Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-6nr6-xn62-v3dj
Summary
Incorrect Authorization
Improper access control in Management screen of EC-CUBE 2 series allows a remote authenticated attacker to bypass access restriction and to alter System settings via unspecified vectors.
Aliases
0
alias CVE-2021-20841
Fixed_packages
0
url pkg:composer/ec-cube/ec-cube@3.0.0
purl pkg:composer/ec-cube/ec-cube@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c6vr-e9zn-cbaz
1
vulnerability VCID-fuus-wqhf-s3be
2
vulnerability VCID-he32-4cf1-akf5
3
vulnerability VCID-mr5c-68tz-nfbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@3.0.0
Affected_packages
0
url pkg:composer/ec-cube/ec-cube@2.11.2
purl pkg:composer/ec-cube/ec-cube@2.11.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6nr6-xn62-v3dj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@2.11.2
1
url pkg:composer/ec-cube/ec-cube@2.17.1
purl pkg:composer/ec-cube/ec-cube@2.17.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6nr6-xn62-v3dj
1
vulnerability VCID-nw9p-g3hb-sqg4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@2.17.1
References
0
reference_url https://jvn.jp/en/jp/JVN75444925/index.html
reference_id
reference_type
scores
url https://jvn.jp/en/jp/JVN75444925/index.html
1
reference_url https://www.ec-cube.net/info/weakness/20211111/
reference_id
reference_type
scores
url https://www.ec-cube.net/info/weakness/20211111/
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-20841
reference_id CVE-2021-20841
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-20841
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-6nr6-xn62-v3dj