Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-n274-5khk-4udw
Summary
When logging in with the correct username and incorrect weak password, the user receives the notification, that their password is too weak.

However when an incorrect username is provided alongside with a weak password, the application responds with ’Invalid credentials’ notification.

This difference could be used to perform username enumeration.
Aliases
0
alias CVE-2024-47059
1
alias GHSA-8vff-35qm-qjvv
Fixed_packages
0
url pkg:composer/mautic/core@5.1.1
purl pkg:composer/mautic/core@5.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-169x-kkjv-tuhd
1
vulnerability VCID-72qd-qyx1-9kcj
2
vulnerability VCID-78su-anjk-nbfe
3
vulnerability VCID-8css-7395-v7fe
4
vulnerability VCID-9h4n-kq2p-u7ge
5
vulnerability VCID-ab6z-nnwn-h3bx
6
vulnerability VCID-d8gm-pcqd-kyh9
7
vulnerability VCID-eqbh-kevx-g7az
8
vulnerability VCID-f7c7-1f37-t7be
9
vulnerability VCID-kqrt-jk5r-2ybq
10
vulnerability VCID-uxc8-np41-ubfg
11
vulnerability VCID-w287-c1u9-xugv
12
vulnerability VCID-wmr5-yjdd-7fhy
13
vulnerability VCID-xnwg-23ba-5feb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.1.1
Affected_packages
0
url pkg:composer/mautic/core@5.1.0
purl pkg:composer/mautic/core@5.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-169x-kkjv-tuhd
1
vulnerability VCID-3g4e-a7qf-7bg1
2
vulnerability VCID-6udr-t1gz-yydw
3
vulnerability VCID-72qd-qyx1-9kcj
4
vulnerability VCID-78su-anjk-nbfe
5
vulnerability VCID-8css-7395-v7fe
6
vulnerability VCID-9h4n-kq2p-u7ge
7
vulnerability VCID-ab6z-nnwn-h3bx
8
vulnerability VCID-d8gm-pcqd-kyh9
9
vulnerability VCID-eqbh-kevx-g7az
10
vulnerability VCID-f7c7-1f37-t7be
11
vulnerability VCID-jnyh-wtct-juax
12
vulnerability VCID-kb5u-fxss-nqcf
13
vulnerability VCID-kqrt-jk5r-2ybq
14
vulnerability VCID-n274-5khk-4udw
15
vulnerability VCID-nc5r-759g-qkhx
16
vulnerability VCID-qw81-xmgp-t7ag
17
vulnerability VCID-uxc8-np41-ubfg
18
vulnerability VCID-w287-c1u9-xugv
19
vulnerability VCID-wmr5-yjdd-7fhy
20
vulnerability VCID-xnwg-23ba-5feb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.1.0
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-47059
reference_id
reference_type
scores
0
value 0.00422
scoring_system epss
scoring_elements 0.6261
published_at 2026-06-12T12:55:00Z
1
value 0.00422
scoring_system epss
scoring_elements 0.62617
published_at 2026-06-14T12:55:00Z
2
value 0.00422
scoring_system epss
scoring_elements 0.62622
published_at 2026-06-13T12:55:00Z
3
value 0.00422
scoring_system epss
scoring_elements 0.62509
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-47059
1
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-47059
reference_id CVE-2024-47059
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-47059
3
reference_url https://github.com/advisories/GHSA-8vff-35qm-qjvv
reference_id GHSA-8vff-35qm-qjvv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8vff-35qm-qjvv
4
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-8vff-35qm-qjvv
reference_id GHSA-8vff-35qm-qjvv
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T20:45:37Z/
url https://github.com/mautic/mautic/security/advisories/GHSA-8vff-35qm-qjvv
Weaknesses
0
cwe_id 200
name Exposure of Sensitive Information to an Unauthorized Actor
description The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
1
cwe_id 204
name Observable Response Discrepancy
description The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
3
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-n274-5khk-4udw