Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-v9ch-up34-nuab
Summary
Silverstripe Missing CSRF protection in login form
LoginForm calls disableSecurityToken(), which causes a "shared host domain" vulnerability: http://stackoverflow.com/a/15350123.
Aliases
0
alias GHSA-vj2j-6g3w-4662
Fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.19
purl pkg:composer/silverstripe/framework@3.1.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7ek4-6y31-1qcs
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-at1s-qxsg-5yfs
6
vulnerability VCID-b6nm-cphj-wfgw
7
vulnerability VCID-b95v-49p7-fkas
8
vulnerability VCID-c437-w2zy-y7c9
9
vulnerability VCID-c6bz-jwhm-vkgp
10
vulnerability VCID-cmwn-cjff-9qau
11
vulnerability VCID-ewg1-jqza-eyez
12
vulnerability VCID-gkkp-9fm7-jfaz
13
vulnerability VCID-hnme-cqff-c7dp
14
vulnerability VCID-mkex-ht2r-cucz
15
vulnerability VCID-nute-ndg2-z7ev
16
vulnerability VCID-qdwg-f2bx-1bay
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-t81f-5b8z-hyht
19
vulnerability VCID-umhc-fdfh-1fdx
20
vulnerability VCID-xg74-3h1h-kqaf
21
vulnerability VCID-y8et-m846-2fc6
22
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19
1
url pkg:composer/silverstripe/framework@3.2.4
purl pkg:composer/silverstripe/framework@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7ek4-6y31-1qcs
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-at1s-qxsg-5yfs
6
vulnerability VCID-b6nm-cphj-wfgw
7
vulnerability VCID-b95v-49p7-fkas
8
vulnerability VCID-c437-w2zy-y7c9
9
vulnerability VCID-c6bz-jwhm-vkgp
10
vulnerability VCID-cmwn-cjff-9qau
11
vulnerability VCID-ewg1-jqza-eyez
12
vulnerability VCID-gkkp-9fm7-jfaz
13
vulnerability VCID-hnme-cqff-c7dp
14
vulnerability VCID-mkex-ht2r-cucz
15
vulnerability VCID-nute-ndg2-z7ev
16
vulnerability VCID-qdwg-f2bx-1bay
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-t81f-5b8z-hyht
19
vulnerability VCID-umhc-fdfh-1fdx
20
vulnerability VCID-xg74-3h1h-kqaf
21
vulnerability VCID-y8et-m846-2fc6
22
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4
2
url pkg:composer/silverstripe/framework@3.3.2
purl pkg:composer/silverstripe/framework@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3svb-wudn-aybz
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-at1s-qxsg-5yfs
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-b95v-49p7-fkas
9
vulnerability VCID-c437-w2zy-y7c9
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-ewg1-jqza-eyez
13
vulnerability VCID-f4hv-79km-3ygt
14
vulnerability VCID-gkkp-9fm7-jfaz
15
vulnerability VCID-hnme-cqff-c7dp
16
vulnerability VCID-mkex-ht2r-cucz
17
vulnerability VCID-nute-ndg2-z7ev
18
vulnerability VCID-qdwg-f2bx-1bay
19
vulnerability VCID-r1eg-dwej-5kau
20
vulnerability VCID-t81f-5b8z-hyht
21
vulnerability VCID-umhc-fdfh-1fdx
22
vulnerability VCID-xg74-3h1h-kqaf
23
vulnerability VCID-y8et-m846-2fc6
24
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2
Affected_packages
0
url pkg:composer/silverstripe/framework@3.1.18
purl pkg:composer/silverstripe/framework@3.1.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1uhv-fetz-j7fd
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-9ugf-duna-xfgy
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c437-w2zy-y7c9
11
vulnerability VCID-c6bz-jwhm-vkgp
12
vulnerability VCID-cmwn-cjff-9qau
13
vulnerability VCID-evh4-xq48-4fa6
14
vulnerability VCID-ewg1-jqza-eyez
15
vulnerability VCID-excr-b2pz-jydm
16
vulnerability VCID-ggbg-8mtc-hudc
17
vulnerability VCID-gkkp-9fm7-jfaz
18
vulnerability VCID-hnme-cqff-c7dp
19
vulnerability VCID-m5rs-qptc-vued
20
vulnerability VCID-mkex-ht2r-cucz
21
vulnerability VCID-nute-ndg2-z7ev
22
vulnerability VCID-q939-fszs-wfdp
23
vulnerability VCID-qdwg-f2bx-1bay
24
vulnerability VCID-r1eg-dwej-5kau
25
vulnerability VCID-t81f-5b8z-hyht
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-v9ch-up34-nuab
28
vulnerability VCID-xg74-3h1h-kqaf
29
vulnerability VCID-y8et-m846-2fc6
30
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.18
1
url pkg:composer/silverstripe/framework@3.2.3
purl pkg:composer/silverstripe/framework@3.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1uhv-fetz-j7fd
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-9ugf-duna-xfgy
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c437-w2zy-y7c9
11
vulnerability VCID-c6bz-jwhm-vkgp
12
vulnerability VCID-cmwn-cjff-9qau
13
vulnerability VCID-evh4-xq48-4fa6
14
vulnerability VCID-ewg1-jqza-eyez
15
vulnerability VCID-excr-b2pz-jydm
16
vulnerability VCID-ggbg-8mtc-hudc
17
vulnerability VCID-gkkp-9fm7-jfaz
18
vulnerability VCID-hnme-cqff-c7dp
19
vulnerability VCID-m5rs-qptc-vued
20
vulnerability VCID-mkex-ht2r-cucz
21
vulnerability VCID-nute-ndg2-z7ev
22
vulnerability VCID-q939-fszs-wfdp
23
vulnerability VCID-qdwg-f2bx-1bay
24
vulnerability VCID-r1eg-dwej-5kau
25
vulnerability VCID-t81f-5b8z-hyht
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-v9ch-up34-nuab
28
vulnerability VCID-xg74-3h1h-kqaf
29
vulnerability VCID-y8et-m846-2fc6
30
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.3
2
url pkg:composer/silverstripe/framework@3.3.1
purl pkg:composer/silverstripe/framework@3.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1uhv-fetz-j7fd
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3svb-wudn-aybz
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-9ugf-duna-xfgy
8
vulnerability VCID-at1s-qxsg-5yfs
9
vulnerability VCID-b6nm-cphj-wfgw
10
vulnerability VCID-b95v-49p7-fkas
11
vulnerability VCID-c437-w2zy-y7c9
12
vulnerability VCID-c6bz-jwhm-vkgp
13
vulnerability VCID-cmwn-cjff-9qau
14
vulnerability VCID-evh4-xq48-4fa6
15
vulnerability VCID-ewg1-jqza-eyez
16
vulnerability VCID-excr-b2pz-jydm
17
vulnerability VCID-ggbg-8mtc-hudc
18
vulnerability VCID-gkkp-9fm7-jfaz
19
vulnerability VCID-hnme-cqff-c7dp
20
vulnerability VCID-m5rs-qptc-vued
21
vulnerability VCID-mkex-ht2r-cucz
22
vulnerability VCID-nute-ndg2-z7ev
23
vulnerability VCID-q939-fszs-wfdp
24
vulnerability VCID-qdwg-f2bx-1bay
25
vulnerability VCID-r1eg-dwej-5kau
26
vulnerability VCID-t81f-5b8z-hyht
27
vulnerability VCID-umhc-fdfh-1fdx
28
vulnerability VCID-v9ch-up34-nuab
29
vulnerability VCID-xg74-3h1h-kqaf
30
vulnerability VCID-y8et-m846-2fc6
31
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.1
References
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-006-1.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-006-1.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://github.com/silverstripe/silverstripe-framework/commit/a6bd22ab2f3b11a054d20be13306a19089510989
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/a6bd22ab2f3b11a054d20be13306a19089510989
3
reference_url https://stackoverflow.com/questions/6412813/do-login-forms-need-tokens-against-csrf-attacks/15350123#15350123
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://stackoverflow.com/questions/6412813/do-login-forms-need-tokens-against-csrf-attacks/15350123#15350123
4
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-006
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2016-006
5
reference_url https://github.com/advisories/GHSA-vj2j-6g3w-4662
reference_id GHSA-vj2j-6g3w-4662
reference_type
scores
url https://github.com/advisories/GHSA-vj2j-6g3w-4662
Weaknesses
0
cwe_id 352
name Cross-Site Request Forgery (CSRF)
description The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-v9ch-up34-nuab