Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-pmhx-wy5d-buaz

Summary

Multiple vulnerabilities have been found in the Chromium web
    browser, the worst of which allows remote attackers to execute arbitrary
    code.

Aliases

alias	CVE-2017-5085

Fixed_packages

url pkg:alpm/archlinux/chromium@59.0.3071.86-1

purl pkg:alpm/archlinux/chromium@59.0.3071.86-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hsuj-ffh4-33f3

vulnerability	VCID-qn3a-kdx8-n3hm

vulnerability	VCID-usgw-gqnq-dfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/chromium@59.0.3071.86-1

url	pkg:ebuild/www-client/chromium@59.0.3071.104
purl	pkg:ebuild/www-client/chromium@59.0.3071.104
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/chromium@59.0.3071.104

Affected_packages

url pkg:alpm/archlinux/chromium@58.0.3029.110-1

purl pkg:alpm/archlinux/chromium@58.0.3029.110-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1r7m-ska1-bfaa

vulnerability	VCID-52ha-efrd-bkbu

vulnerability	VCID-5xy6-dfr2-f3gq

vulnerability	VCID-7add-jzbk-cba6

vulnerability	VCID-89ws-643e-ayd1

vulnerability	VCID-b75z-83fg-vyea

vulnerability	VCID-kzw1-g1pw-bug3

vulnerability	VCID-pmhx-wy5d-buaz

vulnerability	VCID-ppke-xzq1-nyac

vulnerability	VCID-qdh5-dwpk-13bp

vulnerability	VCID-qetz-xrku-87fe

vulnerability	VCID-qqm4-enbx-sqas

vulnerability	VCID-tjyu-bwcu-jbbu

vulnerability	VCID-vjp1-xjzc-fbh7

vulnerability	VCID-wd3v-zk8f-5fgh

vulnerability	VCID-yz5a-929h-jufn

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/chromium@58.0.3029.110-1

url pkg:rpm/redhat/chromium-browser@59.0.3071.86-1?arch=el6_9

purl pkg:rpm/redhat/chromium-browser@59.0.3071.86-1?arch=el6_9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1r7m-ska1-bfaa

vulnerability	VCID-52ha-efrd-bkbu

vulnerability	VCID-5xy6-dfr2-f3gq

vulnerability	VCID-7add-jzbk-cba6

vulnerability	VCID-89ws-643e-ayd1

vulnerability	VCID-b75z-83fg-vyea

vulnerability	VCID-kzw1-g1pw-bug3

vulnerability	VCID-pmhx-wy5d-buaz

vulnerability	VCID-ppke-xzq1-nyac

vulnerability	VCID-qdh5-dwpk-13bp

vulnerability	VCID-qetz-xrku-87fe

vulnerability	VCID-qqm4-enbx-sqas

vulnerability	VCID-tjyu-bwcu-jbbu

vulnerability	VCID-vjp1-xjzc-fbh7

vulnerability	VCID-wd3v-zk8f-5fgh

vulnerability	VCID-yz5a-929h-jufn

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/chromium-browser@59.0.3071.86-1%3Farch=el6_9

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5085.json

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5085.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5085

reference_id

reference_type

scores

value	0.00443
scoring_system	epss
scoring_elements	0.63243
published_at	2026-04-01T12:55:00Z

value	0.00443
scoring_system	epss
scoring_elements	0.63378
published_at	2026-04-29T12:55:00Z

value	0.00443
scoring_system	epss
scoring_elements	0.63348
published_at	2026-04-21T12:55:00Z

value	0.00443
scoring_system	epss
scoring_elements	0.63367
published_at	2026-04-24T12:55:00Z

value	0.00443
scoring_system	epss
scoring_elements	0.6338
published_at	2026-04-26T12:55:00Z

value	0.00443
scoring_system	epss
scoring_elements	0.63302
published_at	2026-04-02T12:55:00Z

value	0.00443
scoring_system	epss
scoring_elements	0.63329
published_at	2026-04-04T12:55:00Z

value	0.00443
scoring_system	epss
scoring_elements	0.63295
published_at	2026-04-07T12:55:00Z

value	0.00443
scoring_system	epss
scoring_elements	0.63346
published_at	2026-04-08T12:55:00Z

value	0.00443
scoring_system	epss
scoring_elements	0.63364
published_at	2026-04-09T12:55:00Z

value	0.00443
scoring_system	epss
scoring_elements	0.63381
published_at	2026-04-11T12:55:00Z

value	0.00443
scoring_system	epss
scoring_elements	0.63365
published_at	2026-04-12T12:55:00Z

value	0.00443
scoring_system	epss
scoring_elements	0.63328
published_at	2026-04-13T12:55:00Z

value	0.00443
scoring_system	epss
scoring_elements	0.63363
published_at	2026-04-16T12:55:00Z

value	0.00443
scoring_system	epss
scoring_elements	0.6337
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5085

reference_url	https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html
reference_id
reference_type
scores
url	https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html

reference_url	https://crbug.com/692378
reference_id
reference_type
scores
url	https://crbug.com/692378

reference_url	http://www.securityfocus.com/bid/98861
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/98861

reference_url	http://www.securitytracker.com/id/1038622
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1038622

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1459037
reference_id	1459037
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1459037

reference_url	https://security.archlinux.org/ASA-201706-8
reference_id	ASA-201706-8
reference_type
scores
url	https://security.archlinux.org/ASA-201706-8

reference_url

https://security.archlinux.org/AVG-289

reference_id

AVG-289

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-289

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:-:::::::*
reference_id	cpe:2.3:o:apple:iphone_os:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:chrome:58.0.3029:::::::*
reference_id	cpe:2.3:o:google:chrome:58.0.3029:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:chrome:58.0.3029:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-5085

reference_id

CVE-2017-5085

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2017-5085

reference_url	https://security.gentoo.org/glsa/201706-20
reference_id	GLSA-201706-20
reference_type
scores
url	https://security.gentoo.org/glsa/201706-20

reference_url	https://access.redhat.com/errata/RHSA-2017:1399
reference_id	RHSA-2017:1399
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1399

Weaknesses

cwe_id	79
name	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description	The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Exploits

Severity_range_score 4.2 - 10.0

Exploitability 0.5

Weighted_severity 9.0

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pmhx-wy5d-buaz

Vulnerability Instance