Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-d888-42qr-hueg

Summary

Unrestricted Upload of File with Dangerous Type
An arbitrary file upload vulnerability in the file upload module of Keystone v4.2.1 allows attackers to execute arbitrary code via a crafted file.

Aliases

alias	CVE-2022-29354

Fixed_packages

Affected_packages

url pkg:npm/keystone@4.2.1

purl pkg:npm/keystone@4.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d888-42qr-hueg

vulnerability	VCID-ppy6-36tw-sqft

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keystone@4.2.1

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-29354

reference_id

reference_type

scores

value	0.03874
scoring_system	epss
scoring_elements	0.88446
published_at	2026-06-04T12:55:00Z

value	0.03874
scoring_system	epss
scoring_elements	0.88464
published_at	2026-06-05T12:55:00Z

value	0.03874
scoring_system	epss
scoring_elements	0.88466
published_at	2026-06-06T12:55:00Z

value	0.03874
scoring_system	epss
scoring_elements	0.88465
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-29354

reference_url	https://www.youtube.com/watch?v=DOM20FKpQQw
reference_id
reference_type
scores
url	https://www.youtube.com/watch?v=DOM20FKpQQw

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-29354
reference_id	CVE-2022-29354
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-29354

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	434
name	Unrestricted Upload of File with Dangerous Type
description	The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score null

Exploitability 0.5

Weighted_severity 0.0

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d888-42qr-hueg

Vulnerability Instance