Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-8guh-62t7-myct
Summary
Improper Check for Dropped Privileges
In Apache Ozone, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked.
Aliases
0
alias CVE-2021-36372
1
alias GHSA-86fh-j58m-7pf5
Fixed_packages
0
url pkg:maven/org.apache.ozone/ozone@1.2.0
purl pkg:maven/org.apache.ozone/ozone@1.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-tn1x-ecrj-1yea
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ozone/ozone@1.2.0
1
url pkg:maven/org.apache.ozone/ozone-main@1.2.0
purl pkg:maven/org.apache.ozone/ozone-main@1.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-tn1x-ecrj-1yea
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ozone/ozone-main@1.2.0
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-36372
reference_id
reference_type
scores
0
value 0.00345
scoring_system epss
scoring_elements 0.57319
published_at 2026-06-04T12:55:00Z
1
value 0.00345
scoring_system epss
scoring_elements 0.57372
published_at 2026-06-09T12:55:00Z
2
value 0.00345
scoring_system epss
scoring_elements 0.57356
published_at 2026-06-08T12:55:00Z
3
value 0.00345
scoring_system epss
scoring_elements 0.57381
published_at 2026-06-06T12:55:00Z
4
value 0.00345
scoring_system epss
scoring_elements 0.57371
published_at 2026-06-05T12:55:00Z
5
value 0.00345
scoring_system epss
scoring_elements 0.57369
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-36372
1
reference_url https://github.com/apache/ozone
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/ozone
2
reference_url https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C5029c1ac-4685-8492-e3cb-ab48c5c370cf%40apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C5029c1ac-4685-8492-e3cb-ab48c5c370cf%40apache.org%3E
3
reference_url http://www.openwall.com/lists/oss-security/2021/11/19/1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/11/19/1
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-36372
reference_id CVE-2021-36372
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-36372
5
reference_url https://github.com/advisories/GHSA-86fh-j58m-7pf5
reference_id GHSA-86fh-j58m-7pf5
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-86fh-j58m-7pf5
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 273
name Improper Check for Dropped Privileges
description The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score9.0 - 10.0
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-8guh-62t7-myct