Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-5kwa-7kx3-kfga
Summary
Weak Password Recovery Mechanism for Forgotten Password
Contao has a Weak Password Recovery Mechanism for a Forgotten Password.
Aliases
0
alias CVE-2019-10641
1
alias GHSA-vcgg-hp4r-87gx
Fixed_packages
0
url pkg:composer/contao/contao@4.4.37
purl pkg:composer/contao/contao@4.4.37
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@4.4.37
1
url pkg:composer/contao/contao@4.7.3
purl pkg:composer/contao/contao@4.7.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@4.7.3
2
url pkg:composer/contao/core@3.5.39
purl pkg:composer/contao/core@3.5.39
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.5.39
3
url pkg:composer/contao/core-bundle@4.4.37
purl pkg:composer/contao/core-bundle@4.4.37
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.4.37
4
url pkg:composer/contao/core-bundle@4.7.3
purl pkg:composer/contao/core-bundle@4.7.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.7.3
Affected_packages
0
url pkg:composer/contao/contao@4.0.0
purl pkg:composer/contao/contao@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5kwa-7kx3-kfga
1
vulnerability VCID-82d1-8yn8-sydv
2
vulnerability VCID-98fv-kpqs-mybc
3
vulnerability VCID-ah8s-8q49-8qbw
4
vulnerability VCID-crsc-bhc9-y3f9
5
vulnerability VCID-epmj-qf23-xffd
6
vulnerability VCID-rj3d-jeyz-vye5
7
vulnerability VCID-t2u3-tgg3-cbb9
8
vulnerability VCID-u6sk-25yd-e7b2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@4.0.0
1
url pkg:composer/contao/contao@4.5.0
purl pkg:composer/contao/contao@4.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5kwa-7kx3-kfga
1
vulnerability VCID-82d1-8yn8-sydv
2
vulnerability VCID-98fv-kpqs-mybc
3
vulnerability VCID-ah8s-8q49-8qbw
4
vulnerability VCID-epmj-qf23-xffd
5
vulnerability VCID-rj3d-jeyz-vye5
6
vulnerability VCID-t2u3-tgg3-cbb9
7
vulnerability VCID-u6sk-25yd-e7b2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/contao@4.5.0
2
url pkg:composer/contao/core@3.0.0
purl pkg:composer/contao/core@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5639-8xt3-8ugc
1
vulnerability VCID-5kwa-7kx3-kfga
2
vulnerability VCID-7nh2-bb7m-3udz
3
vulnerability VCID-ejwd-wgb2-47e2
4
vulnerability VCID-m28p-n6vz-zuhw
5
vulnerability VCID-u721-yafq-bkc7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.0.0
3
url pkg:composer/contao/core-bundle@4.0.0
purl pkg:composer/contao/core-bundle@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2w7m-mb7e-tqe6
1
vulnerability VCID-5kwa-7kx3-kfga
2
vulnerability VCID-82d1-8yn8-sydv
3
vulnerability VCID-98fv-kpqs-mybc
4
vulnerability VCID-ah8s-8q49-8qbw
5
vulnerability VCID-epmj-qf23-xffd
6
vulnerability VCID-f8ny-db5g-pkhw
7
vulnerability VCID-jbcs-b2p9-myhz
8
vulnerability VCID-jzx2-et8q-7qhm
9
vulnerability VCID-nepv-9985-37g4
10
vulnerability VCID-r1h5-ag74-dbaw
11
vulnerability VCID-rj3d-jeyz-vye5
12
vulnerability VCID-t2u3-tgg3-cbb9
13
vulnerability VCID-u6sk-25yd-e7b2
14
vulnerability VCID-wyd5-t8at-8bba
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.0.0
4
url pkg:composer/contao/core-bundle@4.5.0
purl pkg:composer/contao/core-bundle@4.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3fux-z15d-13g1
1
vulnerability VCID-5kwa-7kx3-kfga
2
vulnerability VCID-82d1-8yn8-sydv
3
vulnerability VCID-98fv-kpqs-mybc
4
vulnerability VCID-ah8s-8q49-8qbw
5
vulnerability VCID-azpb-eq6c-e7bw
6
vulnerability VCID-epmj-qf23-xffd
7
vulnerability VCID-rj3d-jeyz-vye5
8
vulnerability VCID-t2u3-tgg3-cbb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.5.0
References
0
reference_url https://contao.org/en/news/security-vulnerability-cve-2019-10641.html
reference_id
reference_type
scores
url https://contao.org/en/news/security-vulnerability-cve-2019-10641.html
1
reference_url https://github.com/contao/contao/commit/74c7dfafa0dfa5363a9463b486522d5d526e28fe
reference_id
reference_type
scores
url https://github.com/contao/contao/commit/74c7dfafa0dfa5363a9463b486522d5d526e28fe
2
reference_url https://github.com/contao/contao/commit/b92e27bc7c9e59226077937f840c74ffd0f672e8
reference_id
reference_type
scores
url https://github.com/contao/contao/commit/b92e27bc7c9e59226077937f840c74ffd0f672e8
3
reference_url https://github.com/contao/core/commit/119a1b5bd9e62d27ca2838727084d04f3b7fcd32
reference_id
reference_type
scores
url https://github.com/contao/core/commit/119a1b5bd9e62d27ca2838727084d04f3b7fcd32
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10641
reference_id CVE-2019-10641
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-10641
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2019-10641.yaml
reference_id CVE-2019-10641.YAML
reference_type
scores
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2019-10641.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2019-10641.yaml
reference_id CVE-2019-10641.YAML
reference_type
scores
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2019-10641.yaml
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2019-10641.yaml
reference_id CVE-2019-10641.YAML
reference_type
scores
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2019-10641.yaml
8
reference_url https://github.com/advisories/GHSA-vcgg-hp4r-87gx
reference_id GHSA-vcgg-hp4r-87gx
reference_type
scores
url https://github.com/advisories/GHSA-vcgg-hp4r-87gx
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 640
name Weak Password Recovery Mechanism for Forgotten Password
description The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-5kwa-7kx3-kfga