookie@2.2.1
purl pkg:npm/tough-cookie@2.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1184-u997-5bg8
1
vulnerability VCID-89zn-s5xk-1fae
2
vulnerability VCID-c32f-9k32-8fd8
3
vulnerability VCID-fe47-wbt4-7ycx
4
vulnerability VCID-fw6d-67pk-tkhz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@2.2.1
20
url pkg:npm/tough-cookie@2.2.2
purl pkg:npm/tough-cookie@2.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1184-u997-5bg8
1
vulnerability VCID-89zn-s5xk-1fae
2
vulnerability VCID-c32f-9k32-8fd8
3
vulnerability VCID-fe47-wbt4-7ycx
4
vulnerability VCID-fw6d-67pk-tkhz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/tough-cookie@2.2.2
References
0
reference_url https://github.com/SalesforceEng/tough-cookie/pull/68
reference_id
reference_type
scores
url https://github.com/SalesforceEng/tough-cookie/pull/68
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitability0.5
Weighted_severity0.0
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-c32f-9k32-8fd8