Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-mup7-wezz-gkgc

Summary When receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed.

Aliases

alias	CVE-2022-3032

Fixed_packages

url	pkg:deb/debian/thunderbird@0?distro=trixie
purl	pkg:deb/debian/thunderbird@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:102.2.1-1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:102.2.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.2.1-1%3Fdistro=trixie

url pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie

purl pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2fqb-r5zb-a7dp

vulnerability	VCID-3a6f-173h-fqbz

vulnerability	VCID-3kv6-c148-nkhq

vulnerability	VCID-4e49-6tg2-e7d9

vulnerability	VCID-59d3-343b-e3aw

vulnerability	VCID-61r1-arbe-dke4

vulnerability	VCID-7jt2-zr49-7ye5

vulnerability	VCID-95et-ezmb-buau

vulnerability	VCID-9nbw-7c9e-13af

vulnerability	VCID-av7u-3g4m-mugm

vulnerability	VCID-bwth-uepr-z7a3

vulnerability	VCID-cjsm-7gxr-8ygw

vulnerability	VCID-d16s-p141-qbft

vulnerability	VCID-fxjm-ywug-f3d5

vulnerability	VCID-hk2m-rbdy-nqhc

vulnerability	VCID-ma29-qa7e-9qb4

vulnerability	VCID-nge1-4cvg-zqb2

vulnerability	VCID-nyum-jpbc-abew

vulnerability	VCID-p6yz-xs58-u3gm

vulnerability	VCID-pfmd-zv8f-8bfc

vulnerability	VCID-pszh-x9gd-xyg4

vulnerability	VCID-q689-wneh-hbdq

vulnerability	VCID-q8qp-5szp-mfe8

vulnerability	VCID-ruqn-mk9t-57hb

vulnerability	VCID-tv7r-qf2c-dqbm

vulnerability	VCID-ufku-v5vq-4yef

vulnerability	VCID-w98r-yagc-kkec

vulnerability	VCID-z6tm-b352-5uhk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie

url pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie

purl pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3a6f-173h-fqbz

vulnerability	VCID-4e49-6tg2-e7d9

vulnerability	VCID-pszh-x9gd-xyg4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie

purl pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3a6f-173h-fqbz

vulnerability	VCID-4e49-6tg2-e7d9

vulnerability	VCID-pszh-x9gd-xyg4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie

purl pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5dw5-vpt8-zqbz

vulnerability	VCID-9ag7-z86d-nba9

vulnerability	VCID-qbzp-euvv-q7c7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie

url pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie

purl pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2fqb-r5zb-a7dp

vulnerability	VCID-3kv6-c148-nkhq

vulnerability	VCID-59d3-343b-e3aw

vulnerability	VCID-61r1-arbe-dke4

vulnerability	VCID-7jt2-zr49-7ye5

vulnerability	VCID-95et-ezmb-buau

vulnerability	VCID-9nbw-7c9e-13af

vulnerability	VCID-av7u-3g4m-mugm

vulnerability	VCID-bwth-uepr-z7a3

vulnerability	VCID-cjsm-7gxr-8ygw

vulnerability	VCID-d16s-p141-qbft

vulnerability	VCID-fxjm-ywug-f3d5

vulnerability	VCID-hk2m-rbdy-nqhc

vulnerability	VCID-ma29-qa7e-9qb4

vulnerability	VCID-nge1-4cvg-zqb2

vulnerability	VCID-nyum-jpbc-abew

vulnerability	VCID-p6yz-xs58-u3gm

vulnerability	VCID-pfmd-zv8f-8bfc

vulnerability	VCID-q689-wneh-hbdq

vulnerability	VCID-q8qp-5szp-mfe8

vulnerability	VCID-ruqn-mk9t-57hb

vulnerability	VCID-tv7r-qf2c-dqbm

vulnerability	VCID-w98r-yagc-kkec

vulnerability	VCID-z6tm-b352-5uhk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie

url pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie

purl pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3a6f-173h-fqbz

vulnerability	VCID-4e49-6tg2-e7d9

vulnerability	VCID-pszh-x9gd-xyg4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie

Affected_packages

url pkg:rpm/redhat/thunderbird@102.3.0-3?arch=el8_1

purl pkg:rpm/redhat/thunderbird@102.3.0-3?arch=el8_1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-135c-h34e-tye5

vulnerability	VCID-1jvh-anus-rfeg

vulnerability	VCID-4m2d-td6c-ukd4

vulnerability	VCID-6dgw-qbue-nqax

vulnerability	VCID-bxrh-7kwf-p3at

vulnerability	VCID-c5b5-beuj-z3gh

vulnerability	VCID-cw2e-p5x2-j7fu

vulnerability	VCID-kf1h-zg32-1yh4

vulnerability	VCID-mup7-wezz-gkgc

vulnerability	VCID-qy44-ubss-x7et

vulnerability	VCID-uvzd-dxhu-hydg

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thunderbird@102.3.0-3%3Farch=el8_1

url pkg:rpm/redhat/thunderbird@102.3.0-3?arch=el9_0

purl pkg:rpm/redhat/thunderbird@102.3.0-3?arch=el9_0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-135c-h34e-tye5

vulnerability	VCID-1jvh-anus-rfeg

vulnerability	VCID-4m2d-td6c-ukd4

vulnerability	VCID-6dgw-qbue-nqax

vulnerability	VCID-bxrh-7kwf-p3at

vulnerability	VCID-c5b5-beuj-z3gh

vulnerability	VCID-cw2e-p5x2-j7fu

vulnerability	VCID-kf1h-zg32-1yh4

vulnerability	VCID-mup7-wezz-gkgc

vulnerability	VCID-qy44-ubss-x7et

vulnerability	VCID-uvzd-dxhu-hydg

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thunderbird@102.3.0-3%3Farch=el9_0

url pkg:rpm/redhat/thunderbird@102.3.0-3?arch=el8_4

purl pkg:rpm/redhat/thunderbird@102.3.0-3?arch=el8_4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-135c-h34e-tye5

vulnerability	VCID-1jvh-anus-rfeg

vulnerability	VCID-4m2d-td6c-ukd4

vulnerability	VCID-6dgw-qbue-nqax

vulnerability	VCID-bxrh-7kwf-p3at

vulnerability	VCID-c5b5-beuj-z3gh

vulnerability	VCID-cw2e-p5x2-j7fu

vulnerability	VCID-kf1h-zg32-1yh4

vulnerability	VCID-mup7-wezz-gkgc

vulnerability	VCID-qy44-ubss-x7et

vulnerability	VCID-uvzd-dxhu-hydg

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thunderbird@102.3.0-3%3Farch=el8_4

url pkg:rpm/redhat/thunderbird@102.3.0-3?arch=el8_6

purl pkg:rpm/redhat/thunderbird@102.3.0-3?arch=el8_6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-135c-h34e-tye5

vulnerability	VCID-1jvh-anus-rfeg

vulnerability	VCID-4m2d-td6c-ukd4

vulnerability	VCID-6dgw-qbue-nqax

vulnerability	VCID-bxrh-7kwf-p3at

vulnerability	VCID-c5b5-beuj-z3gh

vulnerability	VCID-cw2e-p5x2-j7fu

vulnerability	VCID-kf1h-zg32-1yh4

vulnerability	VCID-mup7-wezz-gkgc

vulnerability	VCID-qy44-ubss-x7et

vulnerability	VCID-uvzd-dxhu-hydg

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thunderbird@102.3.0-3%3Farch=el8_6

url pkg:rpm/redhat/thunderbird@102.3.0-3?arch=el8_2

purl pkg:rpm/redhat/thunderbird@102.3.0-3?arch=el8_2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-135c-h34e-tye5

vulnerability	VCID-1jvh-anus-rfeg

vulnerability	VCID-4m2d-td6c-ukd4

vulnerability	VCID-6dgw-qbue-nqax

vulnerability	VCID-bxrh-7kwf-p3at

vulnerability	VCID-c5b5-beuj-z3gh

vulnerability	VCID-cw2e-p5x2-j7fu

vulnerability	VCID-kf1h-zg32-1yh4

vulnerability	VCID-mup7-wezz-gkgc

vulnerability	VCID-qy44-ubss-x7et

vulnerability	VCID-uvzd-dxhu-hydg

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thunderbird@102.3.0-3%3Farch=el8_2

url pkg:rpm/redhat/thunderbird@102.3.0-3?arch=el7_9

purl pkg:rpm/redhat/thunderbird@102.3.0-3?arch=el7_9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-135c-h34e-tye5

vulnerability	VCID-1jvh-anus-rfeg

vulnerability	VCID-4m2d-td6c-ukd4

vulnerability	VCID-6dgw-qbue-nqax

vulnerability	VCID-bxrh-7kwf-p3at

vulnerability	VCID-c5b5-beuj-z3gh

vulnerability	VCID-cw2e-p5x2-j7fu

vulnerability	VCID-kf1h-zg32-1yh4

vulnerability	VCID-mup7-wezz-gkgc

vulnerability	VCID-qy44-ubss-x7et

vulnerability	VCID-uvzd-dxhu-hydg

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thunderbird@102.3.0-3%3Farch=el7_9

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3032.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3032.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-3032

reference_id

reference_type

scores

value	0.00407
scoring_system	epss
scoring_elements	0.6127
published_at	2026-05-14T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61168
published_at	2026-04-29T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61116
published_at	2026-05-05T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61165
published_at	2026-05-07T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61225
published_at	2026-05-09T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61186
published_at	2026-05-11T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61213
published_at	2026-05-12T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61097
published_at	2026-04-02T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61125
published_at	2026-04-04T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61091
published_at	2026-04-07T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61139
published_at	2026-04-08T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61155
published_at	2026-04-09T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61175
published_at	2026-04-11T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61162
published_at	2026-04-12T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61143
published_at	2026-04-13T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61183
published_at	2026-04-16T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61189
published_at	2026-04-18T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.6117
published_at	2026-04-21T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61159
published_at	2026-04-24T12:55:00Z

value	0.00407
scoring_system	epss
scoring_elements	0.61174
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-3032

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2123255
reference_id	2123255
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2123255

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-38

reference_id

mfsa2022-38

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-38

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-38/

reference_id

mfsa2022-38

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-09T19:56:21Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-38/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-39

reference_id

mfsa2022-39

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-39

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-39/

reference_id

mfsa2022-39

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-09T19:56:21Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-39/

reference_url	https://access.redhat.com/errata/RHSA-2022:6708
reference_id	RHSA-2022:6708
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6708

reference_url	https://access.redhat.com/errata/RHSA-2022:6710
reference_id	RHSA-2022:6710
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6710

reference_url	https://access.redhat.com/errata/RHSA-2022:6713
reference_id	RHSA-2022:6713
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6713

reference_url	https://access.redhat.com/errata/RHSA-2022:6715
reference_id	RHSA-2022:6715
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6715

reference_url	https://access.redhat.com/errata/RHSA-2022:6716
reference_id	RHSA-2022:6716
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6716

reference_url	https://access.redhat.com/errata/RHSA-2022:6717
reference_id	RHSA-2022:6717
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6717

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1783831

reference_id

show_bug.cgi?id=1783831

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-09T19:56:21Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1783831

reference_url	https://usn.ubuntu.com/5663-1/
reference_id	USN-5663-1
reference_type
scores
url	https://usn.ubuntu.com/5663-1/

Weaknesses

cwe_id	1021
name	Improper Restriction of Rendered UI Layers or Frames
description	The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.

Exploits

Severity_range_score 6.1 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mup7-wezz-gkgc

Vulnerability Instance