Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-e4mg-mfdz-kqfr
Summary
Unrestricted Upload of File with Dangerous Type
Gradio v3.27.0 was discovered to contain an arbitrary file upload vulnerability via the /upload interface.
Aliases
0
alias CVE-2023-41626
Fixed_packages
0
url pkg:pypi/gradio@3.28.0
purl pkg:pypi/gradio@3.28.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ueu-3u8x-pkfs
1
vulnerability VCID-3w2j-55q7-t7by
2
vulnerability VCID-4ahq-tuj8-fkgc
3
vulnerability VCID-4y28-s547-c3d3
4
vulnerability VCID-5c6u-kz54-a7ee
5
vulnerability VCID-6cys-sapp-9yh6
6
vulnerability VCID-891h-rrw9-d3cx
7
vulnerability VCID-aajd-8tqx-c3bn
8
vulnerability VCID-bmqt-uegd-hyap
9
vulnerability VCID-dsw8-wy3z-53hm
10
vulnerability VCID-ejg7-khk7-9qf3
11
vulnerability VCID-g36q-9t77-nuc9
12
vulnerability VCID-grp8-svdp-r7e6
13
vulnerability VCID-h9ep-6qj7-pued
14
vulnerability VCID-j1w9-nvdf-nfbr
15
vulnerability VCID-mk15-qxqc-vfab
16
vulnerability VCID-q41h-dde2-93gc
17
vulnerability VCID-uhjk-e9b3-cqea
18
vulnerability VCID-vg49-znwv-akgf
19
vulnerability VCID-wep6-zfzs-jkfb
20
vulnerability VCID-znu2-s2vu-n3fb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/gradio@3.28.0
Affected_packages
0
url pkg:pypi/gradio@3.27.0
purl pkg:pypi/gradio@3.27.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ueu-3u8x-pkfs
1
vulnerability VCID-3w2j-55q7-t7by
2
vulnerability VCID-4ahq-tuj8-fkgc
3
vulnerability VCID-4y28-s547-c3d3
4
vulnerability VCID-5c6u-kz54-a7ee
5
vulnerability VCID-6cys-sapp-9yh6
6
vulnerability VCID-891h-rrw9-d3cx
7
vulnerability VCID-aajd-8tqx-c3bn
8
vulnerability VCID-bmqt-uegd-hyap
9
vulnerability VCID-dsw8-wy3z-53hm
10
vulnerability VCID-e4mg-mfdz-kqfr
11
vulnerability VCID-ejg7-khk7-9qf3
12
vulnerability VCID-g36q-9t77-nuc9
13
vulnerability VCID-grp8-svdp-r7e6
14
vulnerability VCID-h9ep-6qj7-pued
15
vulnerability VCID-j1w9-nvdf-nfbr
16
vulnerability VCID-mk15-qxqc-vfab
17
vulnerability VCID-q41h-dde2-93gc
18
vulnerability VCID-uhjk-e9b3-cqea
19
vulnerability VCID-vg49-znwv-akgf
20
vulnerability VCID-wep6-zfzs-jkfb
21
vulnerability VCID-znu2-s2vu-n3fb
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/gradio@3.27.0
References
0
reference_url https://gist.github.com/impose1/590472eb0544ef1ec36c8a5a40122adb
reference_id
reference_type
scores
url https://gist.github.com/impose1/590472eb0544ef1ec36c8a5a40122adb
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-41626
reference_id CVE-2023-41626
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-41626
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 434
name Unrestricted Upload of File with Dangerous Type
description The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-e4mg-mfdz-kqfr