Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-1pej-f5gn-5feh

Summary

Prototype Pollution
If an attacker submits a malicious `INI` file to an application that parses it with `ini.parse`, they will pollute the prototype on the application. This can be exploited further depending on the context.

Aliases

alias	CVE-2020-7788

alias	GHSA-qqgx-2p2h-9c37

Fixed_packages

url	pkg:deb/debian/node-ini@2.0.0-1?distro=trixie
purl	pkg:deb/debian/node-ini@2.0.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ini@2.0.0-1%3Fdistro=trixie

url	pkg:deb/debian/node-ini@3.0.1-2?distro=trixie
purl	pkg:deb/debian/node-ini@3.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ini@3.0.1-2%3Fdistro=trixie

url	pkg:npm/ini@1.3.6
purl	pkg:npm/ini@1.3.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/ini@1.3.6

Affected_packages

url pkg:npm/ini@1.0.0

purl pkg:npm/ini@1.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1pej-f5gn-5feh

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ini@1.0.0

url pkg:npm/ini@1.0.1

purl pkg:npm/ini@1.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1pej-f5gn-5feh

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ini@1.0.1

url pkg:npm/ini@1.0.2

purl pkg:npm/ini@1.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1pej-f5gn-5feh

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ini@1.0.2

url pkg:npm/ini@1.0.3

purl pkg:npm/ini@1.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1pej-f5gn-5feh

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ini@1.0.3

url pkg:npm/ini@1.0.4

purl pkg:npm/ini@1.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1pej-f5gn-5feh

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ini@1.0.4

url pkg:npm/ini@1.0.5

purl pkg:npm/ini@1.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1pej-f5gn-5feh

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ini@1.0.5

url pkg:npm/ini@1.1.0

purl pkg:npm/ini@1.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1pej-f5gn-5feh

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ini@1.1.0

url pkg:npm/ini@1.2.0

purl pkg:npm/ini@1.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1pej-f5gn-5feh

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ini@1.2.0

url pkg:npm/ini@1.2.1

purl pkg:npm/ini@1.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1pej-f5gn-5feh

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ini@1.2.1

url pkg:npm/ini@1.3.0

purl pkg:npm/ini@1.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1pej-f5gn-5feh

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ini@1.3.0

url pkg:npm/ini@1.3.1

purl pkg:npm/ini@1.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1pej-f5gn-5feh

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ini@1.3.1

url pkg:npm/ini@1.3.2

purl pkg:npm/ini@1.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1pej-f5gn-5feh

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ini@1.3.2

url pkg:npm/ini@1.3.3

purl pkg:npm/ini@1.3.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1pej-f5gn-5feh

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ini@1.3.3

url pkg:npm/ini@1.3.4

purl pkg:npm/ini@1.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1pej-f5gn-5feh

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ini@1.3.4

url pkg:npm/ini@1.3.5

purl pkg:npm/ini@1.3.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1pej-f5gn-5feh

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ini@1.3.5

url pkg:rpm/redhat/nodejs-nodemon@2.0.19-1?arch=el9_0

purl pkg:rpm/redhat/nodejs-nodemon@2.0.19-1?arch=el9_0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1pej-f5gn-5feh

vulnerability	VCID-ezjm-bqb5-pfh2

vulnerability	VCID-f8tf-cnv6-eqef

vulnerability	VCID-gz1j-dz5f-c3c3

vulnerability	VCID-mkwu-37je-jfbx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nodejs-nodemon@2.0.19-1%3Farch=el9_0

url pkg:rpm/redhat/rh-nodejs10-nodejs@10.23.1-2?arch=el7

purl pkg:rpm/redhat/rh-nodejs10-nodejs@10.23.1-2?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1pej-f5gn-5feh

vulnerability	VCID-363b-t6mk-w3ct

vulnerability	VCID-4qmh-4brg-kygx

vulnerability	VCID-aj4s-p3uf-jffy

vulnerability	VCID-azjs-kjpm-z3h2

vulnerability	VCID-c12a-v9ey-qfap

vulnerability	VCID-dvgd-qdhh-wffm

vulnerability	VCID-eun3-dgw9-ruaj

vulnerability	VCID-f3mc-s6sz-hkep

vulnerability	VCID-w6r9-qf7d-xfam

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-nodejs10-nodejs@10.23.1-2%3Farch=el7

url pkg:rpm/redhat/rh-nodejs12-nodejs@12.20.1-1?arch=el7

purl pkg:rpm/redhat/rh-nodejs12-nodejs@12.20.1-1?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1pej-f5gn-5feh

vulnerability	VCID-azjs-kjpm-z3h2

vulnerability	VCID-c12a-v9ey-qfap

vulnerability	VCID-f3mc-s6sz-hkep

vulnerability	VCID-h63a-c7u2-t3d6

vulnerability	VCID-repv-n924-zqg7

vulnerability	VCID-wdm8-3m8z-jugr

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-nodejs12-nodejs@12.20.1-1%3Farch=el7

url pkg:rpm/redhat/rh-nodejs12-nodejs@12.22.5-1?arch=el7

purl pkg:rpm/redhat/rh-nodejs12-nodejs@12.22.5-1?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1pej-f5gn-5feh

vulnerability	VCID-479d-fgr4-8ub4

vulnerability	VCID-5239-jwp5-3khc

vulnerability	VCID-9hvt-ezcf-yfgz

vulnerability	VCID-cysv-w7p1-n3bj

vulnerability	VCID-djd6-e9ny-mff9

vulnerability	VCID-mkwu-37je-jfbx

vulnerability	VCID-r3gb-rk6e-3yfh

vulnerability	VCID-t3rp-w4p1-hubu

vulnerability	VCID-u825-k2v1-d7bt

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-nodejs12-nodejs@12.22.5-1%3Farch=el7

url pkg:rpm/redhat/rh-nodejs12-nodejs-nodemon@2.0.3-1?arch=el7

purl pkg:rpm/redhat/rh-nodejs12-nodejs-nodemon@2.0.3-1?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1pej-f5gn-5feh

vulnerability	VCID-azjs-kjpm-z3h2

vulnerability	VCID-c12a-v9ey-qfap

vulnerability	VCID-f3mc-s6sz-hkep

vulnerability	VCID-h63a-c7u2-t3d6

vulnerability	VCID-repv-n924-zqg7

vulnerability	VCID-wdm8-3m8z-jugr

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-nodejs12-nodejs-nodemon@2.0.3-1%3Farch=el7

url pkg:rpm/redhat/rh-nodejs12-nodejs-nodemon@2.0.3-5?arch=el7

purl pkg:rpm/redhat/rh-nodejs12-nodejs-nodemon@2.0.3-5?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1pej-f5gn-5feh

vulnerability	VCID-479d-fgr4-8ub4

vulnerability	VCID-5239-jwp5-3khc

vulnerability	VCID-9hvt-ezcf-yfgz

vulnerability	VCID-cysv-w7p1-n3bj

vulnerability	VCID-djd6-e9ny-mff9

vulnerability	VCID-mkwu-37je-jfbx

vulnerability	VCID-r3gb-rk6e-3yfh

vulnerability	VCID-t3rp-w4p1-hubu

vulnerability	VCID-u825-k2v1-d7bt

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-nodejs12-nodejs-nodemon@2.0.3-5%3Farch=el7

url pkg:rpm/redhat/rh-nodejs14-nodejs@14.15.4-2?arch=el7

purl pkg:rpm/redhat/rh-nodejs14-nodejs@14.15.4-2?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1pej-f5gn-5feh

vulnerability	VCID-363b-t6mk-w3ct

vulnerability	VCID-azjs-kjpm-z3h2

vulnerability	VCID-c12a-v9ey-qfap

vulnerability	VCID-eun3-dgw9-ruaj

vulnerability	VCID-f3mc-s6sz-hkep

vulnerability	VCID-w6y4-5tef-mbek

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-nodejs14-nodejs@14.15.4-2%3Farch=el7

url pkg:rpm/redhat/rh-nodejs14-nodejs-nodemon@2.0.3-5?arch=el7

purl pkg:rpm/redhat/rh-nodejs14-nodejs-nodemon@2.0.3-5?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1pej-f5gn-5feh

vulnerability	VCID-mkwu-37je-jfbx

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-nodejs14-nodejs-nodemon@2.0.3-5%3Farch=el7

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7788.json

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7788.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-7788

reference_id

reference_type

scores

value	0.00291
scoring_system	epss
scoring_elements	0.52739
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-7788

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7788
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7788

reference_url

https://github.com/npm/ini

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/npm/ini

reference_url

https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1

reference_url

https://lists.debian.org/debian-lts-announce/2020/12/msg00032.html

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/12/msg00032.html

reference_url

https://snyk.io/vuln/SNYK-JS-INI-1048974

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-INI-1048974

reference_url

https://www.npmjs.com/advisories/1589

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.npmjs.com/advisories/1589

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1907444
reference_id	1907444
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1907444

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977718
reference_id	977718
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977718

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-7788

reference_id

CVE-2020-7788

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-7788

reference_url	https://access.redhat.com/errata/RHSA-2021:0421
reference_id	RHSA-2021:0421
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0421

reference_url	https://access.redhat.com/errata/RHSA-2021:0485
reference_id	RHSA-2021:0485
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0485

reference_url	https://access.redhat.com/errata/RHSA-2021:0521
reference_id	RHSA-2021:0521
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0521

reference_url	https://access.redhat.com/errata/RHSA-2021:0548
reference_id	RHSA-2021:0548
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0548

reference_url	https://access.redhat.com/errata/RHSA-2021:0549
reference_id	RHSA-2021:0549
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0549

reference_url	https://access.redhat.com/errata/RHSA-2021:0551
reference_id	RHSA-2021:0551
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0551

reference_url	https://access.redhat.com/errata/RHSA-2021:3280
reference_id	RHSA-2021:3280
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3280

reference_url	https://access.redhat.com/errata/RHSA-2021:3281
reference_id	RHSA-2021:3281
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3281

reference_url	https://access.redhat.com/errata/RHSA-2021:5171
reference_id	RHSA-2021:5171
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5171

reference_url	https://access.redhat.com/errata/RHSA-2022:0246
reference_id	RHSA-2022:0246
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0246

reference_url	https://access.redhat.com/errata/RHSA-2022:0350
reference_id	RHSA-2022:0350
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0350

reference_url	https://access.redhat.com/errata/RHSA-2022:6595
reference_id	RHSA-2022:6595
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6595

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	400
name	Uncontrolled Resource Consumption
description	The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1321
name	Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
description	The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1pej-f5gn-5feh

Vulnerability Instance