Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-ptfq-6gtz-rqgc

Summary

Improper Certificate Validation
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability."

Aliases

alias	CVE-2018-0786

alias	GHSA-jc8g-xhw5-6x46

Fixed_packages

url	pkg:nuget/Microsoft.NETCore.UniversalWindowsPlatform@5.2.4
purl	pkg:nuget/Microsoft.NETCore.UniversalWindowsPlatform@5.2.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.NETCore.UniversalWindowsPlatform@5.2.4

url	pkg:nuget/Microsoft.NETCore.UniversalWindowsPlatform@5.3.5
purl	pkg:nuget/Microsoft.NETCore.UniversalWindowsPlatform@5.3.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.NETCore.UniversalWindowsPlatform@5.3.5

url	pkg:nuget/Microsoft.NETCore.UniversalWindowsPlatform@5.4.2
purl	pkg:nuget/Microsoft.NETCore.UniversalWindowsPlatform@5.4.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.NETCore.UniversalWindowsPlatform@5.4.2

url	pkg:nuget/Microsoft.NETCore.UniversalWindowsPlatform@6.0.6
purl	pkg:nuget/Microsoft.NETCore.UniversalWindowsPlatform@6.0.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.NETCore.UniversalWindowsPlatform@6.0.6

url pkg:nuget/System.Private.ServiceModel@4.1.1

purl pkg:nuget/System.Private.ServiceModel@4.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q249-gkbg-b3bs

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/System.Private.ServiceModel@4.1.1

url pkg:nuget/System.Private.ServiceModel@4.4.1

purl pkg:nuget/System.Private.ServiceModel@4.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q249-gkbg-b3bs

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/System.Private.ServiceModel@4.4.1

url	pkg:nuget/System.ServiceModel.Duplex@4.1.1
purl	pkg:nuget/System.ServiceModel.Duplex@4.1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/System.ServiceModel.Duplex@4.1.1

url pkg:nuget/System.ServiceModel.Duplex@4.4.1

purl pkg:nuget/System.ServiceModel.Duplex@4.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q249-gkbg-b3bs

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/System.ServiceModel.Duplex@4.4.1

url pkg:nuget/System.ServiceModel.Http@4.1.1

purl pkg:nuget/System.ServiceModel.Http@4.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q249-gkbg-b3bs

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/System.ServiceModel.Http@4.1.1

url pkg:nuget/System.ServiceModel.Http@4.4.1

purl pkg:nuget/System.ServiceModel.Http@4.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q249-gkbg-b3bs

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/System.ServiceModel.Http@4.4.1

url pkg:nuget/System.ServiceModel.NetTcp@4.1.1

purl pkg:nuget/System.ServiceModel.NetTcp@4.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q249-gkbg-b3bs

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/System.ServiceModel.NetTcp@4.1.1

url pkg:nuget/System.ServiceModel.NetTcp@4.4.1

purl pkg:nuget/System.ServiceModel.NetTcp@4.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q249-gkbg-b3bs

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/System.ServiceModel.NetTcp@4.4.1

url pkg:nuget/System.ServiceModel.Primitives@4.1.1

purl pkg:nuget/System.ServiceModel.Primitives@4.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q249-gkbg-b3bs

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/System.ServiceModel.Primitives@4.1.1

url pkg:nuget/System.ServiceModel.Primitives@4.4.1

purl pkg:nuget/System.ServiceModel.Primitives@4.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q249-gkbg-b3bs

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/System.ServiceModel.Primitives@4.4.1

url	pkg:nuget/System.ServiceModel.Security@4.1.1
purl	pkg:nuget/System.ServiceModel.Security@4.1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/System.ServiceModel.Security@4.1.1

url pkg:nuget/System.ServiceModel.Security@4.4.1

purl pkg:nuget/System.ServiceModel.Security@4.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q249-gkbg-b3bs

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/System.ServiceModel.Security@4.4.1

Affected_packages

url pkg:nuget/System.Private.ServiceModel@4.1.0

purl pkg:nuget/System.Private.ServiceModel@4.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ptfq-6gtz-rqgc

vulnerability	VCID-q249-gkbg-b3bs

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/System.Private.ServiceModel@4.1.0

url pkg:nuget/System.Private.ServiceModel@4.3.0

purl pkg:nuget/System.Private.ServiceModel@4.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ptfq-6gtz-rqgc

vulnerability	VCID-q249-gkbg-b3bs

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/System.Private.ServiceModel@4.3.0

url pkg:nuget/System.Private.ServiceModel@4.4.0

purl pkg:nuget/System.Private.ServiceModel@4.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ptfq-6gtz-rqgc

vulnerability	VCID-q249-gkbg-b3bs

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/System.Private.ServiceModel@4.4.0

url pkg:nuget/System.ServiceModel.Duplex@4.1.0

purl pkg:nuget/System.ServiceModel.Duplex@4.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ptfq-6gtz-rqgc

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/System.ServiceModel.Duplex@4.1.0

url pkg:nuget/System.ServiceModel.Duplex@4.3.0

purl pkg:nuget/System.ServiceModel.Duplex@4.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ptfq-6gtz-rqgc

vulnerability	VCID-q249-gkbg-b3bs

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/System.ServiceModel.Duplex@4.3.0

url pkg:nuget/System.ServiceModel.Duplex@4.4.0

purl pkg:nuget/System.ServiceModel.Duplex@4.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ptfq-6gtz-rqgc

vulnerability	VCID-q249-gkbg-b3bs

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/System.ServiceModel.Duplex@4.4.0

url pkg:nuget/System.ServiceModel.Http@4.1.0

purl pkg:nuget/System.ServiceModel.Http@4.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ptfq-6gtz-rqgc

vulnerability	VCID-q249-gkbg-b3bs

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/System.ServiceModel.Http@4.1.0

url pkg:nuget/System.ServiceModel.Http@4.3.0

purl pkg:nuget/System.ServiceModel.Http@4.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ptfq-6gtz-rqgc

vulnerability	VCID-q249-gkbg-b3bs

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/System.ServiceModel.Http@4.3.0

url pkg:nuget/System.ServiceModel.Http@4.4.0

purl pkg:nuget/System.ServiceModel.Http@4.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ptfq-6gtz-rqgc

vulnerability	VCID-q249-gkbg-b3bs

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/System.ServiceModel.Http@4.4.0

url pkg:nuget/System.ServiceModel.NetTcp@4.1.0

purl pkg:nuget/System.ServiceModel.NetTcp@4.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ptfq-6gtz-rqgc

vulnerability	VCID-q249-gkbg-b3bs

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/System.ServiceModel.NetTcp@4.1.0

url pkg:nuget/System.ServiceModel.NetTcp@4.3.0

purl pkg:nuget/System.ServiceModel.NetTcp@4.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ptfq-6gtz-rqgc

vulnerability	VCID-q249-gkbg-b3bs

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/System.ServiceModel.NetTcp@4.3.0

url pkg:nuget/System.ServiceModel.NetTcp@4.4.0

purl pkg:nuget/System.ServiceModel.NetTcp@4.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ptfq-6gtz-rqgc

vulnerability	VCID-q249-gkbg-b3bs

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/System.ServiceModel.NetTcp@4.4.0

url pkg:nuget/System.ServiceModel.Primitives@4.1.0

purl pkg:nuget/System.ServiceModel.Primitives@4.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ptfq-6gtz-rqgc

vulnerability	VCID-q249-gkbg-b3bs

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/System.ServiceModel.Primitives@4.1.0

url pkg:nuget/System.ServiceModel.Primitives@4.3.0

purl pkg:nuget/System.ServiceModel.Primitives@4.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ptfq-6gtz-rqgc

vulnerability	VCID-q249-gkbg-b3bs

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/System.ServiceModel.Primitives@4.3.0

url pkg:nuget/System.ServiceModel.Primitives@4.4.0

purl pkg:nuget/System.ServiceModel.Primitives@4.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ptfq-6gtz-rqgc

vulnerability	VCID-q249-gkbg-b3bs

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/System.ServiceModel.Primitives@4.4.0

url pkg:nuget/System.ServiceModel.Security@4.1.0

purl pkg:nuget/System.ServiceModel.Security@4.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ptfq-6gtz-rqgc

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/System.ServiceModel.Security@4.1.0

url pkg:nuget/System.ServiceModel.Security@4.3.0

purl pkg:nuget/System.ServiceModel.Security@4.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ptfq-6gtz-rqgc

vulnerability	VCID-q249-gkbg-b3bs

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/System.ServiceModel.Security@4.3.0

url pkg:nuget/System.ServiceModel.Security@4.4.0

purl pkg:nuget/System.ServiceModel.Security@4.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ptfq-6gtz-rqgc

vulnerability	VCID-q249-gkbg-b3bs

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/System.ServiceModel.Security@4.4.0

References

reference_url	https://github.com/dotnet/announcements/issues/51
reference_id
reference_type
scores
url	https://github.com/dotnet/announcements/issues/51

reference_url	https://github.com/github/advisory-database/issues/302
reference_id
reference_type
scores
url	https://github.com/github/advisory-database/issues/302

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-0786
reference_id	CVE-2018-0786
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-0786

reference_url	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786
reference_id	CVE-2018-0786
reference_type
scores
url	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786

reference_url	https://github.com/advisories/GHSA-jc8g-xhw5-6x46
reference_id	GHSA-jc8g-xhw5-6x46
reference_type
scores
url	https://github.com/advisories/GHSA-jc8g-xhw5-6x46

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	295
name	Improper Certificate Validation
description	The product does not validate, or incorrectly validates, a certificate.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ptfq-6gtz-rqgc

Vulnerability Instance