Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-7zhg-cv8f-2qht
Summary
Duplicate
This advisory duplicates another.
Aliases
0
alias CVE-2023-50422
1
alias GHSA-59c9-pxq8-9c73
2
alias GMS-2023-6079
3
alias GMS-2023-6080
4
alias GMS-2023-6081
Fixed_packages
0
url pkg:maven/com.sap.cloud.security/java-security@2.17.0
purl pkg:maven/com.sap.cloud.security/java-security@2.17.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.sap.cloud.security/java-security@2.17.0
1
url pkg:maven/com.sap.cloud.security/java-security@3.3.0
purl pkg:maven/com.sap.cloud.security/java-security@3.3.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.sap.cloud.security/java-security@3.3.0
2
url pkg:maven/com.sap.cloud.security/spring-security@2.17.0
purl pkg:maven/com.sap.cloud.security/spring-security@2.17.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.sap.cloud.security/spring-security@2.17.0
3
url pkg:maven/com.sap.cloud.security/spring-security@3.3.0
purl pkg:maven/com.sap.cloud.security/spring-security@3.3.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.sap.cloud.security/spring-security@3.3.0
4
url pkg:maven/com.sap.cloud.security.xsuaa/spring-xsuaa@2.17.0
purl pkg:maven/com.sap.cloud.security.xsuaa/spring-xsuaa@2.17.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.sap.cloud.security.xsuaa/spring-xsuaa@2.17.0
5
url pkg:maven/com.sap.cloud.security.xsuaa/spring-xsuaa@3.3.0
purl pkg:maven/com.sap.cloud.security.xsuaa/spring-xsuaa@3.3.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.sap.cloud.security.xsuaa/spring-xsuaa@3.3.0
Affected_packages
0
url pkg:maven/com.sap.cloud.security/java-security@3.0.0
purl pkg:maven/com.sap.cloud.security/java-security@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7zhg-cv8f-2qht
1
vulnerability VCID-wnps-h7xk-suh5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.sap.cloud.security/java-security@3.0.0
1
url pkg:maven/com.sap.cloud.security/spring-security@3.0.0
purl pkg:maven/com.sap.cloud.security/spring-security@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7zhg-cv8f-2qht
1
vulnerability VCID-wnps-h7xk-suh5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.sap.cloud.security/spring-security@3.0.0
2
url pkg:maven/com.sap.cloud.security.xsuaa/spring-xsuaa@3.0.0
purl pkg:maven/com.sap.cloud.security.xsuaa/spring-xsuaa@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7zhg-cv8f-2qht
1
vulnerability VCID-wnps-h7xk-suh5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.sap.cloud.security.xsuaa/spring-xsuaa@3.0.0
References
0
reference_url https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067
reference_id
reference_type
scores
url https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067
1
reference_url https://en.wikipedia.org/wiki/JSON_Web_Token
reference_id
reference_type
scores
url https://en.wikipedia.org/wiki/JSON_Web_Token
2
reference_url https://github.com/SAP/cloud-security-services-integration-library
reference_id
reference_type
scores
url https://github.com/SAP/cloud-security-services-integration-library
3
reference_url https://github.com/SAP/cloud-security-services-integration-library/commit/4b3e42ab23df6418243b29908b1a2582818d9360
reference_id
reference_type
scores
url https://github.com/SAP/cloud-security-services-integration-library/commit/4b3e42ab23df6418243b29908b1a2582818d9360
4
reference_url https://github.com/SAP/cloud-security-services-integration-library/commit/7ce9601979c30ae269a1cbaf7cf33486d10736f1
reference_id
reference_type
scores
url https://github.com/SAP/cloud-security-services-integration-library/commit/7ce9601979c30ae269a1cbaf7cf33486d10736f1
5
reference_url https://me.sap.com/notes/3411067
reference_id
reference_type
scores
url https://me.sap.com/notes/3411067
6
reference_url https://me.sap.com/notes/3413475
reference_id
reference_type
scores
url https://me.sap.com/notes/3413475
7
reference_url https://mvnrepository.com/artifact/com.sap.cloud.security/java-security
reference_id
reference_type
scores
url https://mvnrepository.com/artifact/com.sap.cloud.security/java-security
8
reference_url https://mvnrepository.com/artifact/com.sap.cloud.security/spring-security
reference_id
reference_type
scores
url https://mvnrepository.com/artifact/com.sap.cloud.security/spring-security
9
reference_url https://mvnrepository.com/artifact/com.sap.cloud.security.xsuaa/spring-xsuaa
reference_id
reference_type
scores
url https://mvnrepository.com/artifact/com.sap.cloud.security.xsuaa/spring-xsuaa
10
reference_url https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
reference_id
reference_type
scores
url https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-50422
reference_id CVE-2023-50422
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-50422
12
reference_url https://github.com/advisories/GHSA-59c9-pxq8-9c73
reference_id GHSA-59c9-pxq8-9c73
reference_type
scores
url https://github.com/advisories/GHSA-59c9-pxq8-9c73
13
reference_url https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73
reference_id GHSA-59c9-pxq8-9c73
reference_type
scores
url https://github.com/SAP/cloud-security-services-integration-library/security/advisories/GHSA-59c9-pxq8-9c73
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 269
name Improper Privilege Management
description The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-7zhg-cv8f-2qht