Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-vxtt-ywvm-27g5
Summary
Incorrect Default Permissions
The `on_get_missing_events` function in `handlers/federation.py` in Matrix Synapse has a security bug in the `get_missing_events` federation API where event visibility rules were not applied correctly.
Aliases
0
alias CVE-2018-12291
Fixed_packages
0
url pkg:deb/debian/matrix-synapse@0.31.1%2Bdfsg-1?distro=sid
purl pkg:deb/debian/matrix-synapse@0.31.1%2Bdfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/matrix-synapse@0.31.1%252Bdfsg-1%3Fdistro=sid
1
url pkg:deb/debian/matrix-synapse@1.152.1-1?distro=sid
purl pkg:deb/debian/matrix-synapse@1.152.1-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/matrix-synapse@1.152.1-1%3Fdistro=sid
2
url pkg:pypi/matrix-synapse@0.33.5
purl pkg:pypi/matrix-synapse@0.33.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2q41-366b-jfbs
1
vulnerability VCID-2uq2-kcfr-87gr
2
vulnerability VCID-3sbj-6gut-cybe
3
vulnerability VCID-4vve-jkk2-rueg
4
vulnerability VCID-57xv-u1be-mfez
5
vulnerability VCID-6bx9-6prt-vffg
6
vulnerability VCID-9jy7-pnmw-1bbq
7
vulnerability VCID-9t8r-dp58-xydr
8
vulnerability VCID-b461-xbt2-9fg1
9
vulnerability VCID-bmw9-6jkv-t3ds
10
vulnerability VCID-bnz6-nw3z-77gd
11
vulnerability VCID-buj8-8fqz-yyfe
12
vulnerability VCID-d6yz-j1f9-cfec
13
vulnerability VCID-djck-vkte-q7he
14
vulnerability VCID-ewxj-3jt9-p7af
15
vulnerability VCID-ftmr-xpa4-mbfd
16
vulnerability VCID-gmab-mbjg-gbet
17
vulnerability VCID-gre7-9vu7-vqdh
18
vulnerability VCID-j8zw-nzgv-mkeq
19
vulnerability VCID-mgxc-w86p-yqcm
20
vulnerability VCID-mqta-hmxv-duh6
21
vulnerability VCID-p7my-33nz-puhn
22
vulnerability VCID-qgzv-dqh8-c3gp
23
vulnerability VCID-rab2-vwyz-ufdt
24
vulnerability VCID-swgx-he8k-1qhy
25
vulnerability VCID-ubx5-xans-8bey
26
vulnerability VCID-z4xn-smp8-tfcj
27
vulnerability VCID-zc47-w46p-9bhx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@0.33.5
Affected_packages
References
0
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901293
reference_id 901293
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901293
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-12291
reference_id CVE-2018-12291
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-12291
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-vxtt-ywvm-27g5