Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-q7pe-bvr1-g3bc
Summary
Cryptographic Issues
An issue was discovered in phpMyAdmin. When the user does not specify a `blowfish_secret` key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's `blowfish_secret` and potentially decrypt their cookies.
Aliases
0
alias CVE-2016-9847
Fixed_packages
0
url pkg:composer/phpmyadmin/phpmyadmin@4.7.0
purl pkg:composer/phpmyadmin/phpmyadmin@4.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-axtb-1njj-rbb4
1
vulnerability VCID-q45d-5bf4-tff5
2
vulnerability VCID-r4zz-m2mr-9qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0
Affected_packages
0
url pkg:composer/phpmyadmin/phpmyadmin@4.0.0
purl pkg:composer/phpmyadmin/phpmyadmin@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hvw-4h4d-zkhv
1
vulnerability VCID-23dq-w66r-k3bt
2
vulnerability VCID-2at1-y3qg-77fb
3
vulnerability VCID-2vqn-z4en-duh4
4
vulnerability VCID-32ja-yuuw-bbbh
5
vulnerability VCID-38tp-acy8-57hj
6
vulnerability VCID-3va7-xx14-gkds
7
vulnerability VCID-44uc-xrvp-7bet
8
vulnerability VCID-4avx-e9mf-2yb1
9
vulnerability VCID-4kax-4bpz-g7c5
10
vulnerability VCID-4vgu-cagj-hfhb
11
vulnerability VCID-4wn2-pnbv-sked
12
vulnerability VCID-52xs-45kd-w3hz
13
vulnerability VCID-ajf6-bk2g-wkb7
14
vulnerability VCID-amgy-teas-euh5
15
vulnerability VCID-btc1-yng3-ckhx
16
vulnerability VCID-cbjd-e3sk-m7bu
17
vulnerability VCID-dx3h-z4dg-m3e1
18
vulnerability VCID-gmjk-222y-abda
19
vulnerability VCID-gtps-py3z-13cu
20
vulnerability VCID-jmn8-a5r9-2qc8
21
vulnerability VCID-k5ph-wws1-fqg4
22
vulnerability VCID-mgu4-pf1x-r3dy
23
vulnerability VCID-n66y-s36g-fqck
24
vulnerability VCID-n7cc-xfym-u7g4
25
vulnerability VCID-nuju-ekmt-k7g9
26
vulnerability VCID-nv3j-xj42-wfcw
27
vulnerability VCID-q45d-5bf4-tff5
28
vulnerability VCID-q7pe-bvr1-g3bc
29
vulnerability VCID-qqyb-zags-bbhz
30
vulnerability VCID-r9sb-489v-fqc9
31
vulnerability VCID-rz6q-hthe-1uer
32
vulnerability VCID-tvfz-v881-sufp
33
vulnerability VCID-txba-1at4-ekg2
34
vulnerability VCID-xqf5-yxf3-u3he
35
vulnerability VCID-zvcj-g6rt-s3de
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.0
1
url pkg:composer/phpmyadmin/phpmyadmin@4.6.3
purl pkg:composer/phpmyadmin/phpmyadmin@4.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3va7-xx14-gkds
1
vulnerability VCID-44uc-xrvp-7bet
2
vulnerability VCID-4avx-e9mf-2yb1
3
vulnerability VCID-4vgu-cagj-hfhb
4
vulnerability VCID-gmjk-222y-abda
5
vulnerability VCID-gtps-py3z-13cu
6
vulnerability VCID-jmn8-a5r9-2qc8
7
vulnerability VCID-mgu4-pf1x-r3dy
8
vulnerability VCID-nuju-ekmt-k7g9
9
vulnerability VCID-q7pe-bvr1-g3bc
10
vulnerability VCID-qqyb-zags-bbhz
11
vulnerability VCID-rz6q-hthe-1uer
12
vulnerability VCID-xqf5-yxf3-u3he
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.3
References
0
reference_url https://www.phpmyadmin.net/security/PMASA-2016-58
reference_id
reference_type
scores
url https://www.phpmyadmin.net/security/PMASA-2016-58
1
reference_url http://www.securityfocus.com/bid/94524
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/94524
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-9847
reference_id CVE-2016-9847
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-9847
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 310
name Cryptographic Issues
description Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-q7pe-bvr1-g3bc