Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-efg5-6f17-c3dz

Summary

Directory Traversal
`dcserver` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url./n

Aliases

alias	GMS-2017-253

Fixed_packages

Affected_packages

url pkg:npm/dcserver@0.0.0-alpha

purl pkg:npm/dcserver@0.0.0-alpha

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-efg5-6f17-c3dz

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/dcserver@0.0.0-alpha

url pkg:npm/dcserver@1.0.0

purl pkg:npm/dcserver@1.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-efg5-6f17-c3dz

vulnerability	VCID-etz2-yeub-tycv

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/dcserver@1.0.0

References

reference_url	https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/tiny-http
reference_id
reference_type
scores
url	https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/tiny-http

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score null

Exploitability 0.5

Weighted_severity 0.0

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-efg5-6f17-c3dz

Vulnerability Instance