Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-xz7z-trbh-j7dk
Summary
Drupal core Arbitrary PHP code execution
The Drupal project uses the PEAR Archive_Tar library. The PEAR Archive_Tar library has released a security update that impacts Drupal. For more information please see:
CVE-2020-28948
CVE-2020-28949

Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz file uploads and processes them.

To mitigate this issue, prevent untrusted users from uploading .tar, .tar.gz, .bz2, or .tlz files.
Aliases
0
alias GHSA-j66p-fvp2-fxhj
Fixed_packages
0
url pkg:composer/drupal/drupal@8.8.12
purl pkg:composer/drupal/drupal@8.8.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.8.12
1
url pkg:composer/drupal/drupal@8.9.10
purl pkg:composer/drupal/drupal@8.9.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-67da-qxh5-aydx
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.10
2
url pkg:composer/drupal/drupal@9.0.9
purl pkg:composer/drupal/drupal@9.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-67da-qxh5-aydx
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.0.9
Affected_packages
0
url pkg:composer/drupal/drupal@7.0.0
purl pkg:composer/drupal/drupal@7.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2g67-a42m-qfbh
1
vulnerability VCID-5jy9-mhbb-nuh7
2
vulnerability VCID-5vjq-rnfw-77gp
3
vulnerability VCID-5ykv-9pn5-euft
4
vulnerability VCID-67da-qxh5-aydx
5
vulnerability VCID-6x4v-da7x-uyhh
6
vulnerability VCID-9cr8-u5tp-yuc9
7
vulnerability VCID-9dfs-rpqy-6kfa
8
vulnerability VCID-9nk8-dban-g7h9
9
vulnerability VCID-a4u4-ga84-wyf9
10
vulnerability VCID-a7ss-tkb6-gkge
11
vulnerability VCID-aqxx-kd18-pqgm
12
vulnerability VCID-bge7-rqsx-gfee
13
vulnerability VCID-dnc7-jg8m-8fh3
14
vulnerability VCID-e69p-v2ws-vufj
15
vulnerability VCID-e8un-nbkk-cbf9
16
vulnerability VCID-h54g-nbkq-37g6
17
vulnerability VCID-jed8-4cv5-6bcr
18
vulnerability VCID-kw4m-ebfg-63dy
19
vulnerability VCID-nn8g-m52e-5kfe
20
vulnerability VCID-nwza-zzn3-u3eb
21
vulnerability VCID-pmmq-8s2m-h7dp
22
vulnerability VCID-s144-c7ps-aqbj
23
vulnerability VCID-sg4r-hncm-dqcq
24
vulnerability VCID-tbah-jrah-a3fg
25
vulnerability VCID-tcan-28ga-j3h1
26
vulnerability VCID-tpzm-u3qp-akc8
27
vulnerability VCID-upk3-jyze-e3gx
28
vulnerability VCID-vjrr-h9sh-3bcu
29
vulnerability VCID-vjz6-xgk6-mycf
30
vulnerability VCID-vz31-7246-aken
31
vulnerability VCID-wsv7-je8g-sqet
32
vulnerability VCID-wszp-2es5-z7fy
33
vulnerability VCID-x34m-u169-1bce
34
vulnerability VCID-xz7z-trbh-j7dk
35
vulnerability VCID-y5mz-1wsc-w3g7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@7.0.0
1
url pkg:composer/drupal/drupal@8.0.0
purl pkg:composer/drupal/drupal@8.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2989-fmjz-nkby
1
vulnerability VCID-2w1s-g91k-xuhj
2
vulnerability VCID-31qy-vagp-83b6
3
vulnerability VCID-3dgm-qju3-aqh5
4
vulnerability VCID-3qrs-sag2-v7g7
5
vulnerability VCID-3xk4-qwaq-5yaj
6
vulnerability VCID-4p4c-7rdc-37fa
7
vulnerability VCID-4pg6-hqge-wkcb
8
vulnerability VCID-56ze-2yw2-bfh8
9
vulnerability VCID-5c5c-m7ba-kqct
10
vulnerability VCID-6c6t-kmb3-2qcm
11
vulnerability VCID-6rtn-zphz-sydn
12
vulnerability VCID-73y5-3fud-9bac
13
vulnerability VCID-766t-bnd6-ckcb
14
vulnerability VCID-7bq1-m8df-k3ba
15
vulnerability VCID-7n8f-bdkf-sqfu
16
vulnerability VCID-8qd6-8ckc-h3g5
17
vulnerability VCID-9nk8-dban-g7h9
18
vulnerability VCID-a4u4-ga84-wyf9
19
vulnerability VCID-a7ss-tkb6-gkge
20
vulnerability VCID-ah3h-t9qa-gudr
21
vulnerability VCID-aqxx-kd18-pqgm
22
vulnerability VCID-ard5-3cjv-1beu
23
vulnerability VCID-asm8-guag-b3ep
24
vulnerability VCID-avmn-kqky-83dd
25
vulnerability VCID-ay6b-1a7z-qkas
26
vulnerability VCID-bndv-n7w9-43b4
27
vulnerability VCID-bq2j-t19h-zyad
28
vulnerability VCID-dhwb-tvs2-vkht
29
vulnerability VCID-dnc7-jg8m-8fh3
30
vulnerability VCID-dyhz-g3nv-yuc3
31
vulnerability VCID-e8un-nbkk-cbf9
32
vulnerability VCID-egtv-y9w1-skgr
33
vulnerability VCID-es39-uyu2-myap
34
vulnerability VCID-eyew-pw17-ryfj
35
vulnerability VCID-j7bj-atys-qfg3
36
vulnerability VCID-jb63-xjup-1khv
37
vulnerability VCID-ks17-b29e-73au
38
vulnerability VCID-mm13-6dhq-nqfb
39
vulnerability VCID-mscp-wvvx-zfh3
40
vulnerability VCID-n318-rcfy-uybg
41
vulnerability VCID-n5n3-p5yy-13d9
42
vulnerability VCID-nacy-y1qt-5yhb
43
vulnerability VCID-ng6g-hvc2-bkg4
44
vulnerability VCID-nn8g-m52e-5kfe
45
vulnerability VCID-pmmq-8s2m-h7dp
46
vulnerability VCID-pnme-dc73-efcb
47
vulnerability VCID-pxwv-fhy9-ckfm
48
vulnerability VCID-q6zh-decq-bkau
49
vulnerability VCID-r4ja-mndm-uyge
50
vulnerability VCID-rd4g-h1j9-23cb
51
vulnerability VCID-rsc6-y1uv-6bfq
52
vulnerability VCID-s5qd-cpvc-c3cd
53
vulnerability VCID-ta99-gcmk-2qc8
54
vulnerability VCID-tbah-jrah-a3fg
55
vulnerability VCID-tbhc-6qre-7kc5
56
vulnerability VCID-tbk2-zprq-27c8
57
vulnerability VCID-tcan-28ga-j3h1
58
vulnerability VCID-tpzm-u3qp-akc8
59
vulnerability VCID-ughj-q27r-yfe2
60
vulnerability VCID-vjz6-xgk6-mycf
61
vulnerability VCID-vz31-7246-aken
62
vulnerability VCID-w3x8-db6e-kued
63
vulnerability VCID-w4ks-ufnz-vfav
64
vulnerability VCID-wapd-e3mu-sffn
65
vulnerability VCID-wsv7-je8g-sqet
66
vulnerability VCID-wszp-2es5-z7fy
67
vulnerability VCID-x34m-u169-1bce
68
vulnerability VCID-xz7z-trbh-j7dk
69
vulnerability VCID-y1nb-prqc-suaj
70
vulnerability VCID-y5mz-1wsc-w3g7
71
vulnerability VCID-z2xs-z24v-c3e5
72
vulnerability VCID-zpeb-7dhc-9kcx
73
vulnerability VCID-zqer-y4s4-hqhy
74
vulnerability VCID-zvtm-9bd5-ufgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.0.0
2
url pkg:composer/drupal/drupal@8.9.0
purl pkg:composer/drupal/drupal@8.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-31qy-vagp-83b6
1
vulnerability VCID-5jy9-mhbb-nuh7
2
vulnerability VCID-67da-qxh5-aydx
3
vulnerability VCID-9dfs-rpqy-6kfa
4
vulnerability VCID-9rmk-e8zd-9bcw
5
vulnerability VCID-avmn-kqky-83dd
6
vulnerability VCID-nacy-y1qt-5yhb
7
vulnerability VCID-phwu-rdm2-ufhr
8
vulnerability VCID-sg4r-hncm-dqcq
9
vulnerability VCID-vz31-7246-aken
10
vulnerability VCID-wsv7-je8g-sqet
11
vulnerability VCID-x783-ggg8-auck
12
vulnerability VCID-xz7z-trbh-j7dk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@8.9.0
3
url pkg:composer/drupal/drupal@9.0.0
purl pkg:composer/drupal/drupal@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2w1s-g91k-xuhj
1
vulnerability VCID-31qy-vagp-83b6
2
vulnerability VCID-5jy9-mhbb-nuh7
3
vulnerability VCID-67da-qxh5-aydx
4
vulnerability VCID-9dfs-rpqy-6kfa
5
vulnerability VCID-9rmk-e8zd-9bcw
6
vulnerability VCID-avmn-kqky-83dd
7
vulnerability VCID-nacy-y1qt-5yhb
8
vulnerability VCID-phwu-rdm2-ufhr
9
vulnerability VCID-sg4r-hncm-dqcq
10
vulnerability VCID-tpzm-u3qp-akc8
11
vulnerability VCID-vz31-7246-aken
12
vulnerability VCID-wsv7-je8g-sqet
13
vulnerability VCID-x783-ggg8-auck
14
vulnerability VCID-xz7z-trbh-j7dk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.0.0
References
0
reference_url https://github.com/drupal/drupal
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/drupal
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2020-11-25.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2020-11-25.yaml
2
reference_url https://www.drupal.org/sa-core-2020-013
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2020-013
3
reference_url https://github.com/advisories/GHSA-j66p-fvp2-fxhj
reference_id GHSA-j66p-fvp2-fxhj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j66p-fvp2-fxhj
Weaknesses
0
cwe_id 94
name Improper Control of Generation of Code ('Code Injection')
description The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score7.0 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-xz7z-trbh-j7dk