Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-9cje-24ah-p7fk
SummaryA content security policy (CSP) frame-ancestors directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information leak of this path information.
Aliases
0
alias CVE-2017-7808
Fixed_packages
0
url pkg:alpm/archlinux/firefox@55.0-1
purl pkg:alpm/archlinux/firefox@55.0-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@55.0-1
1
url pkg:deb/debian/firefox@150.0.3-1?distro=sid
purl pkg:deb/debian/firefox@150.0.3-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.3-1%3Fdistro=sid
2
url pkg:deb/debian/firefox@55.0-1?distro=sid
purl pkg:deb/debian/firefox@55.0-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@55.0-1%3Fdistro=sid
3
url pkg:deb/debian/firefox@149.0-1?distro=sid
purl pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid
4
url pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid
5
url pkg:deb/debian/firefox@150.0-1?distro=sid
purl pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid
6
url pkg:deb/debian/firefox@150.0.1-1?distro=sid
purl pkg:deb/debian/firefox@150.0.1-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid
7
url pkg:deb/debian/firefox@150.0.2-1?distro=sid
purl pkg:deb/debian/firefox@150.0.2-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid
Affected_packages
0
url pkg:alpm/archlinux/firefox@54.0.1-1
purl pkg:alpm/archlinux/firefox@54.0.1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39za-a75a-z7c3
1
vulnerability VCID-3cbn-278y-hkah
2
vulnerability VCID-48em-7yxs-pqf9
3
vulnerability VCID-4rt5-58ue-sufc
4
vulnerability VCID-6aqn-abjb-skbd
5
vulnerability VCID-7mvz-mr2e-hyfx
6
vulnerability VCID-9cje-24ah-p7fk
7
vulnerability VCID-d7jf-wx4p-cuek
8
vulnerability VCID-dck1-2x3v-1ygr
9
vulnerability VCID-eaau-g1uf-73gd
10
vulnerability VCID-f7ut-fqny-tffr
11
vulnerability VCID-gf3v-rmys-syex
12
vulnerability VCID-hd7u-f91y-dqhz
13
vulnerability VCID-hk7b-ckyd-7qg2
14
vulnerability VCID-hw2h-w5r2-7qhv
15
vulnerability VCID-kn3f-cx36-17h2
16
vulnerability VCID-nmws-nx6k-5qbe
17
vulnerability VCID-np75-dzzq-8yef
18
vulnerability VCID-q7jk-b69d-bbav
19
vulnerability VCID-qetw-2ah7-5ba4
20
vulnerability VCID-qh1k-c7ct-efg8
21
vulnerability VCID-s558-4jac-47ft
22
vulnerability VCID-vgwu-jbjv-xyd1
23
vulnerability VCID-xzxb-5pq8-9bfd
24
vulnerability VCID-yk2z-f6vu-93fb
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@54.0.1-1
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7808.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7808.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-7808
reference_id
reference_type
scores
0
value 0.00125
scoring_system epss
scoring_elements 0.31684
published_at 2026-04-01T12:55:00Z
1
value 0.00125
scoring_system epss
scoring_elements 0.31138
published_at 2026-05-12T12:55:00Z
2
value 0.00125
scoring_system epss
scoring_elements 0.31361
published_at 2026-04-26T12:55:00Z
3
value 0.00125
scoring_system epss
scoring_elements 0.3128
published_at 2026-04-29T12:55:00Z
4
value 0.00125
scoring_system epss
scoring_elements 0.31129
published_at 2026-05-05T12:55:00Z
5
value 0.00125
scoring_system epss
scoring_elements 0.31198
published_at 2026-05-07T12:55:00Z
6
value 0.00125
scoring_system epss
scoring_elements 0.31205
published_at 2026-05-09T12:55:00Z
7
value 0.00125
scoring_system epss
scoring_elements 0.31115
published_at 2026-05-11T12:55:00Z
8
value 0.00125
scoring_system epss
scoring_elements 0.31816
published_at 2026-04-02T12:55:00Z
9
value 0.00125
scoring_system epss
scoring_elements 0.3186
published_at 2026-04-04T12:55:00Z
10
value 0.00125
scoring_system epss
scoring_elements 0.31679
published_at 2026-04-07T12:55:00Z
11
value 0.00125
scoring_system epss
scoring_elements 0.31731
published_at 2026-04-08T12:55:00Z
12
value 0.00125
scoring_system epss
scoring_elements 0.31761
published_at 2026-04-09T12:55:00Z
13
value 0.00125
scoring_system epss
scoring_elements 0.31764
published_at 2026-04-11T12:55:00Z
14
value 0.00125
scoring_system epss
scoring_elements 0.31724
published_at 2026-04-12T12:55:00Z
15
value 0.00125
scoring_system epss
scoring_elements 0.31688
published_at 2026-04-13T12:55:00Z
16
value 0.00125
scoring_system epss
scoring_elements 0.3172
published_at 2026-04-16T12:55:00Z
17
value 0.00125
scoring_system epss
scoring_elements 0.31698
published_at 2026-04-18T12:55:00Z
18
value 0.00125
scoring_system epss
scoring_elements 0.31665
published_at 2026-04-21T12:55:00Z
19
value 0.00125
scoring_system epss
scoring_elements 0.31489
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-7808
2
reference_url https://bugzilla.mozilla.org/show_bug.cgi?id=1367531
reference_id
reference_type
scores
url https://bugzilla.mozilla.org/show_bug.cgi?id=1367531
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:C/I:C/A:N
1
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://www.mozilla.org/security/advisories/mfsa2017-18/
reference_id
reference_type
scores
url https://www.mozilla.org/security/advisories/mfsa2017-18/
5
reference_url http://www.securityfocus.com/bid/100373
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/100373
6
reference_url http://www.securitytracker.com/id/1039124
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1039124
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1479228
reference_id 1479228
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1479228
8
reference_url https://security.archlinux.org/ASA-201708-3
reference_id ASA-201708-3
reference_type
scores
url https://security.archlinux.org/ASA-201708-3
9
reference_url https://security.archlinux.org/AVG-375
reference_id AVG-375
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-375
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7808
reference_id CVE-2017-7808
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://nvd.nist.gov/vuln/detail/CVE-2017-7808
12
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2017-18
reference_id mfsa2017-18
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2017-18
13
reference_url https://usn.ubuntu.com/3391-1/
reference_id USN-3391-1
reference_type
scores
url https://usn.ubuntu.com/3391-1/
Weaknesses
0
cwe_id 863
name Incorrect Authorization
description The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
1
cwe_id 200
name Exposure of Sensitive Information to an Unauthorized Actor
description The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
2
cwe_id 346
name Origin Validation Error
description The product does not properly verify that the source of data or communication is valid.
Exploits
Severity_range_score5.0 - 10.0
Exploitability0.5
Weighted_severity9.0
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-9cje-24ah-p7fk