Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-gjz8-f5gu-17f6

Summary A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins.

Aliases

alias	CVE-2025-4088

Fixed_packages

url	pkg:deb/debian/firefox@138.0-1?distro=sid
purl	pkg:deb/debian/firefox@138.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@138.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0.1-1?distro=sid
purl	pkg:deb/debian/firefox@150.0.1-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@150.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@150.0.3-1?distro=sid
purl	pkg:deb/debian/firefox@150.0.3-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.3-1%3Fdistro=sid

Affected_packages

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4088.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4088.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-4088

reference_id

reference_type

scores

value	0.00116
scoring_system	epss
scoring_elements	0.29917
published_at	2026-05-14T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30201
published_at	2026-04-21T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30137
published_at	2026-04-24T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30022
published_at	2026-04-26T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.29946
published_at	2026-04-29T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.29812
published_at	2026-05-05T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.29882
published_at	2026-05-07T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.29892
published_at	2026-05-09T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.29822
published_at	2026-05-11T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.29842
published_at	2026-05-12T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30384
published_at	2026-04-02T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.3043
published_at	2026-04-04T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30242
published_at	2026-04-07T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30302
published_at	2026-04-08T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30337
published_at	2026-04-09T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30341
published_at	2026-04-11T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30297
published_at	2026-04-12T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30249
published_at	2026-04-13T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30264
published_at	2026-04-16T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30246
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-4088

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2362908
reference_id	2362908
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2362908

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-28

reference_id

mfsa2025-28

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-28

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-28/

reference_id

mfsa2025-28

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T15:47:16Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-28/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-31

reference_id

mfsa2025-31

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-31

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-31/

reference_id

mfsa2025-31

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T15:47:16Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-31/

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1953521

reference_id

show_bug.cgi?id=1953521

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T15:47:16Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1953521

reference_url	https://usn.ubuntu.com/7991-1/
reference_id	USN-7991-1
reference_type
scores
url	https://usn.ubuntu.com/7991-1/

Weaknesses

cwe_id	601
name	URL Redirection to Untrusted Site ('Open Redirect')
description	A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

Exploits

Severity_range_score 5.4 - 8.9

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gjz8-f5gu-17f6

Vulnerability Instance