Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-mphk-hg1y-b7as
Summarycodeium-chrome is an open source code completion plugin for the chrome web browser. The service worker of the codeium-chrome extension doesn't check the sender when receiving an external message. This allows an attacker to host a website that will steal the user's Codeium api-key, and thus impersonate the user on the backend autocomplete server. This issue has not been addressed. Users are advised to monitor the usage of their API key.
Aliases
0
alias CVE-2024-28120
Fixed_packages
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28120
reference_id
reference_type
scores
0
value 0.00219
scoring_system epss
scoring_elements 0.44645
published_at 2026-06-11T12:55:00Z
1
value 0.00219
scoring_system epss
scoring_elements 0.44796
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28120
1
reference_url https://github.com/Exafunction/codeium-chrome/security/advisories/GHSA-8c7j-2h97-q63p
reference_id GHSA-8c7j-2h97-q63p
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-12T15:50:10Z/
url https://github.com/Exafunction/codeium-chrome/security/advisories/GHSA-8c7j-2h97-q63p
2
reference_url https://securitylab.github.com/advisories/GHSL-2024-027_GHSL-2024-028_codeium-chrome
reference_id GHSL-2024-027_GHSL-2024-028_codeium-chrome
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-12T15:50:10Z/
url https://securitylab.github.com/advisories/GHSL-2024-027_GHSL-2024-028_codeium-chrome
Weaknesses
0
cwe_id 200
name Exposure of Sensitive Information to an Unauthorized Actor
description The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
1
cwe_id 284
name Improper Access Control
description The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Exploits
Severity_range_score6.5 - 6.5
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-mphk-hg1y-b7as