Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-pp17-q6zr-dya7

Summary

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. NOTE: some of these details are obtained from third party information.

Aliases

alias	CVE-2007-4190

alias	GHSA-h22q-g2c7-2jwj

Fixed_packages

url	pkg:composer/joomla/application@1.0.13
purl	pkg:composer/joomla/application@1.0.13
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/joomla/application@1.0.13

Affected_packages

References

reference_url	https://web.archive.org/web/20071001212343/http://www.joomla.org/content/view/3677/1/
reference_id
reference_type
scores
url	https://web.archive.org/web/20071001212343/http://www.joomla.org/content/view/3677/1/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2007-4190
reference_id	CVE-2007-4190
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2007-4190

reference_url	https://github.com/advisories/GHSA-h22q-g2c7-2jwj
reference_id	GHSA-h22q-g2c7-2jwj
reference_type
scores
url	https://github.com/advisories/GHSA-h22q-g2c7-2jwj

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	74
name	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
description	The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

cwe_id	79
name	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description	The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pp17-q6zr-dya7

Vulnerability Instance