Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-wte4-8b73-p3hw
Summary
X-Forwarded-For header allows brute-forcing autoblocked IP addresses
An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.
Aliases
0
alias CVE-2023-29141
1
alias GHSA-5vj8-g3qg-4qh6
Fixed_packages
0
url pkg:composer/mediawiki/core@1.35.10
purl pkg:composer/mediawiki/core@1.35.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.35.10
1
url pkg:composer/mediawiki/core@1.38.6
purl pkg:composer/mediawiki/core@1.38.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.38.6
2
url pkg:composer/mediawiki/core@1.39.3
purl pkg:composer/mediawiki/core@1.39.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.39.3
Affected_packages
0
url pkg:composer/mediawiki/core@1.38.0
purl pkg:composer/mediawiki/core@1.38.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-wte4-8b73-p3hw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.38.0
1
url pkg:composer/mediawiki/core@1.39.0
purl pkg:composer/mediawiki/core@1.39.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-wte4-8b73-p3hw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.39.0
References
0
reference_url https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39
reference_id
reference_type
scores
url https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39
1
reference_url https://github.com/wikimedia/mediawiki
reference_id
reference_type
scores
url https://github.com/wikimedia/mediawiki
2
reference_url https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2023/08/msg00029.html
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7
5
reference_url https://phabricator.wikimedia.org/T285159
reference_id
reference_type
scores
url https://phabricator.wikimedia.org/T285159
6
reference_url https://www.debian.org/security/2023/dsa-5447
reference_id
reference_type
scores
url https://www.debian.org/security/2023/dsa-5447
7
reference_url https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.10
reference_id
reference_type
scores
url https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.10
8
reference_url https://www.mediawiki.org/wiki/Release_notes/1.38#MediaWiki_1.38.6
reference_id
reference_type
scores
url https://www.mediawiki.org/wiki/Release_notes/1.38#MediaWiki_1.38.6
9
reference_url https://www.mediawiki.org/wiki/Release_notes/1.39#MediaWiki_1.39.3
reference_id
reference_type
scores
url https://www.mediawiki.org/wiki/Release_notes/1.39#MediaWiki_1.39.3
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29141
reference_id CVE-2023-29141
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-29141
11
reference_url https://github.com/advisories/GHSA-5vj8-g3qg-4qh6
reference_id GHSA-5vj8-g3qg-4qh6
reference_type
scores
url https://github.com/advisories/GHSA-5vj8-g3qg-4qh6
Weaknesses
0
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
1
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-wte4-8b73-p3hw